HomeRisk ManagementsALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

ALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

Published on

spot_img

The notorious ALPHV/BlackCat ransomware has been found to be using Google Ads as a method of distributing malware. According to eSentire’s Threat Response Unit (TRU), the gang behind the $100m MGM Resorts breach and the leaking of sensitive images of breast cancer patients has now expanded its attack methods to include malvertising.

The security firm intercepted and thwarted attempts by ALPHV/BlackCat affiliates to breach a law firm, a manufacturer, and a warehouse provider within the past three weeks. The group is part of a cybercrime economy with specialized roles, evolving from experienced ransomware operators like REvil, DarkSide, and BlackMatter, with affiliates supporting ALPHV/BlackCat including FIN7, UNC2565, and Scattered Spider.

The new tactic observed by eSentire involves using Google Ads to promote popular software like Advanced IP Scanner and Slack, leading business professionals to attacker-controlled websites. These professionals, believing they are downloading legitimate software, unknowingly install the Nitrogen malware, which serves as initial-access malware. This provides intruders with a foothold in the target organization’s IT environment, allowing the hackers to infect the victim with ALPHV/BlackCat ransomware.

Understanding the severity of the situation, Keegan Keplinger, a senior threat intelligence researcher with TRU, explained that the Nitrogen malware leverages obfuscated Python libraries that compile to Windows executables. These libraries, which are useful for legitimate use cases such as optimizing Python code, are being used to develop malicious malware loaders that can load intrusion tools directly into memory. This indicates a concerning trend in the rise of browser-based cyber-threats, where users unknowingly download malware while browsing.

To address this growing threat, Keplinger emphasized the need for user awareness training to extend beyond email attachments and encompass the risk of browser-based downloads. In response to the eSentire advisory, organizations are recommended to focus on endpoint monitoring, capture and monitor logs for systems not supporting endpoint monitoring, and implement attack surface reduction rules to mitigate browser-based attacks.

The criminal origins of the ALPHV/BlackCat group, along with its connections to former ransomware groups and recent high-profile attacks on MGM Resorts, McClaren Health Care, Clarion, and Motel One, further emphasize the urgency for enhanced cybersecurity measures. This highlights the importance of organizations being proactive in implementing robust cybersecurity measures to protect against the evolving tactics of cybercriminals.

In conclusion, the use of Google Ads by the ALPHV/BlackCat ransomware group to distribute malware serves as a reminder of the ever-evolving nature of cyber threats and the need for organizations to continually adapt and enhance their cybersecurity measures to stay ahead of malicious actors.

Source link

Latest articles

New NadMesh Botnet Exploits Over 20 RCE Vectors to Compromise AI and MCP Infrastructure

NadMesh: A New Era of Industrial-Grade Botnets NadMesh has emerged as a significant threat in...

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

More like this

New NadMesh Botnet Exploits Over 20 RCE Vectors to Compromise AI and MCP Infrastructure

NadMesh: A New Era of Industrial-Grade Botnets NadMesh has emerged as a significant threat in...

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...