Intelligent CISO Issue 79 | Page 24

UPDATES
1
2
2
1 1

threat

UPDATES
1
BRAZIL AND MEXICO
Forcepoint has shared a report on increased activity regarding the Astaroth banking trojan delivered via secureserver [.] net URLs .
2
SWITZERLAND
Recorded Future has reported that the Vocational Training Center , or Berufsbildungszentrum ( BBZ ), in the canton of
Schaffhausen , has become the victim of a ransomware attack .
Since this was last flagged in July , with Forcepoint noting malware delivered by secureserver [.] net-based URLs , the attack still continues but with a different technique this time .
This is the attack chain : EML - > URL ( evasive ) - > ZIP - > LNK - > MSHTA - > JS obfuscated - > C2
The campaign has impacted mostly South American regions as the recipient domains targeted are mostly from Brazil and Mexico . The most impacted industries are business and economy , travel , shopping and government agencies .
The Canton ’ s Department of Education stated : “ When attacking the BBZ ’ s IT systems , cybercriminals blocked access to several systems and demanded a ransom . The attack was carried out using encryption malware on the BBZ servers .”
The department added that it did not respond to the ransom demand . Officials are continuing to investigate whether any personal information was stolen in the attack .
2
1 1
24 WWW . INTELLIGENTCISO . COM