Massive ransomware attack: Russia-linked REvil ransomware

Joe Biden orders probe of latest ransomware attack; Russia-linked REvil ransomware gang under the spotlight

US President Joe Biden said on Saturday he has directed U.S. intelligence agencies to investigate who was behind a sophisticated ransomware attack that hit hundreds of American businesses and led to suspicions of Russian gang involvement.

The hackers who struck on Friday hijacked widely used technology management software from a Miami-based supplier called Kaseya. They changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers’ customers simultaneously.

A massive ransomware attack on the software supply chain has impacted more than 1,000 businesses so far, and the number may continue to grow. The attack has focused on managed service providers, which provide IT services primarily to small- and medium-sized businesses. Such attacks can have a multiplying effect, since the hackers may then gain access and infiltrate the MSPs’ customers too.

On Thursday, U.S. and British authorities said Russian spies accused of interfering in the 2016 U.S. presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide.

On Friday, Russia’s embassy in Washington denied that charge.

Secure Work at home

Covid 19 related Phishing attacks :

During the current Corona crisis, the people are are at home more often. Adding to that, employees are working from home more than ever before. This presents itself as great breeding ground for cyber criminals.

Phishing attacks are setup in a way to send the victims to websites with fake information about the Coronavirus. Often times, these sites use the user’s system resources to earn cryptocurrency like Bitcoin – All without the approval of the user .

Ransomware :

Ransomware encrypts files on computers and ask the user for a ransom in return of the original files. The rise of a cryptocurrency like Bitcoin surely helped ransomware attacks, as it allows the malicious actor to be more anonymous. In 2021 and onwards, it’s possible to see more sophisticated attacks going on.

Top10 Cyber Security Threats in 2021

Emerging technologies such as cloud computing, Artificial Intelligence (AI), automation, and the Internet of Things (IoT) are creating unprecedented opportunities for businesses to unlock new value.

The shortage of skilled security personnel, complex compliance requirements, incessantly evolution of cyberattacks, and perilous insider threats continue to be the most prominent ongoing cybersecurity challenges

  1. The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.
  2. More growth in the security industry. Our numbers of new products and new year mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.
  3. Privacy will be a mess, with user revolts, new laws, confusion and self-regulation failing.
  4. Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.
  5. Tons of high-profile Internet of Thing (IoT) hacks, some which will make headline news.
  6. Ransomware will get worse and worse — with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organizations.
  7. Lots of 5G vulnerabilities will become headline news as the technology grows.
  8. Advanced Persistent Threats (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.
  9. Mobile devices, including smartphones, will be attacked in new ways, including app stores.
  10. Cryptocurrencies will play new roles, with criminals switching often for hiding advantages.

New ‘unremovable’ xHelper malware-Android devices

Named xHelper, this malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August (per Malwarebytes), eventually reaching a total of 45,000 infections this month (per Symantec).
The source of these infections is “web redirects” that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan. The trojan has shown intrusive popup ads and notification spam. The ads and notifications redirect users to the Play Store, where victims are asked to install other apps — a means through which the xHelper gang is making money from pay-per-install commissions.
Furthermore, even if users spot the xHelper service in the Android operating system’s Apps section, removing it doesn’t work, as the trojan reinstalls itself every time, even after users perform a factory reset of the entire device.
How xHelper survives factory resets is still a mystery

Google Android Malware Warning

android
Adware is a type of malware that hides on your device so it can serve you unwanted adverts, including scam ads. On top of this, adware-containing apps can drain battery resources, increase network traffic and gather your personal information. Here are the 21 apps affected by the adware.It goes without saying that if you have any of these installed, you should delete them now. They have been removed from Google playstore.
rogue

Global Cybersttacks and how to protect

Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage ActorsMicrosoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage Actors

global

Original release date: October 29, 2019
Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian advanced persistent threat (APT) group 28, also known as Fancy Bear, STRONTIUM, Swallowtail, Sofacy, Sednit, and Zebrocy. According to Microsoft, APT28 is targeting sporting and anti-doping organizations using spearphishing, password spraying (a brute force technique), fake Microsoft internet domains, as well as open-source and custom malware to exploit internet-connected devices.

