It was a banner week for cybercriminals and a difficult one for defenders. Lots of of organizations noticed menace actors exploit important flaws of their Microsoft SharePoint servers, with extra malicious hackers piling on and assaults nonetheless ongoing.
In the meantime, simply two months after a serious FBI takedown, Lumma malware-as-a-service operations not solely seem to have totally recovered, however are stealthier and more practical than ever. And the progressive Coyote banking Trojan has damaged new technical floor by weaponizing Home windows accessibility options in opposition to customers.
Collectively, these tales spotlight the opportunism, adaptability, resilience and ingenuity of at present’s cyberthreats — and the important significance of countermeasures, resembling immediate patching and frequent safety consciousness coaching.
Learn extra about an eventful week in cybercrime.
Ongoing SharePoint assaults hit tons of of Microsoft prospects
Microsoft prospects with on-premises SharePoint servers are dealing with an enormous wave of ongoing cyberattacks that started in early July and escalated prior to now week.
The intrusions exploit an assault chain dubbed ToolShell, a sequence combining distant code injection and community spoofing flaws. Attackers have reportedly used the vulnerabilities to compromise tons of of SharePoint prospects worldwide, together with the U.S. Nationwide Nuclear Safety Administration and the Division of Homeland Safety.
Based on Microsoft, three Chinese language nation-state menace actors have been among the many first to provoke ToolShell assaults in early July. Extra lately, one of many teams additionally started utilizing the vulnerability sequence in ongoing ransomware assaults.
Microsoft launched an emergency out-of-band safety replace on July 19. The patch covers SharePoint Subscription Version, SharePoint 2019 and SharePoint 2016. Researchers warned that extra menace actors may be part of the continued assault marketing campaign, making speedy patching important for all SharePoint prospects.
The vulnerabilities don’t have an effect on the Microsoft 365 model of SharePoint On-line.
Learn the complete story by David Jones on Cybersecurity Dive.
Lumma stealer malware returns after FBI takedown
The infamous Lumma malware — which goals to steal delicate info, resembling credentials and cryptocurrency pockets info — has quickly resurfaced following its FBI takedown in Could. Pattern Micro researchers stated Lumma menace actors’ exercise appeared to have returned to regular ranges between June and July, though their techniques have gotten stealthier and extra discreet.
Beforehand, Lumma operators relied closely on Cloudflare’s infrastructure to cover their malicious domains. Now, nonetheless, they’re more and more turning to suppliers which can be much less beholden to U.S. legislation enforcement, resembling Russia-based Selectel.
Lumma distribution strategies are additionally evolving, with current assaults utilizing pretend cracked software program, ClickFix campaigns with misleading CAPTCHA pages, AI-generated GitHub repositories, and social media campaigns on YouTube and Fb.
Learn the complete story by Elizabeth Montalbano on Darkish Studying.
Coyote breaks new floor by exploiting Home windows UI Automation
The banking Trojan Coyote, energetic in Latin America since February 2024, has pioneered a brand new assault technique by exploiting the Home windows UI Automation framework to steal banking credentials. This marks the primary identified occasion of malware abusing this official accessibility function designed to assist individuals with disabilities work together with Home windows programs.
Lively primarily in Brazil, Coyote has focused customers of 75 banks and cryptocurrency exchanges. The malware beneficial properties preliminary entry via malicious LNK information in phishing emails, then displays browser exercise for banking web sites.
Coyote is especially harmful due to its capacity to operate offline and use UI Automation to extract delicate info from browser tabs in a extra dependable method than conventional strategies. It exemplifies how attackers’ methods proceed to evolve to outpace safety measures.
Learn the complete story by Jai Vijayan on Darkish Studying.
Editor’s word: An editor used AI instruments to help within the technology of this information transient. Our professional editors all the time overview and edit content material earlier than publishing.
Alissa Irei is senior web site editor of Informa TechTarget’s SearchSecurity.
