Phishing attacks rely on the best defense mechanisms to target as many individuals as possible. In this attempt, phishers have now been observed using Morse code as a part of their latest obfuscation technique to hide malicious URLs in email attachments.
Another novel evasion technique has been observed in the recently discovered Zeoticus 2.0 ransomware. The malware is designed in such a manner that it does not depend on the C2 server for communication. Moreover, it targets all countries except Russia, Belarus, and Kyrgyzstan.
Top Breaches Reported in the Last 24 Hours
Sri Lankan domains defaced
Hacktivists have hijacked and defaced the DNS records
of several Sri Lankan websites that include Google.lk and Oracle.lk. Users visiting these sites are redirected to web pages detailing various social issues impacting the local population. The attack took place on February 6.
SN Servicing Corp notifies about an attack
Mortgage loan servicing company SN Servicing Corporation
has disclosed a ransomware attack that affected its systems. Although attack details are not known, a preliminary investigation identifies the compromised data includes billing statements and fee notices of customers from 2018.
WestRock struggles from the attack
is struggling to recover from a ransomware attack that occurred on January 23. Although the company hasn’t shared any details about the attack, it has proactively shut down certain systems to enhance its cybersecurity posture.
Top Malware Reported in the Last 24 Hours
Zeoticus 2.0 ransomware
Zeoticus 2.0 ransomware
has emerged on the threat landscape that has no dependence on a C2 server. It relies on faster encryption algorithms such as XChaCha20, Poly1305, XSalsa202, and Curve25519. It is also worth noting that the malware is designed not to function in some regions such as Russia, Belarus, and Kyrgyzstan.
New obfuscation technique
A new phishing attack campaign
has been observed using Morse code to hide malicious URLs in an email attachment. The ultimate goal is to bypass secure email gateways or mail filters during the infection process.
Ziggy ransomware shuts down
The Ziggy ransomware
has shut down its operation and released decryption keys for its victims. The ransomware operators announced the shut down on Telegram.
Iranian threat actor group, Charming Kitten
, has been linked with a massive cyberespionage campaign that involves the use of Furball spyware. Target individuals could include regime dissidents, civil rights activists, journalists, and lawyers. The spyware is distributed via malicious wallpaper and gaming apps.