Researchers have identified a new ransomware variant, named LukaLocker, that has started using a new tactic of directly contacting victim organization executives by phone to demand the ransom instead of posting stolen data to a leak site. The threat actors behind LukaLocker, the Volcano Demon group have made the focus of their ransomware to avoid detection and shutdown any identified methods for detecting or analyzing the attack on the victim device before starting encryption.
Fraud campaign uses 700 domains to sell fake Olympics tickets
As the excitement for the 2024 Summer Olympic games in Paris continues to grow, so too are the number of fraudulent domains that are offering overpriced tickets to Russian-speaking individuals. While some of the fake domains have been registered since 2022, an average of 20 new domains have been created every month since then, up to more than 700 unique domains with event tickets ranging from 300 to 1,000 euros. The campaign has been dubbed Ticket Heist and has expanded to include tickets for Euro 2024 football games as well as concerts, and typically use only Russian on the fraud sites.
Hackers leak 33 million phone numbers for Twilio app
The threat actors behind the ShinyHunters hacking group have recently published 33 million phone numbers related to the two-factor authentication app, Authy, which was developed by Twilio. Officials for Twilio have confirmed that the stolen data is legitimate and was exfiltrated through an unsecured endpoint, which has since been re-secured to require authentication. Authy users are being encouraged to stay vigilant for any potential phishing attempts and to install new device security updates.
Evolve Bank breach impacts 7.6 million individuals
Officials for Evolve Bank & Trust have recently begun contacting 7.6 million customers who may have been affected during a data breach by the LockBit ransomware group. The investigation revealed that an employee opened a malicious link at some point in February and subsequently allowed unauthorized access to many internal databases and storage servers, which were then exfiltrated by the group over the next several months. While it is still unconfirmed as to the type of data that was stolen, it is likely to contain financial documents and other extremely sensitive information.
Mekotio banking trojan makes waves through Central America
Researchers have been tracking the latest campaign of the notorious Mekotio banking trojan that has been stealing credentials from compromised Android devices throughout Latin America since 2015. Mekotio typically spreads through malicious email attachments that require some user interaction to download and execute, leading to collection of login credentials and taking screenshots.
