ALPHV is not a group of amateurs, they are a group of criminals who has been evolving and learning from mistakes made in the past. Some context before diving into this research. Throughout this profiling you will be able to know more valuable information about this group. ![]() However, they are not focused on random attacks, or spam campaigns (without a specific goal), all their attacks are focused to predefined targets through partners, who join forces to carry out attacks on previously profiled victims, which explains why the building of malware pieces (made in RUST) and infection methodology are specific to each case. The scheme under which this ransomware operates is through Ransomware-as-a-Service (RaaS). Among the target industries of this group are construction, energy, financial, logistics, manufacturing, pharmaceuticals, retail, and technology. The ALPHV Ransomware group also known as BlackCat has positioned itself in the Top 5 of most active ransomware groups. The firm offers custom-designed cybersecurity solutions and services designed to optimally protect companies of various industries and sizes against cyber attacks.By Ramses Vazquez & Miguel Gonzalez from Metabase Q’s Ocelot Team Context DARKSIDE/BLACKMATTER/ALPHV-BLACKCAT This malware’s complexity highlights the evolution of cybercrime in LATAM and the increasing need for a change in companies’ defensive mindset.įounded in 2017, Metabase Q is a cybersecurity managed services company focused on securing Latin American organizations from cyber attacks. This discovery by Ocelot further demonstrates the state of cybercrime in our region and the caliber of our ATM-focused research team,” said Mauricio Benavides, CEO of Metabase Q.Ĭybercriminals in LATAM have gotten significantly more sophisticated, and ATMs remain an insecure vector for many FIs, both from physical and logic-based attacks. Our goal at Metabase Q is to transform the state of cybersecurity in Latin America from a technological, educational and regulatory perspective. “Cybercrime is global, but company defenses remain regionally focused. NET Framework as a method of further obfuscation to avoid signature-based detection and to make the reverse engineering task very challenging. ![]() ![]() In 2013, the Japanese manufacturer OKI, partnered with Itautec to enter the Brazilian market subsequently, NCR acquired OKI’s IT services and selected software in Brazil in 2019. Itautec has been connected to other major ATM players over the years. The new variant, dubbed Ploutus-I, builds upon capabilities of prior strains and is tailored to control ATMs from the Brazilian vendor Itautec. Since its first discovery, Ploutus has evolved to target various XFS middleware types, focusing on banks across Mexico and Latin America. It enables criminals to empty ATMs by taking advantage of ATM middleware vulnerabilities via an externally connected device. Ploutus was discovered for the first time in 2013. Metabase Q, an analytics-driven cybersecurity company securing Latin American organizations from cyber attacks, has announced its security research division, Ocelot, has discovered a new variant of Ploutus, one of the most sophisticated ATM malware families globally.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |