Reading Time: ~ 2 min.

As Oil Prices Drop, Hackers Take Aim at Producers

With the recent crash in oil prices, and supply rapidly piling
up, a new spear
phishing campaign
has begun targeting executives at several major oil
producers. A massive number of emails started being distributed in late March,
without the telltale signs of amateur phishing like bad spelling and grammar.
Furthermore, the emails appeared to be from a sender with knowledge of the oil and
gas industry. Two documents within the emails posed as bid contracts and
proposal forms but were used to deliver the final payload, a trojan called
Agent Tesla, which is a malware-as-a-service that can perform a variety of
malicious activities on a system.

Software Affiliates Sending Phony Expiration Notices

Several dubious third-party software
have been spotted distributing a campaign targeting antivirus
users, prompting them to renew their subscription through the affiliate’s link,
thus netting them additional revenue. Most affiliate programs have strict
guidelines as to how the company can promote the affiliated software, and
purposely misleading customers can lead to major penalties. Emails displaying
expiration notices for Norton and McAfee have both been identified. With a
percentage commission, the affiliate could be earning up to 20% of the purchase
price for each fraudulent sale.

Philadelphia Sandwich Chain Faces Data Breach

a Philadelphia-based sandwich chain, was the unsuspecting victim to a data
breach that went undetected from July 2019 until this February. The breach
affected all online sales during that time period, though no in-store purchase
data was compromised. By April, the company released an official statement
regarding the breach. But the admission came only days before a data security lawsuit
was filed by a customer who had seen fraudulent charges on his credit card.

Decryption Keys for Shade Ransomware Made Available

After nearly five years of operation, the creators of Shade
have decided to close shop and give out nearly 750,000
decryption keys along with an apology for harm done. While most ransomware
variants tend to purposely avoid Russia and Ukraine, Shade focused specifically
on these two countries during its run. Though the many decryption keys and
master keys have been made public, the instructions for recovering the actual
files are not especially user-friendly and a full decryption tool has not yet
been released.

ExecuPharm Hit with Ransomware Attack

One of the largest pharmaceutical companies in the U.S.
recently suffered a ransomware
that not only encrypted their systems but also gain access to a
trove of highly sensitive personal information belonging to thousands of
clients. It is believed that the attack started with in mid-March with phishing
emails targeting specific employees with the widest access to internal systems.
At this time, there is no confirmed decryption tool for the ransomware variant used
and the company has begun contacting affected customers.

The post Cyber News Rundown: Hackers Aim at Oil Producers appeared first on Webroot Blog.