Sedrick Carroll

Sedrick Carroll

1598244180

Lazarus Group Brings APT Tactics to Ransomware

A new ransomware, VHD, was seen being delivered by the nation-state group’s multiplatform malware platform, MATA.

Targeted ransomware attacks are on the rise, usually perpetrated by financially motivated threat gangs, which often work in concert together. However, researchers said that a recent strain of ransomware, called VHD, can be linked to an unusual source: The Lazarus Group APT.

According to researchers from Kaspersky, the VHD ransomware has only been deployed in a handful of instances, with a limited number of samples showing up in the firm’s telemetry. There are also few public references.

This “doesn’t fit the usual modus operandi of known big-game hunting groups,” the researchers explained, in a blog post issued on Tuesday. “This indicated that this ransomware family might not be traded widely on dark market forums, as would usually be the case.” They added, “The data we have at our disposal tends to indicate that the VHD ransomware is not a commercial off-the-shelf product.”

Another indication that VHD is different was apparent from the start: An initial VHD incident in Europe involved a worm-like propagation technique reminiscent of APT groups.

“A spreading utility…contained a list of administrative credentials and IP addresses specific to the victim, and leveraged them to brute-force the SMB service on every discovered machine,” according to the post. “Whenever a successful connection was made, a network share was mounted, and the VHD ransomware was copied and executed through WMI calls. This stood out to us as an uncharacteristic technique for cybercrime groups; instead, it reminded us of the APT campaigns Sony SPE, Shamoon and OlympicDestroyer, three previous wipers with worming capabilities.”

#malware #apt #data analysis

What is GEEK

Buddha Community

Lazarus Group Brings APT Tactics to Ransomware
Arlo McLaughlin

Arlo McLaughlin

1603180800

Microsoft Exchange, Outlook Under Siege By APTs

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access (OWA) and Outlook on the Web – in order to steal business credentials and other sensitive data.

Both Microsoft’s Exchange mail server and calendaring server and its Outlook personal information manager web app provide authentication services – and integration with other platforms – that researchers say are prime for attackers to leverage for launching attacks.

Accenture’s 2020 Cyber Threatscape report, released Monday, shed light on how actors are leveraging Exchange and OWA – and evolving their tactics to develop new malware families that target these services, or using new detection evasion techniques.

“Web-facing, data-intense systems and services that typically communicate externally can make it easier for adversaries to hide their traffic in the background noise, while authentication services could open up a credential-harvesting opportunity for cybercriminals,” according to Accenture researchers on Monday.

APTs Flock Exchange, OWA

One threat group that has been targeting Exchange and OWA is what researchers dub “BELUGASTURGEON” (aka Turla or Whitebear). Researchers say that this group operates from Russia, has been active for more than 10 years and is associated with numerous cyberattacks aimed at government agencies, foreign-policy research firms and think tanks across the globe.

The group is targeting these Microsoft services and using them as beachheads to hide traffic, relay commands, compromise e-mail, exfiltrate data and gather credentials for future espionage attacks, said researchers. For instance, they are manipulating legitimate traffic that’s traversing Exchange in order to relay commands or exfiltrate sensitive data.

“Hosts supporting Exchange and associated services frequently relay large volumes of data to external locations— representing a prime opportunity for malicious actors to hide their traffic within this background noise,” said researchers.

Another group, which researchers call SOURFACE (aka APT39 or Chafer), appears to have developed similar techniques to conceal malicious traffic, manipulating local firewalls and proxying traffic over non-standard ports using native commands, tools and functions, researchers said. Researchers said this group has been active since at least 2014 and is known for its cyberattacks on the oil and gas, communications, transportation and other industries in the Australia, Europe, Israel, Saudi Arabia, the U.S. and other regions.

In addition, threat groups are also creating new malware designed to specifically target Exchange and OWA. Researchers said they discovered several malicious files in the wild in 2019 that they assessed “with moderate confidence” were associated to a group called BLACKSTURGEON, used in targeting government and public sector orgs.

