Neu Cyber Threats – 8th April 2021
The Ragnarok ransomware gang has struck again. In the latest wave of attacks, Ragnarok has exfiltrated 40 gigabytes of data from the luxury Italian men’s clothing line, Boggi Milano, including HR and salary details.
Monitoring of the Dark Web has found that the files leaked by Ragnarok include found payroll files, payment PDFs, vouchers, tax documents and more. The attack proves that any kind of business in any industry can be targeted by cyber criminals in 2021; if cyber criminals sense a weakness they will test it as they continue to take advantage of businesses for financial gain.
In this specific case, the ransom issued by Ragnarok has not yet been disclosed, but the figure is usually in the region of thousands of pounds, and while Boggi Milano’s website is still up and running, the fashion brand is working with Italian authorities regarding the crime.
Although the impact on the operation of the business appears to be small, the loss of roughly 40GB of data, potentially including that of customers and employees, can be significant. Fines from data breaches which include this type of data can be significant, and as a global organisation, fines could be imposed from several territories whose citizens have been affected.
According to researchers, ransomware attacks have spiked by 350% in just three years. By implementing a BCDR plan, with integrated solutions that back up confidential company data, as well as Phishing Awareness Training to prevent data breaches in the first instance, a company is covering its back in more ways than one. By talking to an expert Managed Service Provider, such as Neuways, a business can help secure their futures. Call Neuways on 01283 753 333 or email firstname.lastname@example.org to discuss preventative measures.
A threat group called Golden Chickens has been targeting professionals on LinkedIn through a spear-phishing campaign, which sends victims fake job offers. The phishing emails try to trick a victim into clicking on a malicious ZIP file, by picking up the victim’s current job title and adding the word ‘position’ at the end, which makes it appear like a legitimate offer. Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.
Once downloaded, this backdoor can fetch additional malware and provide access to the victim’s system. Not only are LinkedIn users being targeted by the Golden Chickens group, but they are also selling more_eggs, as malware-as-a-service to other cyber criminals, who use it to gain a foothold in victim’s systems to install other types of malware, including banking malware, credential stealers and ransomware, or just to exfiltrate data.
This isn’t the first use of more_eggs by cyber criminals, though. Groups including FIN6, Cobalt Group and Evilnum have each used the more_eggs malware as a service for their own purposes. Financial threat gang FIN6 used the malware to target e-commerce businesses in 2019, while other attackers used it to breach several industries, such as retail, entertainment and pharmaceutical companies’ online payments systems.
With this specific LinkedIn attack, rather than attack someone who is unemployed, it is thought that the goal of the campaign is to dupe people who are employed and have access to sensitive company data. It could give cyber criminals intel on infiltrating a future network, with current remote working practices meaning that many personal and work devices are co-existing on the same shared network.
Neuways advises all LinkedIn users to be wary of spear-phishing scams and consider any approaches they receive out of the blue, regarding job vacancies.