Tag Archive for: systems

Akira Ransomware Mutates to Target Linux Systems, Adds TTPs

/in


Arika ransomware has continued to evolve since emerging as a threat in March, expanding its reach from initially targeting Windows systems to include Linux servers and employing a growing array of tactics, techniques, and procedures (TTPs).

An in-depth report on Akira from LogPoint breaks down the “highly sophisticated” ransomware, which encrypts victim files, deletes shadow copies, and demands ransom payment for data recovery. 

The infection chain actively targets Cisco ASA VPNs lacking multifactor authentication to exploit the CVE-2023-20269 vulnerability as an entry point.

As of early September, the group had successfully hit 110 victims, focusing on targets in the US and the UK.

British quality-assurance company Intertek was a recent high-profile victim; the group has also targeted manufacturing, professional services, and automotive organizations. 

According to a recent GuidePoint Security’s GRI report, educational organizations have been disproportionately targeted by Akira, representing eight of its 36 observed victims.

The ransomware campaign involves multiple malware samples that carry out various steps, including shadow copy deletion, file search, enumeration, and encryption, when executed.

Akira uses a double-extortion method by stealing personal data, encrypting it, and then extorting money from the victims. If they refuse to pay, the group then threatens to release the data on the Dark Web.

Upon gaining access, the group uses tools including remote desktop apps AnyDesk and RustDesk and encryption and archiving tool WinRAR.

Advanced system information tool and task manager PC Hunter aids the group in laterally moving through the breached systems, along with wmiexc, according to the report.

The group can also disable real-time monitoring to evade detection by Windows Defender, and shadow copies are deleted through PowerShell.  

Ransom note files are dropped into the multiple files across the victim’s system, which contain payment instructions and decryption assistance.  

Anish Bogati security research engineer at Logpoint, says Akira’s use of Windows internal binary (also known as LOLBAS) for execution, retrieving credentials, evading defense, facilitating lateral…

Source…

Russian hackers attack computer systems of law enforcement officers – State Special Communications Service

/in


Russian spies are using hackers to attack law enforcement computer systems in Ukraine to identify and obtain evidence related to alleged Russian war crimes.

Source: Yurii Shchyhol, head of the State Special Communications Service of Ukraine, in an interview with Reuters

Details: Hackers working with Russia’s foreign, domestic and military intelligence agencies have stepped up digital intrusion campaigns at Ukraine’s Prosecutor General’s Office and departments documenting war crimes

Quote: “There’s been a change in direction, from a focus on energy facilities towards law enforcement institutions which had previously not been targeted that often.

This shift towards the courts, prosecutors and law enforcement units, shows that hackers are gathering evidence about Russian war crimes in Ukraine

The groups we’ve identified as being engaged in this activity are part of Russia’s GRU and FSB intelligence agencies.”

Details: Espionage activities will be outlined in an upcoming State Department report due to be published on Monday.

The report, a copy of which was reviewed by Reuters, states that the hackers also tried to collect intelligence on Russian citizens arrested in Ukraine in order to “help these individuals avoid prosecution and move them back to Russia”.

Shchyhol declined to name which units were targeted by the hacking campaign, citing security concerns. The number of documented cybersecurity incidents, he said, rose 123% in the first six months of this year compared with the second half of 2022.

He also stated that Russian hackers targeted government agencies and tried to gain access to their email servers.

There is also evidence that Russian hackers gained access to private surveillance cameras in Ukraine to monitor the results of long-range missile and drone strikes.

Ukrainska Pravda is the place where you will find the most up-to-date information about everything related to the war in Ukraine. Follow us on Twitter, support us, or become our patron!

Source…

Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems

/in


Two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system.

The flaws were found in the unified communications and collaboration solution by researchers at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business.

The vulnerabilities affect the Atos Unify Session Border Controller (SBC), which provides security for unified communications, the Unify OpenScape Branch product for remote offices, and Border Control Function (BCF), which is designed for emergency services.

SEC Consult researchers discovered that the web interface of these products is affected by CVE-2023-36618, which can be exploited by an authenticated attacker with low privileges to execute arbitrary PHP functions and subsequently operating system commands with root privileges.

The second security hole, CVE-2023-36619, can be exploited by an unauthenticated attacker to access and execute certain scripts. An attacker could leverage these scripts to cause a denial-of-service (DoS) condition or change the system’s configuration.

SEC Consult says the vulnerabilities have critical impact, but the vendor has assigned the flaws a ‘high severity’ rating based on their CVSS score.

“Attackers can gain full control (root access) over the appliance, if any low-privileged user credentials are known, and could reconfigure or backdoor the system (e.g. change SIP upstream configuration, etc),” Johannes Greil, head of the SEC Consult Vulnerability Lab, told SecurityWeek.

Advertisement. Scroll to continue reading.

Greil pointed out that the affected web interface is typically not exposed to the internet and a brief Shodan analysis shows there are no systems that are reachable from the web.

The cybersecurity firm this week published an advisory containing technical information, but proof-of-concept (PoC) exploit code has not been made public. 

Atos has released updates that should patch both Unify vulnerabilities. The vendor has also suggested a series of workarounds that can prevent or reduce the risk of exploitation. 

Related: Details Disclosed for Critical SAP…

Source…

The Long Island Press Amplifies a RevBits White Paper that Explores a Devastating 2022 Cyber Hack on the Computer Systems of Suffolk County New York

/in





Mineola, N.Y., United States:
 

RevBits, a cyber security solution company based on Long Island, New York, completed a review of the 2022 Suffolk County, New York, cyber hack that rendered government systems largely inoperable for months, affecting municipal work and citizen interaction with their county government. The RevBits white paper, Suffolk Hack Part of a Chinese Plot?, was recently profiled in a companion piece in the September edition of The Long Island Press.


 

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230919470113/en/


 

One year ago, on September 8, 2022, an anonymous email appeared on the Suffolk County government computer system announcing a devastating hack: unnamed thieves had sized four terabytes of data – some 300 million pages of detailed government information, including highly confidential personal information regarding 26,000 current and former employees as well as banking and personal information related to more than 400,000 people who have received traffic and parking tickets over the past years.


 

The hack brought government systems to a halt: crippling the billion-dollar real estate industry, sideswiping tens of millions of dollars in vital payments to mom-and-pop suppliers and disabled key functions of the county’s 911 emergency system.


 

The RevBits white paper reveals that top US law enforcement and intelligence officials are convinced the intrusion was executed by Chinese government hacking teams as part of Beijing’s drive toward global supremacy by 2049.


 

The white paper, initiated by RevBits CEO David Schiffer, who founded and headed Safe Banking Systems prior to running RevBits, is a veteran of the cyber-world, having intersected with many of the biggest computer cases of the past decades from Kremlin money laundering to security lapses at the FAA. “This hack hits close to home for us – we are a Long Island-based company, and I have been a Long Island resident nearly my whole life,” said Schiffer. “The scourge of state-sponsored hacking needs to be taken seriously by companies but, even…

Source…