LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis released on Monday, featuring a souped-up encryption method.
“In contrast to LockBit’s attacks and features in 2019, this version includes automatic encryption of devices across Windows domains by abusing Active Directory (AD) group policies, prompting the group behind it to claim that it’s one of the fastest ransomware variants in the market today,” according to the report. “LockBit 2.0 prides itself on having one of the fastest and most efficient encryption methods in today’s ransomware threat landscape. Our analysis shows that while it uses a multithreaded approach in encryption, it also only partially encrypts the files, as only 4 KB of data are encrypted per file.”
Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.
“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s May Update Tuesday release. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
The Weather Channel knocked off air by 'malicious software attack
The Weather Channel was knocked off the air Thursday morning by what it said was a malicious software attack on the network.
Just when you thought you had all of your defenses in place when fighting Malware, Cyber Attacks, and Ransomware… think again! Cybercriminals are busy crafting new methods of attacks that are ready to take your data for prey and pounce on your personal information. Here are 10 new sneaky attacks to be on the look-out for in the new year!
- Rivaling governments and geopolitical cyber-warfare funding the efforts of cybercriminal gangs to create chaos, steal intellectual property, and profit from fraud and extortion by breaching personal data.
- New variants of ransomware (including doxware, which threatens to publish sensitive data like browsing histories unless a ransom is paid)
- Much more widespread use of cryptojacking (stealing computing resources to mine cryptocurrency without sharing the profits)
- More distributed denial-of-service (DDoS) attacks on critical servers and networks, abetted by the conscription of armies of Internet-of-Things (IoT) devices
- Increasing use of fileless malware (which never becomes disk-resident, only loads directly into memory, and thus evades many signature-based endpoint anti-malware measures)
- More synergistic attacks (in which multiple malware attacks are injected onto a system and the poorest-defended one activated using AI and ML to improve attack techniques
- Continued reliance on phishing as the most effective attack vector for malware, with more sophisticated attacks targeted at higher-value individuals.
- Increasingly target cloud services and edge computing environments with malware attacks
- Enslave legions of IoT devices for use in DDoS and cryptojacking attacks
- Exploit the new attack surfaces and rich data targets presented by 5G networks and applications.
SCAM THREAT: Computer ‘virus’ trick continues to target Spain
FRAUDSTERS: Microsoft has confirmed this scam has been reported in 16 different countries.
A TELEPHONE scam by con artists purporting to be computer technicians continues to pose a threat in Spain.
The con, in which fraudsters call pretending to be from Microsoft before bullying their victims into allowing them access to their computer, has reportedly been ongoing for 16 years.
Computer-users are being warned scammers will claim a home computer has been infected with a virus before telling them to follow the caller’s instructions and click on a link they have send.
Reports out of Iran indicate that a massive attack on Iranian infrastructure and strategic networks took place in the last few days by a computer virus even more powerful than the Stuxnet worm that wrought tremendous damage on Iran's nuclear program.
Israeli officials are refusing to discuss any role they had in unleashing the virus, which has been described as “more violent, more advanced and more sophisticated" than Stuxnet.