Subscriptions are everywhere these days. So much so, it’s becoming increasingly difficult to keep track of them all. More often than not, we drastically — by more than 2.5x! — underestimate how much we spend, because those small recurring charges fly under the radar and don’t add up to a clear picture in our minds. Yet, statistics* show that many users in developed countries spend annually the equivalent of a month’s salary on subscriptions.

Our research* indicates the average subscriber globally spends $938 annually on 12 subscriptions. Leading the pack are US residents — averaging 18 subscriptions totaling $2349 per year. Brazilians, Indians, and Russians average around 10 subscriptions — costing them $732 annually. Turks get the best deal, spending just $478 for 12 subscriptions.

Why such a disparity? The average cost of a single subscription in the US, Germany, and the UK ($12/month) is three times higher than in Russia ($4/month).

The US government has even taken notice of this subscription management conundrum, recently announcing an initiative to simplify canceling unwanted services. But how did these subscriptions come to permeate every aspect of our lives?

The rise of subscription services

Historically, subscriptions have been a niche market since at least the 17^th  century — when people could pay a monthly fee for regular publications like newspapers, magazines, or book collection volumes. Even daily milk delivery — common in some countries since the mid-19^th century — could be considered a subscription of sorts.

Cable television — offering hundreds of channels packed with movies, series and shows — reigned supreme as the most popular subscription of the late 20^th century. When Netflix arrived, it didn’t need to reinvent the wheel — the audience was already primed.

Dollar Shave Club pioneered applying this business model to everyday goods. Since 2011, it’s delivered monthly shaving kits at prices significantly lower than retail. The company received 12,000 orders within the first 48 hours of its launch.

Over the past decade, subscriptions have expanded to encompass practically everything — from weekly meal kits and daily fresh socks to… monthly deliveries of real animal bones for collectors and accessories for backyard chicken farmers.

Subscriptions weren’t initially popular in the software world. Most applications were sold in beautiful boxes, on floppy disks or CDs, requiring a hefty one-off payment. But once purchased, you could use the application indefinitely. The few exceptions to this rule were applications needing frequent updates, such as antivirus software, which adopted the subscription model back in the 1990s.

Subscriptions began to penetrate the software sphere with the rise of cloud services, which store user data on the providers’ servers: Dropbox, web hosting, and so on. Here, recurring payments made sense. However, software companies then realized that recurring payments ultimately generate more revenue than one-time purchases. As a result, they started shoehorning the subscription model onto services that didn’t inherently require regular updates or ongoing vendor involvement. Today, you can subscribe to traditionally “boxed” products like office suites, as well as gaming services, music services, and much more. There are even blatantly exploitative offers like a subscription-based calculator.

“Multi-subscriptions” bundling various services under a single payment are gaining traction. Sometimes these services are at least related — like Microsoft 360, but there are also more complex hybrids like Amazon Prime, which combines free shipping, movies, music, games, discounts on groceries, fuel, medications, and much more. Seemingly convenient, it makes evaluating and managing these subscriptions even more complex.

The number of subscriptions per person will likely continue to rise as the vast majority of new software products are released exclusively under a subscription model. Subscription prices are also steadily increasing — over the past two years, the cost of some subscriptions has increased by nearly a third. That’s why subscriptions need to be monitored carefully.

Why managing subscriptions is difficult

With subscriptions so ubiquitous, managing them becomes another basic healthy habit akin to daily exercise or meticulously tracking finances. Not everyone is up to the task. Several technical and psychological factors make it easier to let subscriptions run wild than to actively manage them.

Forgetting to unsubscribe. The very thing that attracts app and service creators to subscriptions is a drawback for customers. It’s not often that people decisively tell themselves, “I’m done with this service!” They typically just use it less and less, eventually forgetting about it for months. Meanwhile, the charges continue. According to various sources, users spend from £39 to $133 monthly on unused subscriptions.

