Sunday, April 28, 2024

Thingbots to Robinhoods: 8 Weird & Wacky New Cyberthreats

By PricillaWhite

The proliferation of digital devices might make it easier to access information than ever before, but it’s also helped bad actors do some pretty strange things. Take a look at these 8 highly unusual cyberthreats and ask yourself if your current attack surface is large enough that you’d fall prey to one. Some are shockingly destructive while others might just deserve a quick chuckle.

1. Windows API Exploits

Just like skillful application programmers, the developers of the so-called WastedLocker malware system have harnessed the power of the Windows API to access main memory from behind a buffer. The only problem is that they’re not doing it to serve you a spreadsheet or a help file. Rather, this attack uses memory-mapped I/O techniques to encrypt client data. Due to the fact that it uses a standard application interface, most users might not even be aware of the fact that anything is amiss.

2. Cryptojacking & Mining Exploits

If you’re looking at that subheading and asking yourself “just what is cryptojacking anyway?”, then you’re not alone. This is a new kind of attack that involves a bad actor injecting a script into a piece of discrete physical hardware when a user clicks an illegitimate link. This script then starts to mine for cryptocurrency tokens using the client’s microprocessor. In some cases, clearing a browser cache is enough to mitigate the problem.

3. more_eggs Archive Attacks

According to a report from eSentire, computer crackers connected with an organization sometimes called the Golden Chickens have been engaged in a malicious campaign that preys on those looking for a new job. Basically, these exploits involve a new form of social engineering where text messages are sent to an established professional that claims to offer them an academic or technical position. The message itself includes a spring-loaded zip archive containing a fileless piece of malware called more_eggs, which can allow arbitrary code execution on a device.

4. Vulnerable Driver Hijacks

In general, drivers and other pieces of middleware are often forgotten about by end-users. One ransomware family known as Robinhood uses a digitally signed legitimate driver to harness this forgotten part of the operating system to encrypt files with a nearly unbreakable algorithm. It looks like the operating system allows the driver to do whatever it wants because it has a legitimate digital signature and therefore appears to be a normal system update.

5. Stack Overflow Attacks

According to cybersecurity firm Aura, someone becomes a victim of identity theft every 10 seconds. How many of them would suspect that something called the zip of death could lead to their personal information ending up in the wrong hands? This is basically a new version of an old type of attack where people compress a large amount of junk data so that they can fill up a storage device really quickly. However, older forms of this attack were simply annoyances that could be dealt with by resetting a machine. New versions are designed to cause soft lock scenarios where some byte overflows a system stack and therefore briefly allows arbitrary code execution before a machine goes down for the count.

6. Thingbot Networks

Back in 2013, security researchers came up with a hypothetical type of cyberthreat that targets Internet-connected refrigerators they named after a Ghostbusters villain. If that wasn’t weird enough, it looks like this kind of attack is actually starting to become common. Thingbots are basically IoT devices that have been compromised and now operate the same way that PCs do when they’ve joined a botnet. This kind of attack could turn everything from a smart thermostat to a virtual assistant into a dedicated spy that sends data back to a remote command and control center.

7. Mobile System Hijacking

Software piracy has been talked about for decades, but what happens when hijackers get a literal pirate ship? That’s the question being asked by victims of a series of Ryuk ransomware outbreaks that impacted maritime computer systems operated by the USCG among others. Since mobile networked computers are often vulnerable and aren’t tied to land, they’re a very alluring target. To make matters even worse, they’re in a location that seldom has a group of IT personnel around.

8. Purposeful Malware Self-infections

Have you ever considered infecting a machine with malware for fun? Those behind the live malware repository do just that, though it’s usually done from inside of a virtual machine. Considering that there’s everything in this repository from Android to OS X malware, however, it’s possible that security researchers could really mess up a disk image. It wouldn’t be surprising to hear some people are misusing these vintage malware tools either. Considering the proliferation of programs like DOSBox and BasiliskII for running classic computer games, it’s highly likely that people may inadvertently spread malware locked away in antique images stored on the Internet Archive and other related sites.

Who’d ever think that we’d be discussing a genuine self-replicating computer virus as though it were a legitimate security threat?

Managed WAF Protection

Website

Latest articles

CVE/vulnerability

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...
CVE/vulnerability

5000+ CrushFTP Servers Hacked Using Zero-Day Exploit

Hackers often target CrushFTP servers as they contain sensitive data and are used for...
Cyber Attack

13,142,840 DDoS Attacks Targeted Organization Around The Globe

DDoS attacks are a significant and growing risk that can overpower websites, crash servers,...
CVE/vulnerability

Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt...
Cyber Attack

Microsoft Publicly Releases MS-DOS 4.0 Source Code

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one...
Cyber Attack

New SSLoad Malware Combined With Tools Hijacking Entire Network Domain

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which...
Cyber Security News

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Palo Alto Networks has issued urgent remediation advice after discovering a critical vulnerability, designated...
PricillaWhite
PricillaWhite

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]