Security researchers have sounded the alarm over a new criminal gang called Magnet Goblin that’s targeting millions of Windows and Linux users worldwide. The location of the hackers is currently unknown, cybersecurity experts from Check Point have admitted.
Magnet Goblin is "methodically leveraging” so-called 1-day vulnerabilities — these are software flaws for which a patch was only recently released. If someone is slow to update to the latest version of the operating system, their devices will be vulnerable to these attacks. It comes as Microsoft confirmed end of support for the penultimate version of Windows 10, pushing users to consider an upgrade to Windows 11.
With cybercriminals in the Magnet Goblin gang scaling up their operation, the next time you see a pop-up appear in Windows or Linux reminding you about a new software update — do not dismiss the notification as you could be leaving your data open to hackers.
In order to abuse these software flaws as soon as they’ve become public (but before the majority of users have updated to the latest patch) the team at Magnet Goblin moves incredibly quickly.
Check Point researchers have shared a diagram to illustrate how previous Magnet Goblins campaigns have worked
CHECK POINT RESEARCH
Check Point researchers claim an unknown number of members in Magnet Goblin are distributing several known strains of malware, including NerbianRAT, MiniNerbian, and WARPWIRE. These are Remote Access Trojans, or RATs, that allow hackers to take control of your machine from anywhere.
Once the malware is installed and working, hackers will be able to delete files, encrypt your personal data to hold it ransom, or execute code remotely.
Magnet Goblin is not associated with a nation-state, with Check Point researchers not finding any evidence of state-sponsored resources being poured into the hacking organisation. Instead, the group seems to befinancially motivated.
It has already targeted healthcare providers in the United States. Manufacturing and energy organisations were also in the crosshairs, Check Point researchers claim.
The strategy employed by the team at Magnet Globin "signifies a profound threat to digital infrastructures worldwide," experts at Check Point noted in a blog post about their findings.
"We think it is an opportunistic cybercrime group that we currently can't affiliate to a specific geographical location or a known group," Sergey Shykevich, who works as Check Point Threat Intelligence Manager, told The Register. "This group was able to utilize the Ivanti exploit extremely quickly, just one day after a POC for it was published."
The best way to shield yourself or your company’s devices from hacking groups like Magnet Globin is to ensure that you’re always running the most up-to-date version of an operating system. Granted, most companies have an uncanny knack for delivering software updates at the most inconvenient times ...but dismissing these updates can have dire consequences.
LATEST DEVELOPMENTS
Microsoft and Linux both enable automatic updates — handy for those unlikely to remember to update their machines after dismissing an initial notification. After a certain amount of time has passed, Microsoft will automatically update Windows 11- and Windows 10-powered PCs to the latest version of the operating system without asking permission.
