LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis released on Monday, featuring a souped-up encryption method.
“In contrast to LockBit’s attacks and features in 2019, this version includes automatic encryption of devices across Windows domains by abusing Active Directory (AD) group policies, prompting the group behind it to claim that it’s one of the fastest ransomware variants in the market today,” according to the report. “LockBit 2.0 prides itself on having one of the fastest and most efficient encryption methods in today’s ransomware threat landscape. Our analysis shows that while it uses a multithreaded approach in encryption, it also only partially encrypts the files, as only 4 KB of data are encrypted per file.”
Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.
“This vulnerability is pre-authentication and requires no user interaction,” Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company’s May Update Tuesday release. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
As our reliance on technology grows, so does our need for improved cybersecurity. With so much of our personal information stored in our devices, simply browsing online or enabling certain settings on your smartphone may be leaving you vulnerable to hackers.
Of course, most users aren't well-versed in cyber security. However, you don't have to be a tech expert to ensure your data is protected. Being aware of these issues and making a few easy changes to how you use your devices are great first steps toward better protection.
To help, we asked the leaders at the Forbes Technology Council to give us their tips on what issues to look out for so we can stay safe online and off.
The Weather Channel knocked off air by 'malicious software attack
The Weather Channel was knocked off the air Thursday morning by what it said was a malicious software attack on the network.
More weak passwords, a key to security and compromised web sites
Welcome to Cyber Security Today. It’s Monday April 15th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:
Trend Micro has discovered a new piece of malware that tries to install a hidden program on your computer to mine for cryptocurrency. So it secretly uses your computing power to benefit a criminal. The best ways for you to avoid being infected are to make sure all your software is regularly updated, be careful about the links you click on in email, the web sites you go to, and use strong, original passwords for logins. What I want to point out is the attack starts with the malware automatically trying to log in to your computer using a list of common, weak passwords. Here’s a few on the list, passwords you must avoid: 123456; password; football; welcome; login; hello; admin; abc123 and keyboard letters in a row, like qwerty. Now, if trying these and other commonly-used stolen passwords don’t work the malware tries more sophisticated login techniques. But if you make it easy for criminals they’ll take advantage of you. So instead of passwords create easier to remember passphrases. As I’ve said before, use a password manager and, where possible, two-factor authentication.
Just when you thought you had all of your defenses in place when fighting Malware, Cyber Attacks, and Ransomware… think again! Cybercriminals are busy crafting new methods of attacks that are ready to take your data for prey and pounce on your personal information. Here are 10 new sneaky attacks to be on the look-out for in the new year!
- Rivaling governments and geopolitical cyber-warfare funding the efforts of cybercriminal gangs to create chaos, steal intellectual property, and profit from fraud and extortion by breaching personal data.
- New variants of ransomware (including doxware, which threatens to publish sensitive data like browsing histories unless a ransom is paid)
- Much more widespread use of cryptojacking (stealing computing resources to mine cryptocurrency without sharing the profits)
- More distributed denial-of-service (DDoS) attacks on critical servers and networks, abetted by the conscription of armies of Internet-of-Things (IoT) devices
- Increasing use of fileless malware (which never becomes disk-resident, only loads directly into memory, and thus evades many signature-based endpoint anti-malware measures)
- More synergistic attacks (in which multiple malware attacks are injected onto a system and the poorest-defended one activated using AI and ML to improve attack techniques
- Continued reliance on phishing as the most effective attack vector for malware, with more sophisticated attacks targeted at higher-value individuals.
- Increasingly target cloud services and edge computing environments with malware attacks
- Enslave legions of IoT devices for use in DDoS and cryptojacking attacks
- Exploit the new attack surfaces and rich data targets presented by 5G networks and applications.
Why did Easy IT Support partner with Symantec? Because Symantec is a enterprise grade security for the masses. Cyber safety for consumers!
A patchwork of stand-alone security products from multiple vendors is simply too expensive, too complex, and, even worse, it’s proven to be ineffective.
As the world’s leading cyber security company, we deliver a better way forward:
it’s called Integrated Cyber Defense.
An open platform that seamlessly combines security solutions from Symantec and our technology partners into a single framework across devices, networks, cloud, and datacenter infrastructure.
- Threat Prevention
- Incident Response
- Managed Security Services
Integrated to reduce complexity for ease of use and lower costs.
Reports out of Iran indicate that a massive attack on Iranian infrastructure and strategic networks took place in the last few days by a computer virus even more powerful than the Stuxnet worm that wrought tremendous damage on Iran's nuclear program.
Israeli officials are refusing to discuss any role they had in unleashing the virus, which has been described as “more violent, more advanced and more sophisticated" than Stuxnet.
What the repeal of net neutrality regulations means for cyber security?
COMMENTARY: Security issues aside, the FCC’s repeal of net neutrality pisses me off.
I know – that’s an unusual introduction to an article, but it’s important you know an author’s bias before taking their word on a subject. Security aside, I believe the repeal of net neutrality is a travesty for all citizens. The Internet has become so important to society that everyone should have affordable, unfettered access to it. Therefore, it makes sense that the government treat it like a utility or telecommunication service, and limit commercial organizations’ ability to constrain or control it. I’m not alone in feeling this way, as the vast majority of voters agree. Nonetheless, the FCC decided to repeal it late last year. Yes, this repeal introduces potential consumer ramifications, but it also presents new cyber security implications you need to consider as well.