New FakeUpdates campaign targets WordPress websites as LockBit3 and Play ransomware groups ramp up attacks | | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

WordPress websites were the latest target of the persistent FakeUpdates malware campaign in February, while the LockBit3 and Play ransomware gangs accounted for nearly a third of all ransomware incidents, according to CheckPoint Research‘s latest Global Threat Index report.
Researchers uncovered a fresh wave of attacks by FakeUpdates, also known as SocGholish, which compromised WordPress sites using hacked admin accounts.The JavaScript-based malware, active since 2017, adapted its tactics to infect websites by modifying legitimate WordPress plugins and deceiving users into downloading a Remote Access Trojan.
“Websites are the digital storefronts of our world, crucial for communication, commerce, and connection,” said Maya Horowitz, VP of Research at Check Point Software. “Defending them from cyberthreats isn’t just about safeguarding code; it is about protecting our online presence and the essential functions of our interconnected society.”
Despite takedown efforts in late February, the LockBit3 ransomware group remained the most prolific threat actor, responsible for 20% of all documented ransomware incidents. The Play ransomware group, which claimed responsibility for the recent attack on Oakland, surged to second place with 8% of attacks, followed by newcomer 8Base at 7%.
Globally, the education and research sector continued to be the most frequently targeted industry, followed by government, military organisations, and healthcare institutions. In India, the healthcare sector bore the brunt of cyberattacks, with the education, search, and consulting industries also significantly impacted.
The most exploited vulnerability in February was “Web Servers Malicious URL Directory Traversal,” which affected 51% of organisations worldwide. Command Injection Over HTTP and “Zyxel ZyWALL Command Injection” tied for second place, each impacting 50% of organisations globally.
Among mobile malware, the Android banking Trojan Anubis held the top spot, followed by the AhMyth Remote Access Trojan and the ad-displaying Hiddad malware.
FakeUpdates, a longstanding threat linked to the Russian Evil Corp cybercrime group, remains a significant danger to website security and user data despite efforts to curb its spread. The malware’s persistence is attributed to its downloader capability, which allows its operators to sell access to infected systems, potentially leading to additional malware infections.
“It is vital to put preventative measures in place and adopt a culture of zero tolerance to ensure absolute protection from threats,” Horowitz emphasised, urging organisations to prioritise website security to safeguard their online presence, revenue generation, and reputation.


Click Here For The Original Source.


National Cyber Security