CDNs are also handy tools for cybercriminals to deliver additional bugs with multi-stage infection tactics. In March 2021, cyber criminals threatened to leak documents from the Tether cryptocurrency. Without UAC, executables can run with administrative privileges without requiring the user to allow it. They would be taking a sample of his blood tomorrow, and the budget problems he had were real. Hunting through telemetry, we found 58 unique malicious apps that can be run on Android devices. Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. According to the 2021 SonicWall Cyber Threat Report the world has seen a 62% increase in ransomware since 2019. In its simplest form, that content is message attachmentsfiles that are uploaded by Discord users into chat or private messages. But fundamentally, how can any business or any user be expected to stay on top of the glut of communications channels todays workers are feverishly trying to maintain? Stay safe from these scams as they occur more often. Both Discord and Slack allow users to upload files to their servers and create externally accessible links to those files, so that anyone can click on the link and access the file. Aside from pushing Slack and Discord to more effectively scan the files for signs of malware that they host as external links, Cisco's Biasini argues that organizations should consider simply blocking Discord links, given that it's not often used as an authorized collaboration tool inside of enterprise networks. Most antimalware products (including Windows Defender) will block Petya, so this is a curiosity more than a threat for the majority of Windows machinesbut its still potentially hazardous to older computers and in the hands of someone who is convinced it needs to run to improve game performance. These alphanumeric strings are also known as access tokens. This website uses cookies to ensure you get the best experience. These servers commonly connect to additional platforms, from DataDog to GitHub. If you don't believe it, it's fine, neither do i but its just to be safe) Tips for everyone to be safe: Check keep me safe in Privacy and safety Dont accept friend requests from anyone that doesnt have any mutual servers/friends with you Keep calm stay safe . Another family of screen locker malware was also widely represented in Discords CDN is Somhoveran / LockScreen, which adds a countdown to the ransom threat. Here are six principles to improve the cybersecurity of critical infrastructure. By leveraging these chat applications that are likely allowed, they are removing several of those hurdles and greatly increase the likelihood that the attachment reaches the end user.. Using the most recent telemetry data, we were able to retrieve thousands of unique malware samples and more than 400 archive files from these URLsa count that does not represent the whole corpus of malware, as it does not include files that were removed by Discord (or by the actors who originally uploaded them). While the healthcare sector keeps getting pelted by constant cyberattacks, the education sector isn't left . This also means attackers can deliver their malicious payload to the CDN over encrypted HTTPS, and that the files will be compressed, further disguising the content, according to Talos. Cyber Security Today, Feb. 13, 2023 - Hole in GoAnywhere file transfer utility exploited, ransomware attacks in the U.S. and Israel, and more Companies Microsoft Exchange Server 2013 support to . Discords servers are Google Cloud instances of Elixir Erlang virtual machines, front-ended by Cloudflare. Scattered among the files were many copies of a widely-used stealer malware known as Agent Tesla. The level of anonymity is too tempting for some threat actors to pass up.. I advise no one to accept any friend requests from people you don't know, stay safe. Email and office applications provide a number of hardened settings to combat malware and phishing; however, not enough organizations make use of them. SophosLabs Principal Researcher Andrew Brandt blends a 20-year journalism background with deep, retrospective analysis of malware infections, ransomware, and cyberattacks as the editor of SophosLabs Uncut. lol my friend thought this was real and posted on his server. The token logger also collects machine fingerprint data, and attempts to scrape other cookies and credential tokens from the targets machine as well, so there may be more damage done than just the loss of an account. Somhoveran uses Windows Management Instrumentation to collect a fingerprint of the affected system, and displays some of that data on the screen. -And Apple iPhone, iPad, Mac and iWatch users should make sure the latest versions of their operating systems are installed. Discord, collaboration tools & the malware you may not know about, White House cyber security strategy shifts burden to providers, Phishing is what type of attack? A number of these messages allegedly emerge from financial transactions. @everyone Please listen to the instructions in this message : it is not written by me, but this is a very real threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware , which emerged in the threat landscape last year. The attackers . Slack says it's also working on more malware protection and link-scanning tools that will roll out this spring. The Sketchy Plan to Build a Russian Android Phone. CDNs also enable cyber criminals to present additional bugs using multi-stage infection tactics. That's why I left the majority of random public servers and I don't regret it to this day. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting . They provided a screenshot of the ransom note received by users after infection: Discord generates an alphanumeric string for each user, or access token, according to Talos, which attackers can steal to hijack accounts, they added they saw this frequently targeting online gaming. Some purport to contain invoice information while others appear as purchase orders. Several password-hijacking malware families specifically target Discord accounts. Amid isolating sanctions, a Russian tech giant plans to launch new Android phones and tablets. The WIRED conversation illuminates how technology is changing every aspect of our livesfrom culture to business, science to design. Following successful infection, the data stored on the system is no longer available to the victim and the following ransom note is displayed, the report said. We observed significant volumes of malware hosted in Discords own CDN, as well as malware interacting with Discord APIs to send and receive data. In addition to message and stream routing, Discord also acts as a content delivery network for digital content of all types. This is the first attack campaign carrying this particular threat which indicates that . This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. And they took over my servers and deleted at least one of them using a bot called Larpaydenskabot. What to Do When Your Boss Is Spying on You. Russia maintains one of the world's most . Fortunately, in those cases, the sites had already locked or taken down the payload script, so the stealer failed to complete its task. It sparked a huge run-up in cyber stocks. Cybersecurity. The ACSC Annual Cyber Threat Report 2019-20 is accessible via the website. Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations https://t.co/iYq3WeTkbf. Discord provides a persistent, highly-available, global distribution network that malware operators can take advantage of, as well as a messaging API that can be adapted easily to malware command and controlmuch in the way Internet Relay Chat, and more recently Slack and Telegram, have been used as C2 channels. Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. In April, Russian ransomware-as-a-service gang REvil hit Apple supplier Quanta with a $50 million ransomware attack. I know I can't be the only one to think this is bullshit. Cybercriminals have set up shop on Discord, a popular chat application for gamers with more than 250 million active users . Ad Choices, Hackers Are Exploiting Discord and Slack Links to Serve Up Malware. Cisco's security division, Talos, published new research on Wednesday highlighting how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals. Malicious links of this nature can evade security detection. November 2022. It has been another month of comparatively few reported cyber attacks and data breaches, with our August list containing 84 incidents accounting for 60,865,828 breached records. Attackers are able to send malicious files to the CDN via encrypted HTTPS. "Over the last several months weve seen tens of thousands, and the rate has been steadily increasing," says Biasini. When a human opened the file, macros immediately delivered the payload. The Android malware files were given names and icons that could lead someone to believe they are legitimate banking or game updater apps. Change control and vulnerability management as core security controls should be in place as well.. But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. Once credentials are stolen, they are often used to continue to steal other credentials through social engineering. Apr 7, 2021 8:00 AM Hackers Are Exploiting Discord and Slack Links to Serve Up Malware Beware of links from platforms that got big during quarantine. NO ONE CAN GRAB YOUR IP JUST BY ADDING YOU AS A FRIEND. Among the malicious applications we uncovered were applications advertised as game cheatsprograms that alter or affect the gameplay environment. But experts are skeptical the company can pull it off. At least one in eight major corporations will have security breaches due to social media hackers in the coming new year. In March, Acer refused to pay the $50 million ransom to REvil. like :/. NOTE: /r/discordapp is unofficial & community-run. Retweets. Hacked accounts anonymously deliver malware and may be repurposed for social engineering feats. The virtually-dominated year raised new concerns around security postures and practices, which will continue into 2021. Once it has evaded detection by security, its just a matter of getting the employee to think its a genuine business communication, a task made easier within the confines of a