HomeRisk ManagementsALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

ALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

Published on

spot_img

The notorious ALPHV/BlackCat ransomware has been found to be using Google Ads as a method of distributing malware. According to eSentire’s Threat Response Unit (TRU), the gang behind the $100m MGM Resorts breach and the leaking of sensitive images of breast cancer patients has now expanded its attack methods to include malvertising.

The security firm intercepted and thwarted attempts by ALPHV/BlackCat affiliates to breach a law firm, a manufacturer, and a warehouse provider within the past three weeks. The group is part of a cybercrime economy with specialized roles, evolving from experienced ransomware operators like REvil, DarkSide, and BlackMatter, with affiliates supporting ALPHV/BlackCat including FIN7, UNC2565, and Scattered Spider.

The new tactic observed by eSentire involves using Google Ads to promote popular software like Advanced IP Scanner and Slack, leading business professionals to attacker-controlled websites. These professionals, believing they are downloading legitimate software, unknowingly install the Nitrogen malware, which serves as initial-access malware. This provides intruders with a foothold in the target organization’s IT environment, allowing the hackers to infect the victim with ALPHV/BlackCat ransomware.

Understanding the severity of the situation, Keegan Keplinger, a senior threat intelligence researcher with TRU, explained that the Nitrogen malware leverages obfuscated Python libraries that compile to Windows executables. These libraries, which are useful for legitimate use cases such as optimizing Python code, are being used to develop malicious malware loaders that can load intrusion tools directly into memory. This indicates a concerning trend in the rise of browser-based cyber-threats, where users unknowingly download malware while browsing.

To address this growing threat, Keplinger emphasized the need for user awareness training to extend beyond email attachments and encompass the risk of browser-based downloads. In response to the eSentire advisory, organizations are recommended to focus on endpoint monitoring, capture and monitor logs for systems not supporting endpoint monitoring, and implement attack surface reduction rules to mitigate browser-based attacks.

The criminal origins of the ALPHV/BlackCat group, along with its connections to former ransomware groups and recent high-profile attacks on MGM Resorts, McClaren Health Care, Clarion, and Motel One, further emphasize the urgency for enhanced cybersecurity measures. This highlights the importance of organizations being proactive in implementing robust cybersecurity measures to protect against the evolving tactics of cybercriminals.

In conclusion, the use of Google Ads by the ALPHV/BlackCat ransomware group to distribute malware serves as a reminder of the ever-evolving nature of cyber threats and the need for organizations to continually adapt and enhance their cybersecurity measures to stay ahead of malicious actors.

Source link

Latest articles

Webinar: The Infrastructure Decisions Shaping the Next Five Years

Webinar Explores Infrastructure Decisions Shaping the Next Five Years In a recent webinar titled "The...

Blip – Free Cross-Platform File Sharing App

New File-Sharing Application 'Blip' Revolutionizes Device-to-Device Transfers A groundbreaking file-sharing application named Blip has emerged,...

Your Security Data May Be Going Places You Don’t Know Webinar

ISMG Registration Process: Empowering Users to Stay Informed In a significant move to engage users,...

Hackers Compromise C++ and C# Project Files to Distribute Multi-Stage Windows Backdoor

New Trojan Turns Visual Studio Projects into Software Supply Chain Attack Vectors In an alarming...

More like this

Webinar: The Infrastructure Decisions Shaping the Next Five Years

Webinar Explores Infrastructure Decisions Shaping the Next Five Years In a recent webinar titled "The...

Blip – Free Cross-Platform File Sharing App

New File-Sharing Application 'Blip' Revolutionizes Device-to-Device Transfers A groundbreaking file-sharing application named Blip has emerged,...

Your Security Data May Be Going Places You Don’t Know Webinar

ISMG Registration Process: Empowering Users to Stay Informed In a significant move to engage users,...