Tag Archive for: gains

STOP ransomware, more common than LockBit, gains stealthier variant

/in


StopCrypt, the most common ransomware family of 2023, has a new variant leveraging more advanced evasion tactics.

StopCrypt, also known as STOP/DJVU, surpassed the LockBit ransomware family in detections in 2023, according to Trend Micro’s 2023 Annual Cybersecurity Report published last week. STOP typically targets smaller targets with an average ransom payment size of $619 in the first half of 2023, according to a mid-year report by Chainalysis.

SonicWall reported Tuesday that a new StopCrypt variant employes several evasion tactics in a multi-stage shellcode deployment process, including a long delay loop, dynamic API resolution and process hollowing, or the replacement of code in a legitimate executable to malicious code.

‘Msjd’ StopCrypt ransomware attempts to dodge anti-virus protection

The StopCrypt variant studied by SonicWall’s Capture Labs begins its stealth mission by copying the same data to a location more than 65 million times in a delay loop likely intended to dodge time-sensitive anti-virus mechanisms such as sandboxing.

It then employs multiple stages of dynamic API resolution — calling APIs at runtime rather than linking them directly. This prevents anti-virus detection of artifacts created by direct API calls from static links in the malware code.  

After taking a snapshot of the current processes using CreateToolHelp32Snapshot, extracting information using Module32First, and calling VirtualAlloc to allocate memory with read, write and execute permissions, the malware enters a second stage in which it dynamically calls additional APIs to perform process hollowing.

Ntdll_NtWriteVirtualMemory is used to write malicious code into a suspended process created with kernel32_CreateProcessA.

When the suspended process is resumed, the final ransomware payload launches icacls.exe to modify access control lists to prevent the ability to modify or delete a new directory and files created by StopCrypt. The ransomware encrypts the user’s files and adds the extension “.msjd.”

The ransomware note found in the variant studied by SonicWall includes a demand for $980, with a “discount” offer of $490 if the victim contacts the threat actor within 72 hours.

The STOP variant…

Source…

Apple’s iMessage gains industry-leading quantum security

/in


Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.

Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple’s messaging system being more secure against both current and future foes.

What is the protection?

Announced on Apple’s Security Research blog, the new iMessage protection is called PQ3 and promises the “strongest security properties of any at-scale messaging protocol in the world.”

The rationale behind this protection is “What if?

In this case, Apple’s security teams asked themselves what might happen if hackers, criminals, or state-backed rogue surveillance firms gathered vast quantities of encrypted iMessage data today in order to break that encryption using quantum computers tomorrow.

Apple calls this a Harvest Now, Decrypt Later attack. The new security protocol is designed to help protect against this.

How likely are such attacks?

These attacks are less likely today than they might become. It is widely accepted that quantum computers will be capable of cracking the classical public key cryptography  such as RSA, Elliptic Curve signatures, and Diffie-Hellman key exchange in use today.

Apple explains:

“All these algorithms are based on difficult mathematical problems that have long been considered too computationally intensive for computers to solve, even when accounting for Moore’s law. However, the rise of quantum computing threatens to change the equation. A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications.”

In truth, quantum computers are expensive, which means their use is largely limited to only the world’s most powerful entities. But as more are made and costs decline, they will proliferate — and if Apple is considering the potential threat, then threat actors of various stripes will also be exploring the possibility.

The security industry is getting ready

Apple isn’t alone. The cryptographic…

Source…

Novel HijackLoader malware loader gains traction, updated RisePro infostealer emerges – SC Media

/in



Novel HijackLoader malware loader gains traction, updated RisePro infostealer emerges  SC Media

Source…

Social Engineering Gains Lead to Spiraling Breach Costs

/in


A full three-quarters of data breaches in the last year (74%) involved the human element, mainly caused by employees either falling for social engineering attacks or making errors, with some misusing their access maliciously.

Social engineering incidents have almost doubled since last year to account for 17% of all breaches, according to Verizon’s 2023 Data Breach Investigations Report (DBIR) released June 6 (which analyzed more than 16,312 security incidents, of which 5,199 were confirmed data breaches). The report noted that this preponderance of human fallacy within incidents comes along with findings that the median cost of a ransomware attack has doubled since last year, reaching into the million-dollar range. The evidence taken together points to a gaping need for organizations to get in control of the security basics — or else face a spiraling cycle of inflation when it comes to data breach costs.

Chris Novak, managing director of cybersecurity consulting at Verizon Business, noted that in order to rein in the trend, organizations need to focus on three things: employee security hygiene, implementing true multifactor authentication, and collaboration across organizations on threat intelligence. The first is perhaps the most impactful issue, he said.

“The fundamentals need to improve, and organizations need to be focusing on cyber hygiene,” he said, during a press event in Washington DC. “It’s probably the least sexy recommendation I can give you, but it is one of the most fundamentally important things that we see organizations still missing, and of all shapes and sizes. And it’s usually because they want to focus on the new flashy technology in the industry, and they forget the basics.”

Financially Motivated External Attackers Double Down on Social Engineering

In addition to social engineering growing in volume, the median amount stolen from these attacks hit $50,000 this past year, according to the DBIR. Overall, there were 1,700 incidents that fell into the social media bucket, 928 with confirmed data disclosure.

Phishing and “pretexting,” i.e. impersonation of the sort commonly used in business email compromise (BEC) attacks, dominated the social engineering scene, the…

Source…