• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Security

Ransomware trends: Cross-platform execution, improving infrastructure and taking sides in war

Howard Solomon by Howard Solomon
May 11, 2022
in Security
0 0
0
WatchGuard firewall admins warned that new malware targets the devices
Ransomware gangs are increasingly adapting their code to cross-platform programming languages such as Rust or Golang so their malware can spread to systems running operating systems other than Windows, according to Kaspersky. The observation comes in a report on the latest ransomware trends from Kaspersky researchers on the eve of the third annual Anti-Ransomware Day, which this year is Thursday, May 12th. Writing malware in a cross-platform language makes it easier to port it to other platforms such as Linux, iOS and Android, the report notes. Another reason is that analysis of cross-platform binaries is a bit harder than that of malware written in plain C. Groups shifting to this tactic include
  • Conti. Only certain affiliates have access to a Linux variant of the Conti ransomware, the report notes, one targeting ESXi systems. It supports a variety of different command-line arguments that can be used by the affiliate to customize the execution;
  • BlackCat. Samples have been found that work on Linux. Although the malware is written in Rust from scratch, Kaspkersy found some links to the BlackMatter group as the actor used the same custom exfiltration tool that had been observed earlier in BlackMatter activities;
  • Deadbolt. While written in a cross-platform language, it is currently aimed at only one target: QNAP network-attached storage systems.  It is also an interesting combination of Bash, HTML and Golang, the researchers say. Deadbolt itself is written in Golang, the ransom note is an HTML file that replaces the standard index file used by the QNAP NAS, and the Bash script is used to start the decryption process if the provided decryption key is correct. “There is another peculiar thing about the ransomware.” says Kaspersky: “it doesn’t need any interaction with attackers because a decryption key is provided in a Bitcoin transaction OP_RETURN field.”

Related content: Cyber insurance harder to get

The report notes two other trends: First, the ransomware ecosystem is becoming even more “industrialized”.

“Just like legitimate software companies, cybercriminal groups are continually developing their tool kit for themselves and their customers – for example, to make the process of data exfiltration quicker and easier,” say researchers.

For example, when it started, the Lockbit gang didn’t have a leak portal, was not doing double extortion, and didn’t exfiltrate data before data encryption. That changed over time. Like other ransomware families, the report notes, Lockbit’s infrastructure suffered several attacks, including hacking of the Lockbit administration panels and DDoS attacks to force the group to shut down its activity, that forced it to implement some countermeasures to protect its assets.

The latest security addition is a “waiting page” that redirects users to one of the available mirrors.

Another example of adaptation by ransomware gangs is the shift from publicly available tools for data exfiltration, such as Filezilla, with their own custom – and faster – tools. Lockbit created one called StealBIT. Second, ransomware gangs are taking sides in geopolitical conflicts. For example, on February 25th, Conti said it will retaliate with full capabilities against any “enemy’s” critical infrastructure if Russia became a target of cyberattacks. CoomingProject, an extortion group, and Stormous (whose code is written in PHP), are also openly supporting Russia. Freeud, a new ransomware variant, supports Ukraine. The Freeud’s ransom note says Russian troops should leave Ukraine. “The choice of words and how the note is written suggest that it is written by a native Russian speaker,” says the report. There have been consequences for taking sides. Pro-Ukraine hackers have emerged such as Anonymous, IT Army of Ukraine and Belarusian Cyber Partisans. In February a Ukrainian researcher released messages from the backend of a Jabber server used by Conti members. Kaspersky offers this advice to CISOs and IT leaders:
  • always keep software updated on all devices to prevent attackers from infiltrating IT networks by exploiting vulnerabilities;
  • focus defence strategy on detecting lateral movements and data exfiltration to the internet.
  • pay special attention to the outgoing traffic to detect cybercriminals’ connections;
  • set up offline backups that intruders cannot tamper with. Make sure responders can quickly access them in an emergency when needed;
  • enable ransomware and EDR protection for all endpoints;
  • provide your security operations centre (SOC) team with access to the latest threat intelligence and regularly upskill them with professional training.
The post Ransomware trends: Cross-platform execution, improving infrastructure and taking sides in war first appeared on IT World Canada.
Tags: DIKasperskyransomwaresecurity strategies

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Mobility
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00