That includes a file that seemed like a version of the group’s customized version of the “RULER” tool, which is designed to abuse Microsoft Exchange services. This file exploits the CVE- 2017-11774 Outlook vulnerability, a security-feature bypass vulnerability that affects Microsoft Outlook and enables attackers to execute arbitrary commands, researchers said.

Other Services Under Attack

Cybercriminals are also targeting services that support Exchange and OWA. For instance, client-access servers (CAS), which handle all client connections to Exchange Server 2010 and Exchange 2013, typically operate in web-login portals for services including OWA. Attackers with access to CAS may be able to deploy capabilities to steal user login credentials, researchers said.

“Notably, an advanced persistent threat actor reportedly deployed web shells to harvest credentials from OWA users as they logged in,” they said.

The Windows Internet Information Services (IIS) platform, which supports OWA, is another increasing target. IIS is a web server software created by Microsoft for use with the Windows family. Researchers said they have observed SOURFACE, for instance, deploying custom Active Server Page Extended (ASPX) Web shells to IIS directories within the victim’s OWA environment. These web shells would include discrete file names, to resemble legitimate files on the victim’s system (for instance “login2.aspx” instead of “login.aspx”). And, to evade static detection, they typically contained limited functionality, often only file upload and download or command execution.

#cloud security #government #hacks #vulnerabilities #web security #accenture 2020 cyber threatscape report #advanced threat #aka apt39 #apt #belugasturgeon apt #blacksturgeon apt #chafer #microsoft #microsoft exchange #microsoft outlook #outlook on the web #owa #russia #sourface #tactics #turla apt #whitebear apt #windows internet information services

Sedrick Carroll

Sedrick Carroll

1598244180

Lazarus Group Brings APT Tactics to Ransomware

A new ransomware, VHD, was seen being delivered by the nation-state group’s multiplatform malware platform, MATA.

Targeted ransomware attacks are on the rise, usually perpetrated by financially motivated threat gangs, which often work in concert together. However, researchers said that a recent strain of ransomware, called VHD, can be linked to an unusual source: The Lazarus Group APT.

According to researchers from Kaspersky, the VHD ransomware has only been deployed in a handful of instances, with a limited number of samples showing up in the firm’s telemetry. There are also few public references.

This “doesn’t fit the usual modus operandi of known big-game hunting groups,” the researchers explained, in a blog post issued on Tuesday. “This indicated that this ransomware family might not be traded widely on dark market forums, as would usually be the case.” They added, “The data we have at our disposal tends to indicate that the VHD ransomware is not a commercial off-the-shelf product.”

Another indication that VHD is different was apparent from the start: An initial VHD incident in Europe involved a worm-like propagation technique reminiscent of APT groups.

“A spreading utility…contained a list of administrative credentials and IP addresses specific to the victim, and leveraged them to brute-force the SMB service on every discovered machine,” according to the post. “Whenever a successful connection was made, a network share was mounted, and the VHD ransomware was copied and executed through WMI calls. This stood out to us as an uncharacteristic technique for cybercrime groups; instead, it reminded us of the APT campaigns Sony SPE, Shamoon and OlympicDestroyer, three previous wipers with worming capabilities.”

#malware #apt #data analysis

Kole Haag

Kole Haag

1600959600

OldGremlin Ransomware Group Bedevils Russian Orgs

A new cybercriminal group called OldGremlin has been targeting Russian companies – including banks, industrial enterprises and medical firms – with ransomware attacks.

OldGremlin relies on a bevy of tools, including custom backdoors called TinyPosh and TinyNode, to gain an initial foothold in the organization. It also uses tricky spear-phishing emails that utilize constantly evolving lures — from false coronavirus pandemic recommendations to fake requests for media interviews. And, the Russian-speaking cybercriminal group targets other Russian organizations, which researchers say is a big no-no within the Russian hacker community.

