Businesses prepare to update their cybersecurity playbooks for the Trump era amid increasing threats

The new administration hasn’t said much about its plans for combating the growing array of cyber threats facing Americans, but experts expect President Donald Trump to focus less on new regulation and more on cutting bureaucratic cyber red tape for industry and business.

The approach would mark a notable shift from the Biden administration’s regulation-driven approach to cybersecurity.

“I would be surprised if the Trump administration would embrace new categories of liability,”  said Brandon Pugh, policy director for R Street Institute’s Cybersecurity and Emerging Threats team. Instead, Pugh reckons, the new administration might “look to other market forces that could get to the same outcomes.”

Source: Fortune

New Mirai variant ‘Murdoc_Botnet’ targets AVTECH cameras and Huawei routers

Researchers at cybersecurity software provider Qualys Inc. are warning of a new Mirai botnet variant that’s being used to target vulnerabilities in AVTECH Cameras and Huawei HG523 routers.

The variant, dubbed “Murdoc_Botnet,” was first detected in July and has already been found to have affected at least 1,300 devices globally, especially in Malaysia, Thailand, Mexico and Indonesia. Like all Mirai variants, the idea is to infect as many devices as possible to create new, extensive botnet networks.

Source: SiliconAngle

Russian ransomware hackers increasingly posing as tech support on Microsoft Teams

Russian cybercriminals are adopting a scam in which they pose as tech support on Microsoft Teams to convince victims they have an IT issue before tricking employees into allowing them to install ransomware on the targets’ computer networks. 

British cybersecurity company Sophos reported on Thursday to have seen more than 15 incidents in which two separate groups used Microsoft Office 365’s default service settings to socially engineer their way onto a victim’s system.

Source: TheRecord

Ransomware attackers are “vishing” organizations via Microsoft Teams

The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts.

“Sophos MDR has observed more than 15 incidents involving these tactics in the past three months, with half of them in the past two weeks,” the company’s incident responders have warned today.

Source: HelpNetSecurity

Hunters International Ransomware: What We Learned from an Oracle WS Attack

Summary

• July 2024: Our threat hunters notice an uptick in attacks
• Sept. 2024: Hunters International post info about attacks on data leak sites
• We find attack evidence with an entry point in an Oracle web server, and:
  • Lateral movement
  • Sensitive data exfiltration
  • File encryption
  • Data recovery disablement

Source: ForeScout

Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms

A coordinated mobile malware campaign has been found targeting financial institutions worldwide, experts have warned.

Zimperium’s zLabs research team found the campaign leveraged two dangerous malware families, Gigabud and Spynote, to compromise mobile devices and target banking apps.

More than 50 financial mobile apps, including 40 banks and 10 cryptocurrency platforms, have been targeted in this sophisticated malware campaign.

Source: TechRadar

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.

The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the user interface.

Source: The Hacker News