Tag Archive for: experts

Ransomware: To Pay or Not to Pay — What the Experts Say

/in


Your first reaction is you hope this is someone’s idea of a sick joke, but it doesn’t take your security team long to confirm the dreaded truth. Your organization, end-customer or channel partner has been hit with a ransomware attack.

The day you wished would never come is now a stark reality and the potential cost to your business or customer is staggering, reputation notwithstanding.

If you’re an MSSP, MSP or any type of cybersecurity company, you most likely have an incident response plan in place for you and for your customers.

But is that plan a good one? Is it a sound strategy and a viable plan of action to respond to the incident. Has it prepared you to make the correct decision about whether or not to pay the ransom?

Obviously, it’s not a black-and-white question. The answer is dependent on a variety of factors both internal and external.

Should You Pay the Ransom?

MSSP Alert was pondering the very same questions that our readers surely have about paying ransom. So we asked our security expert community about the right approach to take in the case of a ransomware attack.

MSSP Alert examined two scenarios: What to do if your end customer is hit with a ransomware attack; and what actions to take if it’s your MSSP or MSP that faces a demand for ransom.

Ransomware Attacks Spike in 2023

First here’s some background about the scope of the problem. No surprise, but ransomware attacks surged during 2023. In fact, a Corvus Insurance Q3 2023 report found a 95% increase year-over-year on ransomware leak sites, with many attacks increasing against law firms and municipalities. The number of ransomware victims in 2023 surpassed what was observed for 2021 and 2022, Corvus found.

Sophos’ State of Ransomware 2023 report revealed that in three out of four cyberattacks cybercriminals succeeded in encrypting victims’ data. On average, those cyber victims paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organizations that used backups to recover their data, according to Sophos, an MSSP Alert Top 40 MDR company. Moreover, those companies that resorted to paying the ransom usually experienced longer recovery times. Of companies that were able to use…

Source…

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

/in


Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Pierluigi Paganini
January 06, 2024

Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family.

Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444).

KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.” reads the report published by Elastic.

SpectralBlur is not a sophisticated malware, it supports ordinary backdoor capabilities, including uploading/downloading files, running a shell, updating its configuration, deleting files, hibernating or sleeping, based on commands issued from the C2.

“TA444 keeps running fast and furious with these new MacOS malware families. Looking for similar strings lead us to link SpectralBlur and KandyKorn (which were further linked to TA444 after more samples turned up, and eventually, a phishing campaign hit our visibility that pulled down KandyKorn).” concludes Lesnewich. “So knowing your Macho stuff will help track emerging DPRK capability if that is your interest!”

The latest discovery confirms the great interest of North Korea-linked threat actors in developing macOS malware to employ in targeted attacks.

In November 2023, researchers from Jamf Threat Labs discovered a new macOS malware strain dubbed ObjCShellz and attributed it to North Korea-linked APT BlueNoroff.

The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff APT group.

In July 2023, researchers from the Elastic Security Labs spotted a new variant of the RustBucket Apple macOS malware. In April, the security firm Jamf observed the North Korea-linked BlueNoroff APT group using a…

Source…

Planes dropping out of the sky. Your mobile rendered useless, just like your car. As a Netflix film portrays a nightmare that security experts insist is a very real prospect… How will YOU survive on the day an enemy state switches off the internet?

/in




An oil tanker ploughs into a tourist beach. Planes fall from the sky. Driverless cars run amok. The internet fails and the mobile network dies. Feral instincts take over as people fight for food, water and medicine amid the ruins of civilisation.

That is the nightmare vision depicted in Leave The World Behind, Netflix‘s recent hit film starring Julia Roberts and Ethan Hawke as a couple battling societal breakdown when the technology that underpins civilisation collapses.

It’s fictional, but it touches on deep-seated, real-life fears.

The film is produced by Michelle and Barack Obama‘s company, Higher Ground. The ex-president was closely involved in shaping the plot, which dramatises many of the cyber-security issues on which he was briefed during his eight years in the White House.

For our 21st-century lives are almost entirely dependent on complex technologies that many do not understand — and that can so easily be exploited by our enemies.

Maintaining a car, for example, was previously a job for any competent motorist and their local mechanic. Now our vehicles are computers on wheels, their inner workings a mystery.

A scene from Leave The World Behind. The film is produced by Michelle and Barack Obama’s company, Higher Ground
A nightmare vision of the future is depicted in Leave The World Behind, Netflix’s recent hit film starring Julia Roberts and Ethan Hawke as a couple battling societal breakdown when the technology that underpins civilisation collapses

We used to navigate with paper maps and landmarks. But with his car’s satnav out of action, Ethan Hawke’s character Clay Sandford is unable even to find his way to the nearby town.

Our telephone system used to run on sturdy copper wires, with handsets you could fix with a screwdriver. Now it is a branch of cyberspace.

So, too, is finance. Remember when a credit card’s embossed number left an imprint on a paper slip? Not any more. Our payment system depends wholly on electronic encryption.

What use is cash in the modern world? In the film, with the internet gone, it becomes a prized asset.

If the technologies we rely on break down, many of us will be as helpless as Hawke’s Clay Sandford. ‘I am a useless man,’…

Source…

Browser Mistakes Tech Experts Say You Should Stop Making To Protect Your Device From Hackers And Viruses

/in


You may spend more time thinking about your apps these days — which apps are more likely to sell your data, which apps are killing your battery power, etc. But your browsers like Safari and Google Chrome may continue to fly under the radar a bit more. If you’re like most of us, you may take advantage of your browsers and assume they’re just there and that they require zero maintenance or thought. But this isn’t the entire truth. 

What you aren’t doing to your browser could be contributing to putting you at greater risk for hackers and viruses. Tech experts say these are the top browser mistakes you should stop making. 

Not Updating Your Browser

Browsers are similar to apps in that both need to be updated whenever updates become available. Your browser may show signs of little issues, like bugs, that can make it more vulnerable to hackers and viruses. App developers will release updates when they discovered problems with the apps, and downloading these updates can ensure your app is safer and more secure. If a browser update becomes available, make sure you download it ASAP.

Saving Passwords In Your Browser

 

At first, it seems like an extreme convenience. Your browser offers to save your passwords, and what could go wrong? At worst, this will allow you to not have to keep track of yet another complex password. But think of this from the perspective of a hacker who gains entry into your phone or computer — you’ve handed them your most important passwords on a silver platter when you save them in your browser. Even if a website asks to save your password in your browser, don’t give into the temptation.

Never Clearing Your Cookies and Cache

 

Your browser can get loaded down fast with information from websites that it stores in its cookies and cache. Although this isn’t an immediate security problem or one that leaves you more vulnerable to hackers, not clearing your cache can result in glitches when you visit certain sites and it can slow your device down. Resolve this by clearing your cache in Safari by going to Safari > Preferences > Advanced tab > Preferences > Empty Cache. On Chrome, go to More > Clear Browsing Data.

 

Keep these three browser mistakes in mind when…

Source…