SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ventia takes systems offline to contain cyber attack
July 10, 2023
Ventia has taken an undisclosed number of “key systems” offline to contain a cyber security incident. The listed company, which provides long-term operation, maintenance, and management for critical public and private assets and infrastructure, disclosed the incident on Saturday. Read more… Source: IT News
- The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
July 7, 2023
This sophisticated campaign targeting LATAM region employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage. These modules are custom designed to carry out malicious activities, such as injecting harmful code into remote processes, circumventing User Account Control via COM Elevation Moniker, and evading detection by Sandboxes through clever ...
- Telegram has become a window into war
July 7, 2023
Since the invasion of Ukraine in February 2022, Telegram has gained an outsize influence on one of the world’s most watched conflicts. “Telegram is fantastic for many, many reasons and for the fact that we’ve managed to see what is happening at such a crucial point in history,” says Jordan Wildon, digital investigator and founder ...
- The five-day job: A BlackByte ransomware intrusion case study
July 6, 2023
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an intrusion, they found that the threat actor progressed through the full attack ...
- Charges filed in cyber attack on East Bay water treatment plant
July 6, 2023
A 53-year-old Tracy man is facing federal criminal charges in connection with an alleged attack on the computer systems of a Discovery Bay water treatment plant more than two years ago, according to the U.S. Attorney’s Office. Rambler Gallo was a full-time employee of a private Massachusetts-based company that contracted with Discovery Bay to operate the ...
- CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
July 6, 2023
Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware ...