Tag Archive for: SOFTWARE

Fake Google software updates spread new ransomware

Threat actors are increasingly using fake Microsoft and Google software updates to try to sneak malware on target systems.

The latest example is “HavanaCrypt,” a new ransomware tool that researchers from Trend Micro recently discovered in the wild disguised as a Google Software Update application. The malware’s command and-control (C2) server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, according to Trend Micro.

Also notable, according to the researchers, is HavanaCrypt’s many techniques for checking if it is running in a virtual environment; the malware’s use of code from open source key manager KeePass Password Safe during encryption; and its use of a .Net function called “QueueUserWorkItem” to speed up encryption. Trend Micro notes that the malware is likely a work-in-progress because it does not drop a ransom note on infected systems.

HavanaCrypt is among a growing number of ransomware tools and other malware that in recent months have been distributed in the form of fake updates for Windows 10, Microsoft Exchange, and Google Chrome. In May, security researchers spotted ransomware dubbed “Magniber” doing the rounds disguised as Windows 10 updates. Earlier this year, researchers at Malwarebytes observed the operators of the Magnitude Exploit Kit trying to fool users into downloading it by dressing the malware as a Microsoft Edge update.

As Malwarebytes noted at the time, fake Flash updates used to be a fixture of Web-based malware campaigns until Adobe finally retired the technology because of security concerns. Since then, attackers have been using fake versions of other frequently updated software products to try to trick users into downloading their malware — with browsers being one of the most frequently abused.

Creating fake software updates is trivial for attackers, so they tend to use them to distribute all classes of malware including ransomware, info stealers, and Trojans, says an analyst with Intel 471 who requested anonymity. “A non-technical user might be fooled by such techniques, but SOC analysts or incident responders will likely not be fooled,” the analyst says.

Security experts have…


Radware Delivers Cloud DDoS Protection for ESDS Software Solution Limited

MAHWAH, N.J., July 13, 2022 (GLOBE NEWSWIRE) — Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced that ESDS Software Solution Limited selected Radware’s Cloud DDoS Protection Service to support its data centers in India. ESDS is among India’s leading managed cloud service and end-to-end multi-cloud requirements providers. ESDS engaged Radware to further increase its visibility to network and application performance as well as speed time to protection against malicious DDoS attacks.

“ISP customers depend on us to maintain a high level of security and availability, which is why security reliability is important to our business,” said Rushikesh Jadhav, chief technology officer at ESDS. “We decided to work with Radware because it provides a comprehensive cloud DDoS service that can automatically generate protection for zero-day and unknown DDoS attacks in real time through a unified portal.”

DDoS attacks are becoming more frequent, powerful and sophisticated. According to a Radware report, the number of blocked malicious events per company has risen more than 30% from 2020 to 2021. In addition, the average blocked volume per company has grown by 26% during the same time period.

“Recognized as one of India’s leading cloud service providers, ESDS is continually advancing critical cloud-based tools to create added business value and protection for customers that serve many different industries,” said Nikhil Karan Taneja, Radware’s vice president and managing director for India, the Middle East, and South Asia. “We are pleased to offer ESDS a comprehensive cloud security solution built to defend against even the most determined threat actors.”

Radware’s Cloud DDoS Protection Service protects customers from large and sophisticated DDoS attacks, including randomized and reflective DDoS attacks, burst DDoS attacks, SSL floods, and IoT botnet DDoS attacks. Radware was recently ranked a global leader in Forrester’s report, “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021.”

ESDS Software Solution Limited is proposing, subject to receipt of requisite approvals,…