SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Securing the AI Pipeline
June 27, 2023
Artificial intelligence (AI) is a hot topic these days, and for good reason. AI is a powerful tool. In fact, Mandiant analysts and responders are already using Bard in their workflows to identify threats faster, eliminate toil, and better scale talent and expertise. Organizations are keen to understand how best to integrate it into their ...
- CISA Releases SCuBA TRA and eVRF Guidance Documents
June 27, 2023
The Technical Reference Architecture (TRA) document, previously released for public comment on April 19, 2022, is the final version of a security guide that agencies can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, and zero trust frameworks. The extensible Visibility Reference Framework (eVRF) guidebook provides an overview of the eVRF framework, which ...
- How cybercrime is impacting SMBs in 2023
June 27, 2023
According to the United Nations, small and medium-sized businesses (SMBs) constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries’ economies. In the past, the perception was that large corporations were more ...
- Why endpoint management is key to securing an AI-powered future
June 26, 2023
The chief information security officer (CISO) agenda has a new set of priorities. Hybrid work and the resultant architecture updates, so prevalent at the beginning of the pandemic, are no longer top of mind. Instead, the thinking is focused on tackling ever more sophisticated threats and integrating Zero Trust in a more nuanced fashion through ...
- CISA Adds Five Known Exploited Vulnerabilities to Catalog
June 23, 2023
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- AI And Cybercrime Unleash A New Era Of Menacing Threats
June 23, 2023
Artificial intelligence (AI) is catching a lot of headlines recently. It doesn’t matter whether you’ve been paying attention to these headlines or not—chances are you’ve heard about the recent developments in the world of AI and the extraordinary feats these projects are accomplishing. Large language models (LLMs) like OpenAI’s ChatGPT, Microsoft’s Bing Chat and Google’s Bard ...