Tag Archive for: Agenda

Agenda ransomware threatens to resurface

/in


Stephen Osler, co-founder and business development director, Nclose.

Stephen Osler, co-founder and business development director, Nclose.

The Agenda ransomware, which quickly gained notoriety for being able to trigger customised ransomware attacks at intended targets, is on the radar again. Cyber security experts warn of the threat to South African sectors, particularly healthcare and education.

Agenda was created in the Go open source programming language (Golang) developed by Google. It was first detected in late 2022 in Indonesia, Thailand, Saudi Arabia, and South Africa, but seemed to have become dormant – until now.

According to market research by Trend Micro there have been a few incidents at the beginning of 2023, serious enough for cyber security experts to issue another warning that organisations cannot afford to let their guard down.

This is mainly because of the ransomware’s sophisticated capabilities. They enable Agenda to bypass antivirus processes, change passwords, encrypt data, and gain unauthorised access to systems using new credentials. If undetected and not contained, it has the potential to bring down networks, says Trend Micro.

Stephen Osler, co-founder and business development director at cyber security specialist Nclose, says as is the case with most ransomware tools, Agenda takes advantage of poor security practices, weak passwords, and inadequate system patching.

It also has built-in tools and algorithms that enable it to encrypt files using a string of random characters as a file extension. This file contains a ransom note detailing threats or leaks of sensitive information if the ransom isn’t paid. It also includes warnings of additional consequences if attempts are made to decrypt the files.

“So, the severity is high, and threat is high from the start,” says Osler.

South Africa a prime target

South Africa has consistently been the primary target for ransomware and business e-mail compromise among African countries, Nclose notes.

The company refers to the latest State of Ransomware report by Sophos, which states that 78% of the South African companies surveyed reported being subjected to a ransomware attack in the past year. This represents a notable increase from the 51% reported in the…

Source…

New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim

/in


Agenda Ransomware

A new ransomware strain written in Golang dubbed “Agenda” has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand.

“Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run,” Trend Micro researchers said in an analysis last week.

Qilin, the threat actor advertising the ransomware on the dark web, is said to provide affiliates with options to tailor the binary payloads for each victim, enabling the operators to decide the ransom note, encryption extension, as well as the list of processes and services to terminate before commencing the encryption process.

CyberSecurity

Additionally, the ransomware incorporates techniques for detection evasion by taking advantage of the ‘safe mode’ feature of a device to proceed with its file encryption routine unnoticed, but not before changing the default user’s password and enabling automatic login.

Upon successful encryption, Agenda renames the files with the configured extension, drops the ransom note in each encrypted directory, and reboots the machine in normal mode. The ransomware amount requested varies from company to company, ranging anywhere from $50,000 to $800,000.

Agenda Ransomware

Agenda, besides leveraging local account credentials to execute the ransomware binary, also comes with capabilities to infect an entire network and its shared drivers.

In one of the observed attack chains involving the ransomware, a public-facing Citrix server served as an entry point to ultimately deploy the ransomware in less than two days.

Trend Micro said it observed source code similarities between Agenda and the Black Basta, Black Matter, and REvil (aka Sodinokibi) ransomware families.

CyberSecurity

Black Basta, which first emerged in April 2022, is known to employ the double extortion technique of encrypting files on the systems of targeted organizations and demanding ransom to make decryption possible, while also threatening to post the stolen sensitive information should a victim choose not to pay the ransom.

Agenda Ransomware

As of last week, the Black Basta group has compromised over 75 organizations, according to Palo Alto Networks Unit 42, up from 50 in…

Source…

Biden Looks to Intel’s U.S. Investment to Buoy His China Agenda

/in


WASHINGTON — In celebrating a $20 billion investment by Intel in a new semiconductor plant in Ohio, President Biden sought on Friday to jump-start a stalled element of his economic and national security agenda: a huge federal investment in manufacturing, research and development in technologies that China is also seeking to dominate.

With two other major legislative priorities sitting moribund in Congress — the Build Back Better Act and legislation to protect voting rights — Mr. Biden moved to press for another bill, and one that has significant bipartisan support.

But he has lost seven critical months since the Senate passed the measure, a sprawling China competition bill that would devote nearly a quarter of a trillion dollars to domestic chip manufacturing, artificial intelligence research, robotics, quantum computing and a range of other technologies. The bill amounts to the most expansive industrial policy legislation in U.S. history.

Speaking at the White House, Mr. Biden said that America was in a “stiff economic and technological competition” with China. He chose the words deliberately, knowing that while it sounds obvious to American ears, Chinese officials in recent months have protested the use of the word “competition,” declaring that it has echoes of a Cold War-like contest.

“We’re going to insist everyone, including China, play by the same rules,” Mr. Biden continued. “We’re going to invest whatever it takes in America, in American innovation, in American communities, in American workers.”

He argued that the initiative would be a long-term solution to supply chain disruptions and rising inflation and would free American weapons systems from depending on foreign parts.

After months in which he rarely mentioned the China competition bill so that he did not lose focus on other elements of his agenda, Mr. Biden said on Friday that its passage was needed “for the sake of our economic competitiveness and our national security.”

“Today, we barely produce 10 percent of the computer chips despite being the leader in chip design and research,” he said. “We don’t have the ability to make the most advanced chips…

Source…

Cybersecurity back on boardroom agenda

/in


“[They] accept that the likelihood of an attack happening will remain high despite the investment in preventative controls and that the most effective way to treat that residual risk is to reduce the impact by improving the organisation’s ability to recover,” he says.

Undertaking a “bare-metal” rebuild without being able to count on lights, phones or computer networks is not for the faint-hearted.

“It is somewhat of a lost art, given how resilient to faults technology systems have become over the past few decades,” Sayer says.

While risk mitigation is behind a lot of this activity, regulation is also motivating it.

In response to a surge in ransomware attacks, the government fast-tracked through Parliament regulatory amendments allowing it to assume control of critical infrastructure if a cyberattack threatens national security.

It is also introducing security obligations to new sectors – including banking and finance, communications, data storage and processing, defence, education and research, food and grocery, health, space, and transport. Dell is one of those companies captured by the expanded scope.

In the landscape beyond critical infrastructure entities, the government is debating whether existing provisions in corporations, consumer and privacy law are sufficient to deal with cyber threats.

Industry is lobbying for more guidance over a prescriptive approach.

“The pathway forward is not to impose new regulation or change existing legislation around consumer law and corporations law to specifically include cybersecurity,” Andy Penn, Telstra chief executive and chair of the federal government’s Cybersecurity Industry Advisory Committee, says.

“But developing voluntary standards of best practice will be helpful and inform whether directors’ duties have been properly discharged,” he says.

Even if it successfully side-steps prescriptive new rules, big business will not be afforded a leisurely adoption period. The threat is simply too great.

“We’re seeing directors becoming more aware of cybersecurity risks and more concerned about their liability if their respective organisations aren’t doing what’s considered a ‘reasonable’ job of protecting…

Source…