SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian hackers claim responsibility for cyberattack on Lithuania
June 27, 2022
Russian hacker group Killnet has claimed responsibility for a denial-of-service (DDOS) cyberattack on Lithuania, saying it was in response to the decision by Vilnius to block the transit of some sanctioned goods to the Russian exclave of Kaliningrad. Lithuanian state and private institutions were hit by the denial-of-service cyberattack on Monday, the Baltic country’s National Cyber ...
- Clever phishing method bypasses MFA using Microsoft WebView2 apps
June 26, 2022
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) has made ...
- Automotive fabric supplier TB Kawashima announces cyberattack
June 25, 2022
TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company did not confirm but there is reason to suspect that it is dealing with an attack from the LockBit ransomware group. TB Kawashima is a manufacturer ...
- We’re now truly in the era of ransomware as pure extortion without the encryption
June 25, 2022
US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing scourge of ransomware. “Only by working together with key law enforcement and prosecutorial partners in the EU can we effectively combat the threat that ransomware poses to our society,” said US assistant attorney ...
- Spyware vendor targets users in Italy and Kazakhstan
June 23, 2022
Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people. Just last week, Google testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work we have done to monitor and disrupt this thriving industry. Seven of the nine zero-day vulnerabilities our Threat Analysis Group ...
- CISA: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
June 23, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial ...