May 5, Help Net Security – (International) New AlphaCrypt ransomware delivered via Angler EK. Security researchers at Webroot and Rackspace discovered and determined that a new form of ransomware resembling TeslaCrypt and CryptoWall, dubbed AlphaCrypt, is being delivered via the Angler exploit kit (EK). Researchers stated that it differs from other ransomware variants by deleting volume snapshot services (VSS) and executing quietly in background processes to avoid detection. Source
May 5, Help Net Security – (International) New infostealer tries to foil analysis attempts by wiping hard drive. Security researchers from Cisco discovered a new information-stealing trojan dubbed Romberik, which is being delivered via spoofed emails purporting to be from the “Windows Corporation,” and hooks into users’ browsers to read credentials and other sensitive information for exfiltration to an attacker-controlled server. If the trojan detects an analysis attempt, it attempts to destroy the affected computer’s hard disk by overwriting the system’s master boot record (MBR). Source
May 5, IDG News Service – (International) Cybercriminals borrow from APT playbook in attack against PoS vendors. Security researchers at RSA and FireEye reported cybercriminals began mimicking cyberespionage advanced persistent threat (APT) groups by deploying spear-phishing campaigns designed to infect point-of-sale (PoS) payment systems. The attacks delivered the Vawtrak banking trojan and a new document-based exploit kit (EK) called Microsoft Word Intruder (MWI). Source
May 5, Help Net Security – (International) Crimeware infects one-third of computers worldwide. The Anti-Phishing Working Group (APWG) reported that 23.5 million malware variants were detected in the fourth quarter of 2014, setting a new record that was up 59 percent from the second quarter of 2014. According to researchers, the retail/service industry was the most targeted sector, specifically through payment services. Source