Researchers first discovered the group in August, when it targeted a large, unnamed medical company with a spear-phishing email purporting to be sent by the media holding company RBC. Instead, the email was an attack vector for OldGremlin to encrypt the company’s entire corporate network and demand a $50,000 ransom.

#hacks #malware #vulnerabilities #web security #cobalt strike #cyberattack #group-ib #malware #oldgremlin #phishing attack #ransomware #rbc #russian organization #spearphishing #threat #threat group #tinynode

German Donnelly

German Donnelly

1591415095

How to Install and Correct Dependencies Issues in Ubuntu

What is a Dependency?
A dependency is defined as a file, component, or software package that a program needs to work correctly. Almost every software package we install depends on another piece of code or software to work as expected. Because the overall theme of Linux has always been to have a program do one specific thing, and do it well, many software titles utilize other pieces of software to run correctly.

Introduction
Let’s review what dependencies are and why they are required. We all have, at one point or another, most certainly seen a message from our system when we were installing software regarding “missing dependencies.” This error denotes that a required part of the software package is outdated, unavailable or missing. Let’s review how to address those issues when we come across them on Ubuntu.

#tutorials #apt #apt-cache #apt-get #apt-mark #autoclean #autoremove #cache #clean #cleanall #component #dependencies #dependency errors #dpkg #file #linux #package #ppa #ppa-purge #purge #python #repository #showhold #software #ubuntu #unmet dependencies errors

brian john

brian john

1627998012

Eveything you need to know About Seo group buy: Choosing Your Seo tool

Seo can be a great headache without help of handy and nifty Seo tools


But did you ever think all these Seo Factors can't be performed without Seo tools


majority of Seo tools comes with Highest Prices


Like Ahrefs , Semrush, Majestic, kwfinder, Spyfu, Surfer Seo, Conversion.ai, Article forge group buy, Moz pro, Grammarly, buzzsamo, Woorank, ubersuggest, Crazy egg and many more Seo tools that can cost you thousands of dollars every month


many Seo's left Seo due to high Prices of these Best Seo tools


Some freshers are barriered by high prices of these Seo tools


But don't worry if you are running out of money, or you're unable to pay thousands buck every month


Seogbtools.dev come with Group buy seo tools solution that can provide you 40+ Seo tools including above listed Seo tools and many other essential Seo tools that can move your Seo needle to 180 degree and reserve your website position on the of SERP.


Seogbtools.dev Aka Seo group buy is All in one Seo tool set serving more then a decade in Group buy Seo tools industry


it provides you All Digital marketing Plan Whether you're an Seo or amazon Seller.


it offers premium amazon Group buy which include helium 10, Jungle scout, Ecome, Salehoo, pexda, keepa Chrome, amz tracker, FreshDrop, Viral launch, merchant Words, amz.one Zik analytics


facebook competitive campaign Spying and PPC and Spying Seo tools Like Adplexity Group buy, Anstrex Group buy, Stm forum Group buy, Adbeat Spy, Adperiscope Group buy , Djisuniversity Forum, Dropispy Group buy , Madesociety group buy , ispionage Group buy


Seo Group buy Features that you have never heard before :


we are the #1 Group buy seo tools providers that provide best Seo group buy at a very Affordable price with highest uptime.


One click access(No Rdps & VNCs, No Extension, No Cookies, and no Portables)


instant access to Seo, Ecom, Affiliate and PPC account


24/7 responsive Support


legit Purchases with invoice proof


Champaigns and Projects Privacy


tools tracking and monitoring


we claim that we are the Best Seo group buy upon the Plan that standalone in the group buy tools industry from a decade for a reason. We made a point to let you buy all the Stuff with premium Quality of Seo tools on a saas based that provide one click Access to all premium accounts.

 

#Seogroupbuy 

#groupbuySeotools 

#ahrefs group buy 

#supremseo 

#group seo tool 

#semrush group buy 

#adplexity group buy 

#group buy tools 

#buy seo tools 

#surfer Best For every Size of Business