collaboration app channel. Can businesses and/or users really attend to all of the inbound emails and messages that they receive these days? While it would be impractical to list off the full set of static and behavioral detections that these files might trigger if executed on a protected machine, we can safely say that the full set of files has been processed by the Labs team, who ensured that our existing defenses could block any of these from causing damage. Cyber Attack on Discord #2 (Among Us Official) 1,407 views Mar 27, 2021 9 Dislike Share Save KonanTheBarbarian 1.06K subscribers Another Cyber Attack was coordinated against the Among. The versatility and accessibility of Discord webhooks makes them a clear choice for some threat actors, according to the analysis: With merely a few stolen access tokens, an attacker can employ a truly effective malware campaign infrastructure with very little effort. Taking place on July 9, 2021, Cyber Polygon this time is about simulating a cyber attack on the digital data streams that have skyrocketed during the coronavirus pandemic. While a few of the files generated codes that resemble those used to upgrade a standard Discord account to the Discord Nitro version, most did not. Updated on: October 21, 2019 / 12:02 PM / CBS News. This group stole almost 100 gigabytes of sensitive data and . A place that makes it easy to talk every day and hang out more often. The Python scripts internal comments indicate that it was designed to attack servers hosted on two platforms: Amazons AWS, and NFO Servers (a service that hosts private game servers for MineCraft, Counter Strike, Battlefield, Medal of Honor and other multiplayer games). The High-Stakes Blame Game in the White House Cybersecurity Plan. As an example, Talos uses the Discord CDN, which is accessible by a hardcoded CDN URL from anywhere, by anyone on the internet. The attacks enabled hackers to infiltrate systems and access computer controls. Several of the malware files also pulled down payload executables and/or DLLs which they then used to engage in a more wide-ranging data theft. I wish you all safety. Because so many of the files had been there for months, the destination servers did not respond, but we could observe the profiling data being written to the hard drive. We also found applications that serve as nothing more than harmless, though disruptive, pranks. With growing frequency, they're being used to serve up malware to victims in the form of a link that looks trustworthy. This architecture makes Discord scalable enough to handle its hundreds of millions of active users, and resilient against denial-of-service attacksa plus for dealing with the gaming community. United States Naval Officer Charged Federally for Cyberstalking, Aggravated Identity Theft, and Conspiracy for a Campaign to Harass His Ex-Wife. And while other methods of hosting malware can be taken offline or blocked when a hacker's server is discovered, the Slack and Discord links are harder to take down or block users from accessing. This simulated exercise will take place at the WEF's annual 'Cyber Polygon' digital event. He has been a security researcher, technology journalist and information technology practitioner for over 20 years. Cyber attacks against Indian government agencies doubled in 2022: CloudSEK report India, along with China, USA and Indonesia, continued to be the most targeted countries in the last two years accounting for 40% of the total incidents reported in the government sector. We found many instances of information stealing malware and backdoors using file names that indicated they were used as part of soclal engineering campaigns. Its a technique routinely observed across malware distribution campaigns that focus on RATs, stealers and other types of data exfiltration tools. These more sophisticated stealers were able to extract the token from the Discord client application, not just the browser. We also encountered several ransomware families hosted in the Discord CDNlargely older ones, usable only to cause harm, as theres no longer a way to pay the ransom. > One of the Linux-based malicious archives we retrieved was this file, named virus_de_prost_ce_esti.rar, which translates from the original Romanian language to what a stupid virus you are. Discord's malware problem isn't just Windows-based. Subscribe to get the latest updates in your inbox. The team used this screenshot to illustrate this type of attack on Discord, showing a first-stage malware tasked with fetching an ASCII blob from a Discord CDN. Otherwise it would've been an actual pop up like if your post got deleted. Messages were delivered by attackers in several languages, including English, Spanish, French, German and Portuguese, they added. However, some other things might happen.Gore/Extreme Profanity/Porn/Racist Slurs:Someone might add you as a friend to send you these things. which is why it's become a popular target for cybercriminals. One of the key challenges associated with malware delivery is making sure that the files, domains or systems dont get taken down or blocked, states a recent report. In fact, Microsoft reports that social engineering attacks have jumped to 20,000 to 30,000 a day in the U.S. alone. The WEF, Russia's Sberbank, and its cybersecurity subsidiary BIZONE announced in February that a new cyberattack simulation would occur July 9, 2021. The researchers saw this behavior across malware, adding that one Discord CDN search turned up almost 20,000 results in VirusTotal. Feel free to contact me if you want more information about these two sons-of-bitches. Type of Attack: Wiper malware. ET during aFREE Threatpost event, Underground Markets: A Tour of the Dark Economy. Experts will take you on a guided tour of the Dark Web, including whats for sale, how much it costs, how hackers work together and the latest tools available for hackers. Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops Blink This Thursday morning, Russia started its invasion on Ukraine and, as predicted, the attacks in the physical. Beware of links from platforms that got big during quarantine. Reddit and its partners use cookies and similar technologies to provide you with a better experience. @ everyone lol Bad news, there is a possible chance tomorrow there will be a cyber-attack event where on all social networks including Discord there will be people trying to send you gore, racist insults, unholy pictures and there will also be IP thieves, Hackers and Doxxers. The same nitrogen utilitys batch script disabled a number of key Windows security features, evidenced by the fact that Windows prompts the user to reboot the computer to turn off User Account Control, the feature that prompts a Windows user to permit an application to run with elevated privileges. Attacks will continue to span the entire attack surface, leaving IT teams scrambling to cover every possible avenue of attack. It does not matter if it is real or not, the important thing is that everyone be careful with this delicate subject. It is the essential source of information and ideas that make sense of a world in constant transformation. A place that makes it easy to talk every day and hang out more often. Where just you and handful of friends can spend time together. But Discord users should remain vigilant to the threat of malicious content on the service, and defenders should never consider any traffic from a cloud service as inherently safe based on the legitimacy of the service itself. To mitigate the risks, more focus on least privilege is needed, as its still too common for users to run with local admin rightsEmail and office applications provide a number of hardened settings to combat malware and phishing; however, not enough organizations make use of them. NOTE: /r/discordapp is unofficial & community-run. It was made to make people fear. I advise you not to accept any friend requests from people you do not know, stay safe. Cyber Polygon combines the world's largest technical . But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victimssometimes in unexpected ways. Part III argues that cyberattacks can constitute an armed attack or an act of war through triggering the right to self-defense. Previously, Gallagher was IT and National Security Editor at Ars Technica, where he focused on information security and digital privacy issues, cybercrime, cyber espionage and cyber warfare. Discord needs to clean up its act before more people get hurt! However, there are some things I want to clarify. As is common with Remcos infections, the malware communicated with a command-and-control server (C2) and exfiltrated data via an attacker-controlled DNS server, the report added. REvil Demands $50M Ransom. Even if you dont have a Discord user in your home or office, abuse of Discord by malware operators poses a threat. November . One strategy might be for organizations to narrow the attack surface. The tools allegedly make it possible, exploiting weaknesses in Discords protocols, for one player to crash the game of another player. And this excludes the malware not hosted within Discord that leverage Discords application interfaces in various ways. Information from the Discord CDN is commonly converted into the final malicious payload and hackers may load this onto systems remotely. In many cases, Cisco found, those files are malicious; the researchers list nine recent remote-access spy tools that hackers have tried to install in this fashion, including Agent Tesla, LimeRAT, and Phoenix Keylogger. 'You've won Crimson Dissolver! While Discord has some malware screening capabilities, many types of malicious content slip by without notice. @everyone Bad news, tomorrow is a cyber attack event, on all social media platforms including discord there will be people trying to send you gore, extreme profanity, porn, racist slurs, and there will also be ip grabbers hackers and doxxers. These have been disclosed to Discord, and the majority of them have since been removed; however, new malware continues to be posted into Discords CDN, and we continue to find malware using Discord as a command and control network. (While Slack also offers a similar webhook feature, Cisco says it has yet to see hackers abuse it as they have Discord's.).