The top phishing campaign detected was against Facebook with 24 instances detected.
Cybercriminals pose as ACSC to target Australians
The Australian Government has warned of an ongoing social engineering campaign that impersonates the Australian Cyber Security Centre with the intention to infect victims with malware.
The unknown cybercriminals are feigning as ACSC employees, contacting targets to alert them that their computer systems are compromised, requiring them to install remote administration and desktop sharing software in order to steal their banking credentials.
Australians who have been targeted in this campaign, or want to find out more information are advised to contact ACSC by calling 1300 929 371.
Meet Babuk Locker, First ransomware campaign of 2021
Only seven days into 2021 and a new form of ransomware has emerged ‘Babuk Locker’. This ransomware uses its own implementation of SHA256 encryption called “ChaCha8” and in addition with the so-called Elliptic-curve Diffie-Hellman key generation to protect its keys encrypt files. SHA256 is an encryption standard with its roots with the U.S. National Security Agency, while ECDH is an anonymous key agreement scheme.
According to recent reports, Babuk Locker has accumulated a small list of victims globally, threatening their victims that if they don’t pay the varying ransom between $60,000 and $85,000 in bitcoin, their stolen data will be leaked onto the dark web.
New SUPERNOVA backdoor found in SolarWinds cyberattack
Security Researchers have discovered another backdoor within the SolarWinds supply-chain attack, potentially from another unknown threat actor. Known as ‘SUPERNOVA’, this malware is a web shell injected into the SolarWinds Orion code that would allow cybercriminals to execute arbitrary code on systems that use the compromised version of the SolarWinds. This malware is considered innocuous by itself and has been shown to take an entire .net application as a HTTP request and execute it within memory, without touching the disk. It is unknown how long SUPERNOVA has been within the Orion software. However, malware analysis has highlighted a compilation timestamp of March 24, 2020.