Accumulated data. Migrating data accumulated within a service can be a major hassle. Even after deciding to unsubscribe, people continue paying to avoid losing their data. Sometimes the need for migration dawns just days before renewal, leading users to pay for another year just to buy time for data export.

Duplicate features. For example, subscribing to both Microsoft 365 and Dropbox essentially results in paying twice for cloud storage, as Microsoft 365 includes a direct alternative to Dropbox called OneDrive.

Duplicate subscriptions. Confusing interfaces or poor communication between family members can lead to multiple subscriptions for the same service. Different devices may have different accounts for the same service — each incurring separate charges.

Difficult cancellation process. Some services make unsubscribing incredibly complicated, so frustrated users keep putting it off. As a result, subscriptions can linger around for months or even years, completely unused — but paid for. That’s why the US government decided to step in to streamline cancellation, requiring companies to make it just as simple as subscribing and to make contacting a live support agent easier.

How to get your subscriptions under control

One way to organize your digital life in a subscription-driven world is to cultivate the good habit of diligently documenting your household’s subscriptions as soon as they’re activated and periodically making sure they’re still in use. Even more critical is analyzing every service before subscribing. Will you really be using it regularly? Is pay-as-you-go, or even better, a one-time purchase available? Service and app providers tend to loudly advertise subscription options on their websites while burying alternative payment options like one-time purchases. If you can’t find them, a site-specific Google search may help — just be sure you’re purchasing legitimate software from the official website and not malware from a fake site.

When it comes to “subscription accounting”, the dedicated subscription management service SubsCrab can help. It keeps track of all your subscriptions and sends advance notifications about upcoming payments and subscription expirations. The hardest (and most tedious) part of keeping track of subscriptions is recording them immediately, but SubsCrab can help with this, too. You can connect it to your mailbox, and in some countries to incoming bank statements, and it will automatically scan these sources to detect new subscriptions. This way, all your services will gradually be accounted for, including forgotten ones — and unexpected bank charges reduced. Additionally, SubsCrab lets you manually add other recurring payments, like a mortgage. For more details on the features and settings of SubsCrab, check our review.

Make sure to let your family members know about the new system, and regularly review your subscriptions to cancel those that are no longer needed. Before renewing a subscription, be sure to check the SubsCrab app — it tracks special offers and promo codes, helping you make significant savings on renewals.

* Statistics are based on anonymized data from SubsCrab users (over 150,000 users worldwide, excluding China, from January 2023 to August 2024). This may not reflect the entire market but is representative of a certain audience of users who actively track their subscriptions.

Kaspersky official blog – ​Read More

Overview 

The Ransomware Vulnerability Matrix, a vital repository on GitHub, represents a new step forward in understanding ransomware vulnerabilities. This invaluable repository catalogs known Common Vulnerabilities and Exposures (CVEs) that ransomware groups exploit, providing insights into ransomware types, vulnerable technologies, and the threat actors involved, including ransomware gangs, affiliates, and state-backed actors. 

The Ransomware Vulnerability Matrix serves as a critical resource for cybersecurity professionals tasked with prioritizing threats and assessing exposure to ransomware vulnerabilities. Each entry within the matrix details the specific ransomware gang that exploited a particular CVE, links to verification sources, and includes crucial data about the affected technologies. By compiling this information, the matrix aids teams in tracking and mitigating ransomware vulnerabilities effectively. 

By providing detailed insights into ransomware vulnerabilities, the matrix highlights the methods and tools employed by ransomware operators, offering a framework for assessing risks and enhancing defenses. 

