SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read more…
Source: SophosLabs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TeamTNT Campaigns Emphasize Importance of Addressing Cloud Security Gaps
July 20, 2021
Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021. Although believed to have been active since 2011, TeamTNT stayed under the radar for many years before exploding onto the scene ...
- Safeguarding Critical Infrastructure Against Threats From The People’s Republic Of China
July 19, 2021
As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organization of all sizes at home and around the world. CISA regularly shares actionable information to help security professionals ...
- Saudi Aramco data breach sees 1 TB stolen data for sale
July 19, 2021
Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The oil giant employs over 66,000 employees and brings in almost $230 ...
- iPhones running latest iOS hacked to deploy NSO Group spyware
July 19, 2021
Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits. “Amnesty International has observed evidence of compromise of the iPhone XR of an Indian journalist ...
- CISA: Chinese State-Sponsored Cyber Operations – Observed TTPs
July 19, 2021
The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and ...
- iPhone WiFi bug morphs into zero-click hacking, but there’s a fix
July 19, 2021
Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone’s WiFi connection after trying to connect to a network with a name (SSID) that included a special character. Read more… Source: Bleeping Computer