HomeRisk ManagementsALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

ALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

Published on

spot_img

The notorious ALPHV/BlackCat ransomware has been found to be using Google Ads as a method of distributing malware. According to eSentire’s Threat Response Unit (TRU), the gang behind the $100m MGM Resorts breach and the leaking of sensitive images of breast cancer patients has now expanded its attack methods to include malvertising.

The security firm intercepted and thwarted attempts by ALPHV/BlackCat affiliates to breach a law firm, a manufacturer, and a warehouse provider within the past three weeks. The group is part of a cybercrime economy with specialized roles, evolving from experienced ransomware operators like REvil, DarkSide, and BlackMatter, with affiliates supporting ALPHV/BlackCat including FIN7, UNC2565, and Scattered Spider.

The new tactic observed by eSentire involves using Google Ads to promote popular software like Advanced IP Scanner and Slack, leading business professionals to attacker-controlled websites. These professionals, believing they are downloading legitimate software, unknowingly install the Nitrogen malware, which serves as initial-access malware. This provides intruders with a foothold in the target organization’s IT environment, allowing the hackers to infect the victim with ALPHV/BlackCat ransomware.

Understanding the severity of the situation, Keegan Keplinger, a senior threat intelligence researcher with TRU, explained that the Nitrogen malware leverages obfuscated Python libraries that compile to Windows executables. These libraries, which are useful for legitimate use cases such as optimizing Python code, are being used to develop malicious malware loaders that can load intrusion tools directly into memory. This indicates a concerning trend in the rise of browser-based cyber-threats, where users unknowingly download malware while browsing.

To address this growing threat, Keplinger emphasized the need for user awareness training to extend beyond email attachments and encompass the risk of browser-based downloads. In response to the eSentire advisory, organizations are recommended to focus on endpoint monitoring, capture and monitor logs for systems not supporting endpoint monitoring, and implement attack surface reduction rules to mitigate browser-based attacks.

The criminal origins of the ALPHV/BlackCat group, along with its connections to former ransomware groups and recent high-profile attacks on MGM Resorts, McClaren Health Care, Clarion, and Motel One, further emphasize the urgency for enhanced cybersecurity measures. This highlights the importance of organizations being proactive in implementing robust cybersecurity measures to protect against the evolving tactics of cybercriminals.

In conclusion, the use of Google Ads by the ALPHV/BlackCat ransomware group to distribute malware serves as a reminder of the ever-evolving nature of cyber threats and the need for organizations to continually adapt and enhance their cybersecurity measures to stay ahead of malicious actors.

Source link

Latest articles

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...

Governments to Enterprises: Enhance Your Router Security Practices

Cybersecurity Vulnerabilities Rise as Actors Exploit Cisco Flaws Recent reports have highlighted a concerning trend...

Small AI Models Reduce Data Classification Costs

Advances in Small Language Models: Sentra CEO Yoav Regev Highlights New Possibilities In a recent...

US Authorities Alert to Russian Threats Against Critical Infrastructure

In a recent advisory, authorities from the United States—specifically, the National Security Agency (NSA),...

More like this

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...

Governments to Enterprises: Enhance Your Router Security Practices

Cybersecurity Vulnerabilities Rise as Actors Exploit Cisco Flaws Recent reports have highlighted a concerning trend...

Small AI Models Reduce Data Classification Costs

Advances in Small Language Models: Sentra CEO Yoav Regev Highlights New Possibilities In a recent...