SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Sweden: Significant increase in cyberattacks and they’re more advanced
September 4, 2023
Cyberattacks against Swedish authorities have increased in number and are more protracted and advanced, according to an investigation by Swedish Radio News. The Social Insurance Agency, Försäkringskassan, has seen such attacks double over three years, it says. Read more… Source: Radio Sweden
- Half of large Swiss firms have faced cyberattacks
September 4, 2023
A full 45 percent of companies in Switzerland counting 250 employees or more have already been hit by at least one cyberattack, according to the report. Based on a survey of 400 board members from both larger, listed companies and small and medium enterprises (SMEs), the study found that only 18 percent of firms with under ...
- Rockwell Automation Integer Overflow Vulnerability
September 1, 2023
Rockwell Automation’s ThinManager is designed for managing thin clients, mobile devices, cameras, and industrial devices. Comprising both client and server components, the client facilitates device configuration while the server handles data transfer and client requests. To maintain data consistency across the system, ThinManager servers synchronize using messages sent via port TCP/2031. These messages, based on a ...
- Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink
August 31, 2023
A hacking group called Anonymous Sudan took X, formerly known as Twitter, offline in more than a dozen countries on Tuesday morning in an attempt to pressurise Elon Musk into launching his Starlink service in their country. X was down for more than two hours, with thousands of users affected. “Make our message reach to Elon ...
- CISA Releases Four Industrial Control Systems Advisories
August 31, 2023
CISA released four Industrial Control Systems (ICS) advisories on August 31, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-243-01 ARDEREG Sistemas SCADA ICSA-23-243-02 GE Digital CIMPLICITY Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware
August 31, 2023
Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), ...