Does your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019. A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business. Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and
phishing (123)
Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the Apple URL.
On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg. Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).
Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.
The attackers use the popular malware Lokibot. Wapack Labs detected communications of these samples to known and new Lokibot C2s:
- kbfvzoboss[.]bid/alien/fre.php
- carlos-tevez[.]gq/raphael/fre.php
- uenajrkja[.]ml/ch
