cybersecurity news

The Ever-Expanding Threat Landscape: Top Cybersecurity News from the Week of Oct 31st

Heading towards the Christmas season, we are seeing a storm in the cyber landscape as attacks and vulnerabilities continue to grow. While the industry is still trying to control the record-breaking spree of ransomware, other attacks are also ramping up. 

Here are some of the most notable cybersecurity news from the week:

ENISA releases the annual Threat Landscape Report for 2022

The European Union Agency for Cybersecurity has released the annual threat landscape report.  This is the 10th edition of the report that covers a period of reporting starting from July 2021 up to July 2022.

Ransomware was a key focus of the report, suggesting that over 10 terabytes of data have been stolen monthly due to ransomware. Phishing has been identified as the most common initial vector for such attacks, followed by DDoS. The report also highlighted that 60% of affected organisations may have paid ransom demands. 

The report also suggested that there has been an escalation in AI-enabled disinformation, deepfakes and disinformation-as-a-service. Moreover, third-party incidents accounted for 17% of all intrusions this year.

Typosquat campaigns on the rise

Also known as URL hijacking, typosquatting is one of the oldest methods of social engineering in the cyber world, and it’s on the rise again. It’s a type of attack where the threat actors mimic legitimate websites by slightly changing the spelling to trick the user into entering a malicious site. 

According to multiple reports, a massive malicious campaign is underway using over 200 typosquatting domains that impersonate 27 major brands to trick visitors into downloading various Windows and Android malware. The domains used in this campaign are almost identical to the authentic ones, featuring only a single letter change in the domain names – making them easy for regular users to miss. 

Victims are typically ending up on these malicious sites by mistyping the site name they want to visit, or through targeted phishing emails and SMS scams. Cyber intelligence firm Cyble discovered some of the most common malicious sites used in this campaign, which are: 

  • payce-google[.]com – impersonates Google Wallet
  • snanpckat-apk[.]com – impersonates Snapchat
  • vidmates-app[.]com – impersonates VidMate
  • paltpal-apk[.]com – impersonates PayPal
  • m-apkpures[.]com – impersonates APKPure
  • tlktok-apk[.]link – impersonates download portal for TikTok app

Malicious Chrome extensions reach over 1 million installs

Malvertising is the use of online advertising to spread malware, and a project named Dormant Colors is doing this to promote several malicious extensions for Google Chrome. 

According to the researchers of Guardio Labs, these extensions offer colour customization options for the browser. In the initial state, the extensions don’t have any malicious code, but later malicious snippets are added to the code once they are installed on the user’s browser. The researchers found 30 instances of such extensions on both Chrome and Edge web stores, with a total of more than 1 million installs. 

For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.

 

Back to Knowledge Hub