GoSecure Blog
Threat Hunt of the Month: Browser Session Hijacking via Malvertising
In January 2025, GoSecure Threat Hunters identified a new browser hijacking campaign leveraging malware dubbed MEDIAARENA, which is being actively distributed via malvertising. This Windows-based malware uses valid code-signing certificates, time-based defense evasion, and persistence techniques to manipulate browser settings and steal sensitive session data. Once installed, it establishes persistence through scheduled tasks and exploits Chromium’s remote debugging feature to hijack an infected device’s browser, ultimately modifying search engine settings and redirecting user searches to attacker-controlled domains.
Ransomware Groups Exploiting Microsoft Teams
Recent findings reveal that ransomware groups, including the notorious Black Basta, have begun leveraging Microsoft Teams as a vector to infiltrate corporate networks. These attackers employ advanced social engineering tactics to compromise systems, exfiltrate sensitive data, and deploy ransomware.
Fortinet Data Leak and Mitigation Recommendations
Recent events have highlighted a critical security disclosure involving Fortinet devices. A hacker group known as “Belsen Group” has leaked sensitive data allegedly associated with approximately 15,000 Fortinet firewalls. The leaked information includes highly sensitive details such as plaintext credentials, firewall configurations, and management certificates, raising significant concerns about the potential for unauthorized access and exploitation.
Threat Hunt of the Month: Remote Access Software Exploited for Corporate Network Infiltration
In December 2024, GoSecure Threat Hunters have identified a concerning use of remote access software by cybercriminals to gain initial access within corporate environments. The attackers start by flooding a victim’s email with spam and then pose as IT support via Microsoft Teams. This social engineering tactic lures victims into installing remote access software, which is then exploited to deploy a custom implant that exfiltrates sensitive information and sets the stage for ransomware attacks.
Security Advisory: Enhancing Cybersecurity Vigilance During Natural Disasters
Following a recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA) regarding the increased cyber threats during Hurricane Helene, it’s crucial for organizations to reassess their disaster preparedness from a cybersecurity perspective. Effective disaster preparedness is about anticipating potential challenges and equipping your organization with the tools and plans to manage them effectively. Natural disasters not only disrupt physical infrastructures but also create ripe conditions for cybercriminals to exploit heightened vulnerabilities.
