The cybersecurity landscape has experienced a significant breach as energy corporation Schneider Electric has been attacked by the Cactus ransomware. In an alarming development, hackers have also begun leveraging Microsoft Teams to disseminate DarkGate malware through phishing schemes, putting user security at risk. The FBI has shed light on a novel method in tech support scams — employing couriers to collect money directly from victims.
Schneider Electric Under Siege by Ransomware
A renowned energy company, Schneider Electric, has fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. This sophisticated cyber threat has substantially hampered company operations, although the full extent of the impact remains under assessment. Ransomware is a type of malicious software that encrypts data on infected systems, demanding payment for the decryption key.
Microsoft Teams, Microsoft's widely used communication platform with over 280 million monthly users, has been compromised by attackers. The adversary initiated over a thousand malevolent group chat invitations, as identified by AT&T Cybersecurity. Upon unsuspecting users accepting these invites, the threat actors employ deception to induce file downloads, disguised with deceptive file extensions.
One commonly downloaded file named ‘Navigating Future Changes October 2023.pdf.msi' turns out to be a malicious executable. Once the DarkGate malware executes, it establishes a connection with its command-and-control server. Experts recommend disabling External Access in Microsoft Teams, except where essential, to avoid such vulnerabilities and ensuring diligent user education regarding phishing risks.
Since the disruption of the Qakbot botnet in August by international collaborative campaigns, cybercriminals have increasingly adopted the usage of DarkGate malware loader as their primary choice for initial corporate network access. In October, Security researchers at Trend Micro reported attacks launched by DarkGate malware perpetrators who have utilized Skype accounts breached to infect targets through message-attached VBA loader script.
In conclusion, as cyber threats evolve, institutions and individuals alike must stay vigilant and employ robust cybersecurity measures. Attacks like those on Schneider Electric and through Microsoft Teams highlight the ongoing battle against digital threats and underscore the importance of cybersecurity in the modern world.
