Threat Briefing: August 2, 2024

Ransomware can be extremely costly for organizations. This week, a report revealed the staggering amount of money one Fortune 50 company paid in response to a ransomware attack, though the victim’s identity remains unknown.

Governments, such as those in the U.S. and Australia, are considering legislation and regulations to better track ransomware payments. Cyber threat actors continually seek ways to bypass defenses. This week’s Threat Briefing features an article on how these actors used malware to infiltrate Android devices and steal one-time passcodes, thereby circumventing MFA protections.

• $75 Million Payment Sets Record for Largest Ransomware Payment – In early 2024, an undisclosed victim paid a ransom to the Dark Angels ransomware group. Dark Angels, which first emerged in May 2022, utilizes source code from the former Babuk ransomware variant. The victim is believed to be a Fortune 50 company. Although the exact victim’s identity remains unknown, a pharmaceutical company on the Forbes 50 list did suffer a ransomware attack in February 2024. Bleeping Computer
• Increasing Use of Free Cloudflare Service Exploited by Cyber Actors to Deploy Malware – The TryCloudflare service enables cyber threat actors to establish a one-time tunnel, relaying traffic from their controlled infrastructure to a local machine. This method has been used to deploy various forms of malware, including Remcos RAT, PureLogs Stealer, and AsyncRAT. Victims are targeted with phishing emails that lead them to a file hosted on a server proxied through TryCloudflare. The Hacker News
• Proposed Australian Legislation Would Require Companies to Report Ransomware Payment – The legislation would mandate that companies with over $3 million AUD in revenue report ransomware payments. This proposed law aims to help the Australian government track these payments and aligns with the United States Cyber Incident Reporting for Critical Infrastructure Act of 2022, which requires certain U.S. organizations to report ransomware payments within 24 hours. Ransomware has inflicted $3 billion worth of damage on Australian organizations annually. Dark Reading
• European Union’s Artificial Intelligence (AI) Act Goes into Effect – The regulation, passed in March 2024, provides guidelines on the use of AI tools. Violators face fines of up to 35 million euros or 7% of corporate revenue. The AI Act mandates that companies disclose the use of copyrighted content for training models. Additionally, it bans high-risk AI applications from use in schools and workplaces. Bank Info Security
• Malicious Android Apps Used to Deploy Malware for Stealing One-Time Passwords – A campaign initially observed in 2022 has been associated with over 100,000 malware samples. Victims in more than 100 countries have been deceived into downloading apps that impersonate legitimate ones from the Google Play Store. Once downloaded, these apps request permission to access incoming SMS messages on the victims’ devices, enabling the interception and transmission of these messages to servers controlled by the attackers. The Hacker News