Detailed Vulnerability Insights 

The matrix encompasses a wide array of products and corresponding CVEs exploited by various ransomware groups. Here are a few notable entries: 

Adobe ColdFusion 

CVE(s): CVE-2023-29300 & CVE-2023-38203 

Ransomware Group(s): Storm-0501 

Source(s): Microsoft 

Apache ActiveMQ 

CVE(s): CVE-2023-46604 

Ransomware Group(s): RansomHub 

Source(s): CISA 

Atlassian Confluence 

CVE(s): 

CVE-2023-22515 (RansomHub) 

CVE-2023-22518 (Cerber) 

CVE-2022-26134 (Cerber) 

These entries not only identify the vulnerabilities but also the associated threat actors, underscoring the complex landscape of ransomware attacks. For instance, the notorious group LockBit has leveraged vulnerabilities in Apache’s Log4j, specifically CVE-2021-44228, to facilitate their attacks. 

Implications of Ransomware Vulnerabilities 

Ransomware vulnerabilities pose significant risks to organizations, as they can lead to data breaches, operational disruptions, and financial losses. Ransomware gangs exploit these vulnerabilities to infiltrate systems, encrypt critical data, and demand ransoms for decryption keys. Understanding the specific CVEs associated with ransomware attacks allows organizations to implement effective cybersecurity measures. 

State-backed actors also play a crucial role in the ransomware ecosystem. Their involvement complicates the threat landscape, as they often have access to advanced tools and techniques that can bypass traditional defenses. The Ransomware Vulnerability Matrix provides insights into these state-backed threats, helping organizations recognize and prepare for potential attacks. 

Recommendations and Mitigations 

To leverage the insights from the Ransomware Vulnerability Matrix effectively, organizations should consider the following recommendations: 

Continuously update the matrix with data from CVE databases to ensure it reflects the latest vulnerabilities and trends. 

Implement a system to categorize the severity of each CVE, allowing teams to prioritize patching efforts based on risk. 

Include information on when specific CVEs began to be exploited by ransomware groups, providing context for emerging threats. 

Offer specific mitigation recommendations for each CVE, enabling organizations to implement targeted defenses. 

Develop a notification system for newly discovered vulnerabilities to keep organizations ahead of potential threats. 

Link vulnerabilities to tactics and techniques outlined in the MITRE ATT&CK framework for better threat modeling. 

Conclusion 

The Ransomware Vulnerability Matrix is an organized and insightful resource that empowers cybersecurity professionals in their fight against ransomware attacks. By detailing known vulnerabilities and associating them with specific ransomware types and threat groups, the matrix enhances the ability to assess risks and prioritize defenses.  

By utilizing the Ransomware Vulnerability Matrix, organizations can not only upgrade their defenses but also contribute to the broader fight against the cyber threats posed by ransomware gangs. This proactive approach is essential for protecting networks and ensuring the integrity of vital systems. 

The post Ransomware Vulnerability Matrix: A Comprehensive Resource for Cybersecurity Analysts  appeared first on Cyble.

Blog – Cyble – ​Read More

Overview

The Indian Computer Emergency Response Team (CERT-In) has issued two critical vulnerability advisories related to Philips Smart Lighting products and the Matrix Door Controller. Both vulnerabilities are classified as high severity, signaling significant risks for users that cannot be ignored. If left unaddressed, these vulnerabilities could lead to serious repercussions, including unauthorized access to sensitive information and potential data breaches.

The implications of these vulnerabilities extend beyond mere inconvenience; they threaten the security and integrity of users’ home networks and connected devices. Affected users must take immediate action to protect their systems and ensure they are not exposed to potential exploitation.

By staying informed and implementing the recommended security measures stated in these vulnerability advisories, users can help mitigate these risks and protect their personal information from malicious actors.

Breakdown of Vulnerability Advisories

The first vulnerability advisory, labeled CIVN-2024-0329, addresses a vulnerability that impacts various Philips smart lighting devices. Specifically, the affected products include the Philips Smart Wi-Fi LED Batten 24-Watt, the Philips Smart Wi-Fi LED T Beamer 20-Watt, and the Philips Smart Bulb models (9, 10, and 12-Watt), as well as the Philips Smart T-Bulb models (10 and 12-Watt).  

