Friday Five: The Ongoing Ransomware War, New and Emerging Attacks, & More

LOW-DRAMA ‘DARK ANGELS’ REAP RECORD RANSOMS BY BRIAN KREBS

The ransomware group Dark Angels recently received a record $75 million ransom payment from a Fortune 50 company, making headlines despite their usually low profile. Operating since 2021, Dark Angels focuses on mass data theft rather than disrupting operations, typically avoiding the ransomware affiliate model and only launching a victim leak site, Dunghill Leak, in April 2023. In this instance, a recently breached pharmaceutical giant is suspected of being the victim of the record ransom payment. The possibly Russia-based Dark Angels group steals vast amounts of data, particularly from large organizations, having reportedly exfiltrated up to 100 terabytes on some occasions. The average ransomware payment has surged fivefold in the past year, with most funding coming from organizations themselves and insurance providers.

Read more

CHINA'S EVASIVE PANDA ATTACKS ISP TO SEND MALICIOUS SOFTWARE UPDATES BY ELIZABETH MONTALBANO

A China-linked APT group, Evasive Panda (aka StormBamboo/DaggerFly), used DNS poisoning to compromise an ISP and exploit software update mechanisms, delivering backdoor malware to steal sensitive data. Detected by researchers in mid-2023, the attack targeted software with insecure update mechanisms, redirecting update requests to attacker-controlled servers hosting malicious files. Evasive Panda, known for targeting organizations in Asia, has previously used similar tactics to hijack legitimate software update channels. The attack underscores the group’s high skill level, and researchers provided indicators of compromise to help organizations detect if they were affected.

Read more

MICROSOFT 365 ANTI-PHISHING FEATURE CAN BE BYPASSED WITH CSS BY BILL TOULAS

Researchers discovered a method to bypass Microsoft's "First Contact Safety Tip" in Outlook, which warns users about emails from unfamiliar contacts, by manipulating CSS in the email's HTML. This technique hides the safety alert, increasing the risk of users opening phishing emails. Moreover, the researchers also found ways to spoof security icons in emails, making them appear more legitimate. Despite the potential risks, Microsoft decided not to address the issue immediately and instead emphasized the importance of practicing caution online, stating that it doesn't meet its severity threshold and relies on social engineering.

Read more

INTELLIGENCE BILL WOULD ELEVATE RANSOMWARE TO A TERRORIST THREAT BY CYNTHIA BRUMFIELD

The Senate Intelligence Committee has proposed a bill that would treat ransomware like terrorism if passed, elevating it to a national intelligence priority. The bill, led by Chairman Mark Warner, seeks to name and brand ransomware groups as "hostile foreign cyber actors," designate countries that harbor these groups as "state sponsors of ransomware," and impose sanctions on them. While supporters argue this move sends a strong signal, critics doubt its effectiveness, as many of these countries already face heavy sanctions. The bill's approach reflects an increasing urgency in the U.S. to address the growing threat of ransomware attacks.

Read more

RUSSIA'S PRIORITIES IN PRISONER SWAP SUGGEST CYBER FOCUS BY ROBERT LEMOS

In a significant prisoner exchange, the U.S. and its allies traded eight convicted Russian nationals, including cybercriminals Vladislav Klyushin and Roman Seleznev, for 16 Americans and Europeans, highlighting Russia's prioritization of cyber operations. Klyushin was involved in a rare "hack-to-trade" scheme, while Seleznev pioneered an automated portal for selling stolen credit card data. Despite concerns that such exchanges may encourage rogue governments to arrest foreign citizens, experts argue that law enforcement will continue to pursue cybercriminals as usual, with no major changes expected in their strategies.

Read more