Ransomware-as-a-Service Transforms Gangs Into Businesses – Security Intelligence





Ransomware-as-a-Service Transforms Gangs Into Businesses
Malware-as-a-Service is getting easier and easier to access, according to a recent threat report. Self-named the ‘Eternity Project’, this cyber threat group offers services from a Tor website and on their Telegram channel. They sell a wide variety of malware in an organized fashion, including stealer, clipper, worm, miner, ransomware and distributed-denial-of-service bot services.
This alarms many security professionals. With Eternity, even inexperienced cyber criminals can target victims with a customized threat offering. Eternity sells malware for $90 to $490. As Malware-as-a-Service grows in sophistication, it’s easier than ever to access attack tools at low prices.
According to Cyble, Eternity Project offers a wide variety of malware services on its Telegram channel, which has around 500 subscribers. The channel provides detailed information about the service’s features and even uses explainer videos. Eternity Project’s Telegram channel also shares news about their malware’s updates, just like any brand showcasing new features.

Source: Cyble
What kind of damage can Eternity Project’s malware do? One example is Eternity Stealer. This malware lets users steal passwords, cookies, credit cards and crypto wallets from targets to later receive the stolen data directly on the Telegram bot.
The features of the stealer malware mentioned on the group’s Telegram channel include:
It also offers ways to break into messenger apps, password managers and more.
According to the report, customers can build Eternity Stealer malware directly on the Telegram bot. Once the user selects a stealer product, options appear to add features such as AntiVM and AntiRepeat. Next, the user selects the available payload file extension such as .exe, .scr, .com or pif. Finally, users can download the exfiltrated payload directly from the Telegram channel.
Other services such as miner, clipper, ransomware and worm offer the same kind of convenience and customization. And it all occurs through an easy-to-use Telegram Q&A bot:

Source: Cyble
The researchers state that they have seen a major increase in cyber crime through Telegram channels and forums. Threat groups are selling their products in the open without any type of sanction.
A large part of the success of these groups is their businesslike approach. They employ an agile development framework to develop malware. Later they go online to test their products on a victim, then they return to the lab to work out the bugs. They also implement advanced marketing techniques and place an emphasis on user experience and user interface.
The authors of the threat report suggest some ways to mitigate malware. For example, it’s important to keep backups of all critical files. These backups should be kept offline or on completely separate networks. Turn on automatic software updates, and have security teams scan often for warnings and updates about mission-critical software.
The official CISA Stop Ransomware site also provides in-depth guidance against malware.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
3 min readThe protection of the SAP systems, as mission-critical applications, is becoming the priority for the most relevant organizations all over the world. The security hardening of SAP systems is key in these uncertain times, where threat actors start seeing SAP…
Malware-as-a-Service is getting easier and easier to access, according to a recent threat report. Self-named the ‘Eternity Project’, this cyber threat group offers services from a Tor website and on their Telegram channel. They sell a wide variety of malware in an organized fashion, including stealer, clipper, worm, miner, ransomware and distributed-denial-of-service bot services. This alarms many security professionals. With…
Last summer, I noticed password reset notices in my email account that I didn’t send. I quickly realized that I was the victim of an account takeover. This happens when someone illegally gains access to your account, typically through compromised credentials. I changed my email password right away and learned that my passwords to other accounts had already been changed.…
A recent report reveals the well-known crypto mining botnet LemonDuck can target Docker to secretly mine cryptocurrency on the Linux platform. LemonDuck targets Microsoft Exchange servers to mine crypto, escalate privileges and move sideways in compromised networks. It takes advantage of Docker, a mainstream platform used for building, running and managing containerized workloads. Since Docker runs container workloads in the…
A joint federal Cybersecurity Advisory warns that certain advanced persistent threat actors can obtain full access to the industrial control system (ICS) and data acquisition (SCADA) devices. These systems, found in nearly every industrial sector, can then fall prey to remote control and other cyberattacks. Read on to find out which systems are at risk and how to protect them.…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.