All of these devices are at risk if they are operating on firmware versions prior to 1.33.1. The vulnerability arises from the storage of sensitive information, specifically Wi-Fi credentials, in cleartext within the firmware of these devices. This flaw allows an attacker with physical access to the device to extract the firmware and analyze the binary data, ultimately revealing the plaintext Wi-Fi credentials.  

Once obtained, these credentials could enable unauthorized access to the Wi-Fi network, jeopardizing the security of other connected devices and private information. Shravan Singh, Amey Chavekar, Vishal Giri, and Dr. Faruk Kazi, a team of researchers from the CoE-CNDS Lab at VJTI Mumbai, India, reported this vulnerability. 

To mitigate this vulnerability, CERT-In strongly advises users to upgrade their Philips Smart Wi-Fi LED Batten, LED T Beamer, Smart Bulb, and Smart T-Bulb to firmware version 1.33.1 or later. This update will secure the devices against potential exploitation.

The second advisory, CIVN-2024-0328, addresses an authentication bypass vulnerability in the Matrix Door Controller Cosec Vega FAXQ. This vulnerability affects all firmware versions prior to V2R17.

The flaw in the Matrix Door Controller is attributed to improper implementation of session management within its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the device, potentially gaining unauthorized access and complete control over it.

If exploited, this vulnerability could compromise the confidentiality, integrity, and availability of the system. While there is currently no evidence of public proof-of-concept exploitation, the potential risks remain significant, warranting immediate attention from users.

Recommendations and Mitigation Strategies

To protect against these two vulnerabilities, users are urged to follow these mitigations and mitigation strategies, as reported by the vulnerability advisories.

Ensure that better authentication mechanisms are in place for the web-based management interface.

Limit access to the Matrix Door Controller devices through effective network segmentation.

Regularly monitor and log all access attempts to these devices to detect any unauthorized activity.

Apply any security updates or patches provided by the vendor as soon as they are available.

Consider deploying a web application firewall (WAF) to protect against malicious HTTP requests.

Conclusion

The vulnerability advisories issued by CERT-In related to the technical flaws in Philips Smart Lighting products and the Matrix Door Controller highlight the sophistication of cyber threats and the importance of maintaining updated firmware. As smart devices become increasingly integrated into everyday life, ensuring their security is important.

Users of the affected Philips lighting devices are strongly encouraged to upgrade to firmware version 1.33.1, while Matrix Door Controller users should promptly move to firmware version V2R17. Adopting these updates and implementing the recommended security measures will help mitigate the risks associated with these vulnerabilities and enhance overall cybersecurity resilience.

The post New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller appeared first on Cyble.

Blog – Cyble – ​Read More

Identifying new cyber threats is no simple task. They’re always evolving, adapting, and finding new ways to slip through the defenses.  

But no stress—ANY.RUN has you covered! 

Our team of researchers are always on the lookout, analyzing the latest attacks to keep you informed.  

In this article, we’re sharing some of the most recent threats our team has uncovered over the past month. Let’s dive in and see what’s out there! 

APT-C-36, aka BlindEagle, Campaign in LATAM 

Original post on X

APT-C-36, better known as BlindEagle, is a group that has been actively targeting the LATAM region for years. Their primary goal? To gain remote control of victims’ devices through continuous phishing attacks, installing Remote Access Tools (RATs) like Remcos and AsyncRAT for financial gain. 

Attack details 

We discovered that in recent cases attackers invite victims to an online court hearing via email. This official-sounding invitation creates a sense of urgency, pushing the target to download the malicious payload. 

You can view analysis of this attack inside ANY.RUN’s sandbox.

To deliver their malware, BlindEagle often relies on well-known online services, such as:  

Discord

Google Drive

Bitbucket  

Pastee  

YDRAY

This tactic helps them bypass certain security filters since these services are typically trusted by users. 

