Tag Archive for: Variants

Ransomware variants almost double in six months – FortiGuard

/in


Ransomware variants have almost doubled in the past six months, with exploit trends demonstrating the endpoint remains a target as work-from-anywhere continues, according to the latest semiannual FortiGuard Labs Global Threat Landscape Report. 

“Cyber adversaries are advancing their playbooks to thwart defence and scale their criminal affiliate networks,” says Derek Manky, chief security strategist and VP global threat intelligence, FortiGuard Labs. 

“They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment,” he says. 

“To combat advanced and sophisticated attacks, organisations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”

Glenn Maiden, director of threat intelligence, Australia and New Zealand, Fortinet, adds, “The FortiGuard Labs Global Threat Landscape 1H 2022 report has found the number of ransomware variants has almost doubled over the previous six months while the volume of ransomware, which spiked in 2021, has remained steady.

“This means FortiGuard Labs has seen the same amount of ransomware attacks; however, there is double the diversity of ransomware variants,” he says.

One of the drivers for this increase in diversity is the popularity of Ransomware-as-a-Service (RaaS). RaaS can enable even a relatively unsophisticated criminal to execute a lucrative ransomware attack.

As organisations maintain remote and hybrid working models, cyber adversaries are focusing on concealing activity from end point security systems. Looking at the top tactics and techniques from the past six months of endpoint detection and response (EDR) telemetry, defence evasion is the top tactic employed by malware developers. Attackers are likely to use techniques like system binary proxy execution to hide malicious intentions.

Cyber affiliates are now much more sophisticated in selecting their targets. An attacker that conducts deeper pre-attack reconnaissance will lead…

Source…

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

/in


The latest confirmations of the growing attacker interest in VMware ESXi environments are two ransomware variants that surfaced in recent weeks and have begun hitting targets worldwide.

One of the malware tools, dubbed Luna, is written in Rust and can encrypt data on ESXi virtual machines (VMs) in addition to data on Linux and Window systems. The other is Black Basta, a rapidly proliferating ransomware variant written in C++ that, like Luna, targets ESXi VMs and also works on Windows and Linux systems as well.

They add to a collection of ransomware variants aimed at ESXi, VMware’s bare-metal hypervisor for running virtual machines. Numerous organizations use the technology to deploy multiple VMs on a single host system or across a cluster of host systems, making the environment an ideal target for attackers looking to cause widespread damage.

“Infrastructure services like networking equipment and hosting infrastructure like ESXi can’t easily be patched on demand,” says Tim McGuffin, director of adversarial engineering at Lares Consulting. “Attacking these services provides a one-stop shop for impact since a large number of servers can be encrypted or attacked at once.”

Other recent examples of malware targeting ESXi environments include Cheerscrypt, LockBit, RansomEXX, and Hive.

The Cross-Platform Ransomware Threat

Researchers from Kaspersky first spotted Luna in the wild last month. Their analysis
shows the malware to fall into the trend of several other recent variants that are written in platform-agnostic languages like Rust and Golang, so they can be easily ported across different operating systems. The researchers also found the malware to employ a somewhat rare combination of AES and x25519 cryptographic protocols to encrypt data on victim systems. The security vendor assessed the operator of the malware to be likely based in Russia.

Kaspersky’s analysis of a recent version of Black Basta — a ransomware variant it has been tracking since February — shows the malware has been tweaked so it can now encrypt specific directories, or the entire “/vmfs/volumes” folder, on ESXi VMs. The malware uses the ChaCha20 256-bit cipher to encrypt files on victim systems. It also…

Source…

International Galaxy Z Fold 2 Variants Are Now Getting September Security Patch

/in


The Samsung Galaxy Z Fold 2 is getting yet another firmware update today which brings along the September 2021 security patch. The update is reportedly rolling out globally, with users in a handful of regions already seeing the OTA update notification. The update has a size of 200MB with the version number F916BXXS2EUI.

As is the case with most security updates, the company is including a changelog listing out what’s different. There are no new features onboard, though the usual bundle of bug fixes and security enhancements are in place.

Galaxy Z Fold 2 users in Russia will also see the inclusion of some new apps as mandated by the Russian Government, SamMobile reports.

Samsung recently updated the Galaxy Z Fold 2 with One UI 3.1.1

It’s worth pointing out that some Galaxy Z Fold 2 users in Germany received the September security update a few weeks ago. So this new update only applies to international customers of the smartphone.

The Sprint and T-Mobile versions of the Galaxy Z Fold 2 received the September security patch just a few days ago, so a global rollout was always on the cards. Samsung was also fairly quick to bring the One UI 3.1.1 update to the Z Fold 2 just weeks after it was introduced with the Z Fold 3.

Some of the new features brought to the Z Fold 2 include Drag & Split, an upgraded Multi-Active Window, a persistent Taskbar, custom aspect ratios, split-screen for apps, and many more. While the first-gen Z Fold should also see the update, we don’t have a precise timeline for its arrival.

The Z Fold 2 may no longer be in favor since the launch of its successor. However, the Z Fold 2 was a significant upgrade for the company, especially coming from the original Z Fold.

Similarly, Samsung upped the stakes significantly with the 2021 refresh of the Galaxy Z Fold. The phone sports a 7.6-inch 2208×1768 main display and a 6.7-inch 2,268×832 cover display. Both use Samsung’s Dynamic AMOLED 2X screens with a 120Hz refresh rate. Qualcomm’s Snapdragon 888 5G is running the show here backed by the Adreno 660 GPU.

The Galaxy Z Fold 3 has two front cameras. One of them is a 4-megapixel under-display sensor while the cover camera consists of a 10-megapixel sensor. The…

Source…

New Grelos Skimmer Variants Siphon Credit Card Data

/in


The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source…