Tag Archive for: global

Akira Ransomware Alert! Kaspersky Reveals Global Impact on Windows and Linux

/in


Ransomware

Ransomware, Stealers and Fake Updates – Inside the Evolving Cybercrime Landscape

The online dangers we face are always changing, with cybercriminals coming up with new ways to harm people on the internet. Experts at Kaspersky keep an eye on these threats and study them to help everyone stay safe.

One group at Kaspersky called the Global Research and Analysis Team (GReAT), is focused on understanding and stopping new kinds of malicious software. They’re looking into tricky attacks, like ransomware that works on different devices, viruses that go after Apple computers, and sneaky methods hackers use to trick people, like fake browser alerts. According to Kaspersky’s latest findings, cybercriminals are getting smarter and using more advanced tricks to infect computers without getting caught.

Fake Browser Updates Hide Trojans

One threat uncovered by Kaspersky GReAT researchers is the cunning FakeSG campaign. Legitimate websites are compromised to display fake browser update alerts. Clicking these prompts a file download that seems to update the browser but actually runs hidden malicious scripts. These establish persistence and expose command infrastructure revealing the operation’s sophistication.

Cross-Platform Ransomware Wreaking Havoc

Akira ransomware is the latest threat able to infect both Windows and Linux systems. Within months over 60 organizations globally were impacted, including in retail, manufacturing and education. Akira shares code similarities with Conti ransomware but has an old-school command panel design making analysis trickier. Its cross-platform adaptability shows the broad reach of modern ransomware.

MacOS Malware Joining the Fray

The AMOS information stealer surfaced in April 2023, was sold via Telegram and was initially written in Go before shifting to C code. By deploying malvertising on phishing sites spoofing popular Mac apps, AMOS can infiltrate Apple systems and exfiltrate sensitive user data. This reflects a wider trend of Mac-focused malware moving beyond traditional Windows targets.

Staying Safe in an Evolving Landscape

With cybercriminals rapidly innovating their tools and tactics, end users must be proactive about security. Maintaining device software…

Source…

LockBit Remains Top Global Ransomware Threat

/in


The LockBit ransomware strain continues to be the primary digital extortion threat to all regions, and almost all industries globally, according to a report by ZeroFox.

Researchers found that LockBit was leveraged in more than a quarter of global ransomware and digital extortion (R&DE) attacks in the seven quarters analyzed from January 2022 to September 2023.

This includes 30% of all R&DE attacks in Europe and 25% in North America during the period.

However, ZeroFox said that the overall proportion of attacks that LockBit accounts for is on a downward trajectory. This is likely due to increasing diversification of the R&DE landscape, with ransomware-as-a-service (RaaS) offerings lowering the barriers to entry for threat actors.

LockBit Trends in North America

The researchers noted that historically LockBit has been consistently under-deployed in attacks against North America compared to other regions, such as Europe. An average of 40% of LockBit victims were based in North America, but there is evidence this is on an upward trajectory, expected to reach 50% by the end of 2023.

The industries most frequently targeted by LockBit in North America between January 2022 and September 2023 were manufacturing, construction, retail, legal & consulting and healthcare.

Meanwhile, LockBit made up 43.41% of R&DE attacks in Europe in Q1 2022, but decreased to 28.48% in the final quarter of the period, Q3 2023.

LockBit Intrusion Vectors

Due to the wide range of LockBit operators, a variety of intrusion methods have been used to deploy the payload.

The primary techniques identified were:

  • Exploiting Internet-Facing Applications. These were primarily a range of remote code execution and privilege escalation vulnerabilities.
  • Phishing. LockBit affiliates leveraged a variety of phishing lures to access victims’ networks, including attaching malicious documents and fraudulent resume and copyright-related emails.
  • External Remote Services. Threat actors leverage legitimate user credentials obtained via credential harvesting to access external-facing remote working services.
  • Drive-by Compromise. Operators have been observed accessing systems via a user visiting a website, often targeting…

Source…

Apple secures WebKit as global ransomware attacks surge

/in


If nothing else, Apple’s most recent emergency security update should be considered proof of an increasingly tense security environment.

Enterprises must understand that while Apple maintains a pretty solid ecosystem — certainly at present the most secure, even according to Cisco — that doesn’t mean it’s entirely safe, and every Apple customer needs to get wise to the growing proliferation of threats.

With more and more business users turning to the company’s solutions, it’s important to get ahead of the threat.

What is the current threat environment?

The latest Orange Cyberdefense Security Navigator Report claims a global 46% surge in cyber-extortion attacks across the last year — and warns that just over a third (37.45%) of detected incidents originated from internal actors, not all of these by accident.

With employees and trusted insiders remaining the soft vulnerable point for a third of attacks, it’s essential every business and every user spend time learning about the best approach to online security.

The Orange report points out that attacks are taking place at strategic points in the supply chain. It warns that larger enterprises are the most targeted entities, and points to a surge in attacks against the manufacturing sector.

Ransomware, it seems, has become so prevalent that some of the more organized groups now host help desks targets can contact for assistance — and to arrange payment and data recovery.

Weaponizing WebKit

Keep these findings in mind as you consider Apple’s latest emergency security updates. Released at the end of November, these address two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that have been exploited by hackers to access sensitive information on Apple devices and/or to execute arbitrary code by using malicious webpages to take advantage of a memory corruption bug.

Michael Covington, vice president of portfolio strategy at Jamf, explained:

“These latest OS updates, which address bugs in Apple’s WebKit, show that attackers continue to focus on exploiting the framework that downloads and presents web-based content. The latest bugs could lead to both data leakage and arbitrary…

Source…

Member of Russian cybergang Trickbot pleads guilty in $180 million global ransomware spree that hit Avon schools, others

/in


CLEVELAND, Ohio — A Russian man on Thursday admitted to his role in the cybergang Trickbot that attacked millions of computers around the world with ransomware, including those in hospitals during the coronavirus pandemic.

Vladmir Dunaev, 40, pleaded guilty in federal court in Cleveland to conspiracy to commit computer fraud and conspiracy to commit bank and wire fraud.

He faces between five and six-and-a-half years in prison when U.S. District Judge Solomon Oliver sentences him. Oliver set a sentencing date for March 20, but said he could move that date up.

Dunaev is the second person to plead guilty in the United States to working for the Russia-based gang, which authorities say stole at least $33 million from Americans and $180 million worldwide.

He worked as a malware developer for the gang, and he was not a high-level planner, authorities said. He helped devise ways for the malware to avoid detection by cybersecurity software programs and developed tools to mine data on hacked computers, among other roles, Assistant U.S. Attorney Dan Riedl said.

Dunaev was arrested in 2021 in South Korea.

The case was prosecuted in Cleveland because some of Trickbot’s victims were in Northeast Ohio, including Avon schools, which lost about $471,000, and a North Canton business that lost about $750,000.

A co-defendant, Alla Witte, was the first Trickbot member to plead guilty in the case and was sentenced in June to two years and three months in prison.

Trickbot and other malware convictions are rare because many of its members live in Russia or other countries that do not have extradition agreements with the United States.

In September, prosecutors in Cleveland and elsewhere charged 14 more members of the gang and its offshoot, Conti. Another gang member was charged in February. None of the 15 has been arrested.

The U.S. Treasury Department and United Kingdom have also issued sanctions, including travel bans and asset freezes, against 18 gang members.

Officials in both countries have said Trickbot has direct ties to Russian intelligence.

The group grew to have as many as 400 members and infected millions of computers across the globe, including in Italy, Australia, Belgium and Canada.

The malware…

Source…