It was a banner week for cybercriminals and a difficult one for defenders. Lots of of organizations noticed menace actors exploit essential flaws of their Microsoft SharePoint servers, with extra malicious hackers piling on and assaults nonetheless ongoing.
In the meantime, simply two months after a significant FBI takedown, Lumma malware-as-a-service operations not solely seem to have absolutely recovered, however are stealthier and simpler than ever. And the modern Coyote banking Trojan has damaged new technical floor by weaponizing Home windows accessibility options in opposition to customers.
Collectively, these tales spotlight the opportunism, adaptability, resilience and ingenuity of right this moment’s cyberthreats — and the essential significance of countermeasures, reminiscent of immediate patching and frequent safety consciousness coaching.
Learn extra about an eventful week in cybercrime.
Ongoing SharePoint assaults hit a whole bunch of Microsoft prospects
Microsoft prospects with on-premises SharePoint servers are going through an enormous wave of ongoing cyberattacks that started in early July and escalated previously week.
The intrusions exploit an assault chain dubbed ToolShell, a sequence combining distant code injection and community spoofing flaws. Attackers have reportedly used the vulnerabilities to compromise a whole bunch of SharePoint prospects worldwide, together with the U.S. Nationwide Nuclear Safety Administration and the Division of Homeland Safety.
In keeping with Microsoft, three Chinese language nation-state menace actors have been among the many first to provoke ToolShell assaults in early July. Extra lately, one of many teams additionally started utilizing the vulnerability sequence in ongoing ransomware assaults.
Microsoft launched an emergency out-of-band safety replace on July 19. The patch covers SharePoint Subscription Version, SharePoint 2019 and SharePoint 2016. Researchers warned that extra menace actors may be a part of the continuing assault marketing campaign, making quick patching essential for all SharePoint prospects.
The vulnerabilities don’t have an effect on the Microsoft 365 model of SharePoint On-line.
Learn the complete story by David Jones on Cybersecurity Dive.
Lumma stealer malware returns after FBI takedown
The infamous Lumma malware — which goals to steal delicate info, reminiscent of credentials and cryptocurrency pockets info — has quickly resurfaced following its FBI takedown in Might. Development Micro researchers stated Lumma menace actors’ exercise appeared to have returned to regular ranges between June and July, though their techniques have gotten stealthier and extra discreet.
Beforehand, Lumma operators relied closely on Cloudflare’s infrastructure to cover their malicious domains. Now, nevertheless, they’re more and more turning to suppliers which might be much less beholden to U.S. legislation enforcement, reminiscent of Russia-based Selectel.
Lumma distribution strategies are additionally evolving, with current assaults utilizing pretend cracked software program, ClickFix campaigns with misleading CAPTCHA pages, AI-generated GitHub repositories, and social media campaigns on YouTube and Fb.
Learn the complete story by Elizabeth Montalbano on Darkish Studying.
Coyote breaks new floor by exploiting Home windows UI Automation
The banking Trojan Coyote, energetic in Latin America since February 2024, has pioneered a brand new assault methodology by exploiting the Home windows UI Automation framework to steal banking credentials. This marks the primary recognized occasion of malware abusing this professional accessibility characteristic designed to assist individuals with disabilities work together with Home windows programs.
Energetic primarily in Brazil, Coyote has focused customers of 75 banks and cryptocurrency exchanges. The malware positive factors preliminary entry via malicious LNK recordsdata in phishing emails, then screens browser exercise for banking web sites.
Coyote is especially harmful due to its capacity to operate offline and use UI Automation to extract delicate info from browser tabs in a extra dependable approach than conventional strategies. It exemplifies how attackers’ methods proceed to evolve to outpace safety measures.
Learn the complete story by Jai Vijayan on Darkish Studying.
Editor’s be aware: An editor used AI instruments to help within the technology of this information transient. Our skilled editors at all times evaluation and edit content material earlier than publishing.
Alissa Irei is senior website editor of Informa TechTarget’s SearchSecurity.