The malicious payload is stored in the archive, which is usually protected by a password that can be found in the initial email.

Thanks to ANY.RUN’s interactivity, you can manually enter the password right inside the sandbox.

As mentioned, BlindEagle use Remcos and AsyncRAT as their primary tools for remote access. The current attack involved Remcos distribution.

In the current analysis session, we observed a Remcos RAT connection attempting communication with a Command and Control (C2) server.  

This activity involves establishing TLS connection to an external server, which was immediately flagged by a Suricata IDS rule in the ANY.RUN sandbox. 

Threat Intelligence on APT-C-36 attacks 

To collect intel on other attacks belonging to BlindEagle’s campaigns, you can use ANY.RUN’s Threat Intelligence Lookup: 

Specify the country from where the phishing sample originated: 
submissionCountry:”Co” 

Filter for sessions that involve an email client, like Outlook: 
commandLine:”OUTLOOK.EXE” 

Since the payload is often stored in an archive, filter for an archiving tool, such as WinRAR: 
commandLine:”WinRAR” 

Look for sessions flagged as suspicious or malicious: 
threatLevel:”malicious” 

To find active RATs like Remcos, add a condition for Remote Access Tools: 
threatName:”rat” 

Here is the final query:

The search takes just a few seconds and reveals a wealth of information.

TI Lookup offers a list of samples matching the query each with their corresponding sandbox analysis. You can navigate to any sandbox session of your interest to explore these threats further.

Fake CAPTCHA Exploitation to Deliver Lumma 

Original post on X

Another phishing campaign discovered by ANY.RUN’s team exploited fake CAPTCHA prompts to execute malicious code, delivering Lumma malware onto victims’ systems. 

Attack details

In this phishing attack, victims were lured to a compromised website and asked to complete a CAPTCHA. They either needed to verify their human identity or fix non-existent display errors on the page. 

Once the user clicked the fake CAPTCHA button, the attackers prompted them to copy and run a malicious PowerShell script through the Windows “Run” function (WIN+R).

The instruction deceived users into executing harmful code, leading to system infection with Lumma malware for further exploitation.

More samples of the campaign

For further investigation into attacks leveraging fake CAPTCHA prompts, you can use ANY.RUN’s TI Lookup to locate additional samples and associated data.

As part of your search query, you can use a domain involved in the attack:

This query reveals multiple related domains, IP addresses, and sandbox sessions tied to the attacks outlined above.

Abuse of Encoded JavaScript

Original post on X

We also identified a growing use of encoded JavaScript files for hidden script execution.

Microsoft originally developed Script Encoder as a way for developers to obfuscate JavaScript and VBScript, making the code unreadable while remaining functional through interpreters like wscript.

Intended as a protective measure, Script Encoder has also become a resource for attackers. By encoding harmful JavaScript in .jse files, cybercriminals can embed malware in scripts that look legitimate, tricking users into running the malicious code. 

This type of obfuscation not only conceals the code but also complicates detection, as security tools struggle to identify the harmful intent within encrypted data. 

Encoded .jse files are commonly delivered through phishing emails or drive-by-downloads.  

See analysis of a .jse file disguised as a calculator software in the ANY.RUN sandbox.

Using the built-in Script Tracer feature, you can view entire script execution process to avoid manual decryption.

Conclusion

Our analysts are constantly on the lookout for emerging phishing and malware attacks, as well as new malicious techniques used by cyber criminals. To stay updated on the latest research of ANY.RUN’s team, make sure to follow us on X, LinkedIn, YouTube, Facebook, and other social media.

About ANY.RUN  

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.  

With ANY.RUN you can: 

Detect malware in seconds

Interact with samples in real time

Save time and money on sandbox setup and maintenance 

Record and study all aspects of malware behavior

Collaborate with your team 

Scale as you need

Request free trial → 

The post Recent Cyber Attacks Discovered by ANY.RUN: October 2024 appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More