A ransomware attack targets Windows system administrators by using Google advertisements to promote fraudulent download sites for Putty and WinSCP. WinSCP and Putty are popular Windows applications; WinSCP is an SFTP and FTP client, while Putty is an SSH client.
System administrators typically have more rights on a Windows network, making them prime targets for threat actors looking to quickly propagate over a network, steal data, and get access to a network’s domain controller to deliver ransomware.
According to a recent Rapid7 report, a search engine campaign featured adverts for fake Putty and WinSCP websites when users searched for download winscp or download putty. It’s unclear whether this promotion took place on Google or Bing.
These advertisements employed typosquatting domain names such as puutty.org, puutty[.]org, wnscp[.]net, and vvinscp[.]net. While these sites impersonated the official WinSCP site (winscp.net), the threat actors impersonated an unaffiliated PuTTY site (putty.org), which many people assume is the real one. PuTTY’s official website is at https://www.chiark.greenend.org.uk/~sgtatham/putty/. […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: