SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
June 22, 2023
Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet. The threat actors have the ability to gain complete control over the compromised devices, integrating those devices into the botnet. These devices are then used to execute additional attacks, including distributed denial-of-service (DDoS) attacks. Read ...
- LockBit Green and phishing that targets organizations
June 22, 2023
In recent months, Kaspersky published private reports on a broad range of subjects. They wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. For this post, Kaspersky researchers selected three private reports, namely those related to LockBit and phishing campaigns targeting businesses, and prepared excerpts from these. Read more… Source: Kaspersky
- Beyond the horizon: Traveling the world on Camaro Dragon’s USB flash drives
June 22, 2023
In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang ...
- IoT devices and Linux-based systems targeted by OpenSSH trojan campaign
June 22, 2023
Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to generate revenue from targeting a wide range of vulnerable systems, including Internet of Things (IoT) devices. Microsoft researchers have recently discovered an attack leveraging custom and ...
- Military AI’s Next Frontier: Your Work Computer
June 22, 2023
It’s probably hard to imagine that you are the target of spycraft, but spying on employees is the next frontier of military AI. Surveillance techniques familiar to authoritarian dictatorships have now been repurposed to target American workers. Over the past decade, a few dozen companies have emerged to sell your employer subscriptions for services like “open ...
- Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks
June 21, 2023
Zscaler ThreatLabz has discovered a new malware variant, RedEnergy stealer (not to be confused with the australian company Red Energy) that fits into the hybrid Stealer-as-a-Ransomware threat category. RedEnergy stealer uses a fake update campaign to target multiple industry verticals and possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive ...