SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
March 24, 2023
US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year’s cyber attacks against the local government. Over the course of the three-month deployment, Cyber National Mission Force (CNMF) troops worked with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the ...
- CISA Releases Six Industrial Control Systems Advisories
March 23, 2023
CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-082-01 RoboDK ICSA-23-082-02 CP-Plus KVMS Pro ICSA-23-082-03 SAUTER EY-modulo 5 Building Automation Stations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Eight Industrial Control Systems Advisories
- Critical infrastructure gear is full of flaws, but hey, at least it’s certified
March 23, 2023
Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers. And most of these operational technology (OT) products – which include industrial control systems and related devices – claim security certifications, some of which they did not actually have. Read ...
- FBI Internet Crime Complaint Center Releases 2022 Statistics
March 22, 2023
In the recently released 2022 Internet Crime Report produced by the FBI’s Internet Crime Complaint Center (IC3), the numbers confirm that cyber actors continue to plague Americans by targeting U.S. networks, attacking critical infrastructure, holding our money and data for ransom, facilitating large-scale fraud schemes, and threatening our national security. IC3 received a total of ...
- Ransomware Attack Hits Ship-Tracking Firm Royal Dirkzwager
March 22, 2023
A team of ransomware hackers have published proprietary inside data allegedly obtained the Dutch shipping intelligence agency Royal Dirkzwager, according to cybsersecurity trade press. The leak purportedly include employee passports, contracts and other sensitive information. The hackers claim to have more data that is yet to be released, reports Security Week. Read more… Source: The Maritime Executive
- Understanding Cyber Threats in Transport
March 21, 2023
This new report maps and analyses cyber incidents in relation to aviation, maritime, railway and road transport covering the period of January 2021 to October 2022. The report brings new insights into the cyber threats of the transport sector. In addition to the identification of prime threats and the analysis of incidents, the report includes an ...