To protect against similar attacks, Microsoft recommends:
• Enabling two-factor authentication on all business and personal email accounts,
• Learning how to spot phishing schemes and protect yourself from them, and
• Enabling security alerts about links and files from suspicious websites.

Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram

matrix-2503236_960_720

Hackers can manipulate media files transferred by users through the WhatsApp and Telegram messaging applications due to the way the Android operating system allows apps to access files in external storage. To minimize cyber risks it is essential that every user understand that they are both an asset and a potential security liability.

The attack works against WhatsApp in its default configuration and against Telegram if the user has enabled the “Save to gallery” option. Android Q will introduce a privacy feature called Scoped Storage, which changes how applications can access files on the device’s external storage.

New ransomware Sodinokibi

cyber-security-2296269_960_720

It assigns a random extension to each victim file typical of every ransomware. It is using a new delivery technique —distributed by malvertising that also directs victims to the RIG exploit kit. They are also using Spam or phishing emails.

Use Max Total Security to do a scheduled back up of your data regularly to ensure that data can be retrieved even after a successful ransomware attack. Be careful while opening mail attachments or mails you do not recognise.

Max Total Security pro actively looks for signs of Ransomware and stop as soon as they start. Also, offers free Backup utility included in the product for safe recovery. It also offers Folder Secure vault where you can keep your confidential data untouched by any malware including Ransomware.

Protect your data with Max Total Security. Also, our 24×7 highly skilled technical support team who can help you protect. Try Max Total Security for Windows from here .

Florida City hit by Ransomware attack

The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly $600,000 in ransom to hackers who paralyzed the city’s computer systems.

Riviera Beach, a small city of about 35,000 people just north of West Palm Beach, became the latest government to be crippled by ransomware attacks that have successfully extorted municipalities and forced them to dig into public coffers to restore their networks. A similar breach recently cost Baltimore $18 million to repair damages.

On Monday, the City Council unanimously agreed to have its insurance carrier pay the hackers 65 Bitcoin, a hard-to-trace digital currency, amounting to about $592,000. By making the payment, the City Council hopes to regain access to data encrypted in the cyberattack three weeks ago, though there is no guarantee the hackers will release the data once payment is received.

Protect your data with Max Secure Ransomware protection which kills Ransomware as it starts to spread. Also, our 24×7 highly skilled technical support team who can help you protect. Try Max Total Security for Windows from here .

(courtesy The New York Times https://www.nytimes.com/2019/06/19/us/florida-riviera-beach-hacking-ransom.html)

ShadowHammer Hacker hijacks Asus update tool

785456

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers. ASUS Live Update is an utility that is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.

ASUS, one of the world’s largest computer makers, was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company.

The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines. The issue highlights the growing threat from so-called supply-chain attacks, where malicious software or components get installed on systems as they’re manufactured or assembled, or afterward via trusted vendor channels.

This is not the first time attackers have used trusted software updates to infect systems. The infamous Flame spy tool, developed by some of the same attackers behind Stuxnet, was the first known attack to trick users in this way by hijacking the Microsoft Windows updating tool on machines to infect computers. Flame, discovered in 2012, was signed with an unauthorized Microsoft certificate that attackers tricked Microsoft’s system into issuing to them. The attackers in that case did not actually compromise Microsoft’s update server to deliver Flame. Instead, they were able to redirect the software update tool on the machines of targeted customers so that they contacted a malicious server the attackers controlled instead of the legitimate Microsoft update server.

ASUS customers who want to update the ASUS Live Update Utility to the clean 3.6.8 version can do it by following the step by step procedure available HERE.