- New Fileless Ransomware with Code Injection Ability Detected in the Wild
Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. Today hackers and cybercriminals are becoming dramatically more adept, innovative, and stealthy with every passing day. According to a latest report, the Security researchers have discovered a new fileless ransomware named “Sorebrect,” which injects malicious code into a legitimate system process (svchost.exe) on a targeted system and then self-destruct itself in order to evade detection. The Sorebrect has been designed to target enterprise’s servers and endpoint. The injected code then initiates the file encryption process on the local machine and connected network shares. Sorebrect,” fileless ransomware first compromises administrator credentials by brute force or some other means and then uses Microsoft’s Sysinternals PsExec command-line utility to encrypt files. It not only affects local system but also scans the network for other connected computers with open shares and locks files available on them as well. Once the system is infected with this ransomware then one is unable to detect it because this nasty ransomware deletes all event logs (using wevtutil.exe) and shadow copies (using vssadmin) on the infected machine that could provide forensic evidence such as files executed on the system and their timestamps.
Cyber Security Tips: To prevent your system from such a malware, users are recommended to Restrict user write permissions, Limiting privilege for PsExec, keeping your system and network up-to-date, Backing up your data regularly, Adopting a cyber security-aware workforce and keep using reputed antivirus and antimalware software’s.
- Erebus Ransomware Targets Linux Servers
The IT security researchers at Trend Micro recently discovered malware that has the potential to infect Linux-based servers. The malware, is called Erebus. It has been responsible for hijacking 153 Linux-based networks of a South Korean web-hosting company called NAYANA. According to the report, Erebus is a ransomware capable of infecting Linux operating systems. As such, around 3,400 of NAYANA’s clients were affected due to the attack with databases, websites and other files being encrypted. According to Trend Micro’s report, Erebus was originally found in September 2016. At that time, this malware was not that harmful and was being distributed through malware-containing advertisements. Once the user clicked on those ads, the ransomware would activate in the usual way. This ransomware has ability to bypass User Account Control.
Cyber Security Tips: Administrators are recommended to simply keep the Linux server updated with the latest firmware and anti-virus software, back-up of your data files and avoid installing unknown third-party programs.
- 120,000 IP cameras hit by IoT botnet malware
Bangalore: Trend Micro security researcher has detected a new Internet of Things (IoT) botnet malware called Persirai. According to the report, the malware were targeted to affect over 120,000 Internet Protocol (IP) cameras. Many of these vulnerable users are unaware that their IP cameras are exposed to the internet which makes it significantly easier for the perpetrators behind such malware, to gain access to the IP camera web interface via TCP Port 81. IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware. After logging into the vulnerable interface, the attacker can perform a command injection to force the IP camera to connect to a download site via commands. After receiving commands from the server, the IP camera will then start automatically attacking other IP cameras by exploiting a zero-day vulnerability that was made public a few months ago. Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength.
Cyber security Tips: Users are recommended to keep their firmware up-to-date, keep using security devices such as Intrusion detection and Prevention Systems, keep changing your password, and disable their default credentials.