ON THE BENCH Monday 29 January 2024

Windows machines get bugged with WhiteSnake info stealer malware. Research has shown the open-source Python Package Index (PyPI) repository now contains malicious packages that deliver WhiteSnake Stealer, an information-stealing malware on Windows systems. According to Fortinet FortiGuard Labs, the packages incorporate Base64-encoded source code of PE or other Python scripts within their setup.py files, and depending on the victim’s device operating system, the final malicious payload is dropped and executed after the Python package installation.

Qilin ransomware group has attacked two companies. The attack resulted in the exfiltration of data.

• Mordfin becomes a victim of Qilin ransomware. The New York accounting firm currently has 50 employees. The company revenue is currently $5 million. Mordfin Group is a famous tax, accounting, and advisory group operating successfully for over 90 years.
• Neafidi is an Italian financial service company specializing in offering Static and dynamic financial analysis, Benchmarking analysis, Central Risk Results analysis, Management control, Facilitations, Support for using the Guarantee Fund, Alternatives to bank credit: Simest, Minibond, and Fintech services. The company currently has a revenue of $5 million and 1-50 staff.

An attack by Cactus ransomware on DTSolutions resulted in 34GB of data exfiltration. The company specializes in providing high-service and cost-focused alternatives to manufacturers or shippers operating a private fleet. The company has 1000 employees, and the revenue is currently $31.1 million.

After cybersecurity researchers’ discovery, Faust becomes the latest ransomware in the Phobos family. According to one of the researchers, Cara L, the attack vector involves using the Gitea service to store Base64 encoded files, each with a malicious binary. The attack proceeds with an encryption attack after file injection into the system’s memory. Other members of the Phobos family include Eking, Eight, Elbie, Devos, and 8Base.

Incrasom ransomware launched an attack on four different companies.

• North American University: This is a private, non-profit, full-service college known to offer baccalaureate and graduate degree programs in three disciplines with several concentrations. The Texas Institution has 500-1000 staff with $18 million revenue and specializes in the following degrees: B.S. in Business Administration, B.S. in Computer Science, B.S. in Interdisciplinary Studies in Education, M.Ed. in Educational Leadership, Intensive English Program – CEA Accredited, M.Ed. in Curriculum and Instruction, M.B.A, M.S. in Computer Science, B.S. in Criminal Justice, and M.S. in School Counseling.
• Benjamin Plumbing: The Wisconsin construction company handles residential and commercial plumbing work for the Madison and Wisconsin area. The company has 50 employees with current revenue of $5 million.
• Corbett Exterminating Inc: The company specializes in controlling pests for residential and commercial clients across the Northeast and Mississippi areas. The company has a revenue of $14.9 million. The attack resulted in data exfiltration.
• Waterford Country School: Waterford Country School specializes in primary and secondary education. The institution has 200 employees with a revenue of $15.7 million. Waterford evolved from a summer camp to a school to a multi-program non-profit agency. The attack resulted in the risk of exposure of both employees’ and student data.

Get Away Today suffered a ransomware attack from Akira. The traveling company has been famous for offering discount cruises and vacations to Disneyland Resort, San Diego, Hawaii, Orlando, Mexico, and more since 1990! The company has 50 employees and a revenue of $17.8 million.

The National Security Agency (NSA) admits secret purchase of internet browsing data without warrants. The agency confirmed getting data from data brokers to identify websites and apps used by Americans without any court order. The revelation that the Defense Intelligence Agency buys and uses data collected from smartphones is raising privacy concerns. “Is there any privacy regarding what you do with your smartphone and the internet?” This is coming after the prohibition of Outlogic and InMarket Media from selling precise location information to customers without the user’s consent.