Ransomware Gangs Running Rampant: Top Cybersecurity News from the Week of Nov 21st
As we approach the year-end, a new range of threats has been identified in the security landscape. From major Android exploits to new ransomware gangs, threat actors aren’t slowing down for the holiday season. Here are some of the most notable cybersecurity news from the week:
Ransomware everywhere
It’s safe to say that ransomware attacks are not slowing down, rather with new gangs entering the scene, we are seeing a wide range of diversified attacks across several industries.
A ransomware gang called the Daixin Team has leaked sensitive data belonging to AirAsia, a major airline operator in South East Asia. The development comes a little over a week after the company fell victim to a ransomware attack in the second week of November. The threat actors claim to have obtained the personal data associated with five million unique passengers and all its employees. The samples uploaded to the leak site reveal passenger information, the booking IDs, and personal data related to the company’s staff.
Another ransomware gang called ‘Black Basta’ are continuously breaching multiple private companies across the US using the Qakbot malware.
“In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization’s network,” Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a media report.
This is not the first time the ransomware crew has been observed using Qakbot (aka QBot, QuackBot, or Pinkslipbot). Last month, Trend Micro disclosed similar attacks that entailed the use of Qakbot to deliver the Brute Ratel C4 framework, which, in turn, was leveraged to drop Cobalt Strike. Black Basta remains a highly active ransomware actor. According to data gathered by Malwarebytes, the ransomware cartel successfully targeted 25 companies in October 2022 alone.
Android file manager app infected with SharkBot malware
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace’s restrictions.
A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores.
Millions of Android users are at risk of mail GPU exploits
A set of five medium-severity security flaws in Arm’s Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022.
“These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo, and others). Devices with a Mali GPU are currently vulnerable,” said Project Zero researcher Ian Beer.
Successful exploitation of the flaws could permit an attacker with permission to execute native code in an app context to seize control of the system and bypass Android’s permissions model to gain broad access to user data.
For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.