Tag Archive for: appears

Royal Mail’s ‘cyber incident’ appears to be a ransomware attack

/in


British postal service Royal Mail’s ongoing cybersecurity incident is the result of an attack carried out using ransomware tools from Russia-linked hacking group LockBit, The Telegraph reports. Royal Mail disclosed the incident on Wednesday, saying that it’s unable to send packages internationally.

A ransomware note circulating on Twitter that was apparently sent to Royal Mail says that its data is “stolen and encrypted,” and threatens to publish it online if a ransom isn’t paid. The note namechecks “LockBit Black Ransomware,” which is thought to be LockBit’s latest encryptor. 

BleepingComputer reports that the ransom note contains links to the LockBit’s data leak and negotiation Tor sites. But when contacted for comment by the publication, a spokesperson for the hacking group said that it was not behind the attack, and said someone else might be using its tools after they leaked last September. If this were the case, BleepingComputer notes, then Royal Mail would have no way of communicating with the attacker since the note links to LockBit’s sites.

A service update posted on Royal Mail’s website dated January 13th says it still can’t send packages internationally. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident,” it reads. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue.”

The Telegraph reports that the ransomware has infected critical Royal Mail machines used to print customs labels for international shipments. The postal service, which was publicly owned prior to its privatization in 2013, is considered “critical national infrastructure,” according to BBC News.

“Our teams are working around the clock to resolve this disruption and we will update you as soon as we have more information,” Royal Mail’s notice continues. Its investigation is being assisted by GCHQ’s National Cyber Security Centre and the National Crime Agency. Royal Mail did not immediately respond to The Verge’s request for comment.

Source…

Luca Stealer malware spreads after code appears on GitHub • The Register

/in


A new info-stealer malware is spreading rapidly in the wild as the developer behind it continues to add capabilities and recently released the source code on GitHub.

In addition, the Windows software nasty – dubbed Luca Stealer by the folks at Cyble who detected it – is the latest to be built using the Rust programming language.

The researchers wrote in a report that Luca Stealer already has been updated three times, with the developer adding multiple functions, and that they have seen more than 25 samples of the source code in the wild since it was shared via GitHub on July 3, which may lead to wider adoption by the cybercriminal community.

“The developer of the stealer appears to be new on the cybercrime forum and likely leaked the source code of the stealer to build a reputation for themselves,” the researchers wrote. “The developer has also provided the steps to modify the stealer and compile the source code for ease of use.”

They noted that Rust is becoming a go-to programming language for malware developers because of its versatility, cross-platform nature, and that the generated code can seem alien to some reverse engineers and their tools, hindering analysis. The prolific Hive ransomware crew this year migrated its source code from Go to Rust, which analysts with Microsoft’s Threat Intelligence Center earlier this month said made the exortionware more stable and more difficult to reverse engineer.

Other threat groups also are adopting Rust, including the BlackCat ransomware-as-a-service gang. In addition, Kaspersky security researchers this month wrote about a new ransomware family – Luna – that is written in Rust. We’re not too surprised by this: Rust is seen as an up and coming general-purpose language that programmers are using for all kinds of projects, legit and malicious.

“Rust is to C as Go is to Java,” Casey…

Source…

Microsoft appears to reverse VBA macro-blocking

/in


Microsoft appears to have quietly, and without fanfare, reversed a February 2022 policy to block Visual Basic for Applications (VBA) macros by default across five of the most used Office applications, citing negative user feedback.

The new policy was initially introduced on the basis that by making it impossible for users to enable macros by clicking a button by throwing extra click-throughs and reminders in their path, it would make it harder for threat actors to trick them into opening malicious attachments containing malware payloads. The change was made at least in part because of the ongoing prevalence of remote working.

However, as first reported by Bleeping Computer, Redmond now appears to have put the brakes on the policy and begun a rollback – which may yet prove temporary.

The rollback was first spotted by Microsoft users puzzled as to why the old security warning had reappeared on documents containing VBA macros, as opposed to the new block notice that they were becoming used to.

UK-based user Vince Hardwick was first to query the change on Microsoft’s Tech Community forums after running into difficulties attempting to demonstrate the new policy for a YouTube video he was making.

Responding to Hardwick’s query on the forums, Angela Robertson, Microsoft 365 Office Product Group principal GPM for identity and security, said: “Based on feedback received, a rollback has started. An update about the rollback is in progress. I apologise for any inconvenience of the rollback starting before the update about the change was made available.”

Other users, including Hardwick, voiced frustration that Microsoft had failed to communicate the rollback to them.

The nature of the feedback that Robertson referred to is unclear, but if the decision to rollback is indeed based on user feedback, it is unlikely to be the feedback of the security community, which had generally welcomed the move in the hope that it would improve organisational security by cutting off an easy way for cyber criminals to establish initial access into their targets, ie by emailing them malicious documents or spreadsheets.

Security experts have already responded, describing Microsoft’s move as…

Source…

Hacking collective ‘Anonymous’ appears to declare war on Putin

/in


Anonymous, an international hacking collective that has conducted cyberattacks against governments and corporations, appeared to declare war against Putin and Russia due to its invasion of Ukraine. 

The “YourAnonNews” Twitter account, which boasts 6.5 million followers, made the declaration on Thursday, saying that the hacking group is “currently involved in operations against the Russian Federation.”

“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals,” the decentralized hacking collective said.

“We, as a collective want only peace in the world. We want a future for all of humanity. So, while people around the globe smash your internet providers to bits, understand that it’s entirely directed at the actions of the Russian government and Putin.”

RT.com, a Russian government-funded media outlet that the U.S. State Department describes as a critical element in “Russia’s disinformation and propaganda ecosystem,” said that it was targeted in what appears to be a widespread denial-of-service (DDoS) attack. 

A DDoS attack is a coordinated effort to knock a website offline by flooding it with traffic. 

Websites for the Kremlin and State Duma lower house of parliament were also intermittently unavailable on Thursday, which could have been caused by DDoS attacks. 

Ukraine Defense Ministry officials requested assistance from the country’s hacker underground on Thursday morning to beef up their cybersecurity defenses, Reuters reports. 

Yegor Aushev, the co-founder of a cybersecurity company in Kyiv, told the news outlet that offensive volunteers will conduct digital espionage against Russian forces, while defensive volunteers will help protect the country’s infrastructure. 

Several Ukrainian government websites were hit by DDoS attacks on Thursday as Russian troops inched closer to Kyiv. 

The U.S. government is bracing for potential cyberattacks on the nation’s financial institutions, a homeland security official told FOX Business last week. 

FOX NEWS

Source…