Dear members of the security community as Google would put it,
We have seen REvil ransomware group now attacking more and more dastardly. They seem to have enormous funds in bitcoins to get their hands on the very high ranking not yet known vulnerabilities, that others have been sitting on for years not known even to the knowledge of the community.
What was it that Kaspersky detected, what it’s av wasn’t supposed to flag and let forces turn a sour eye on them?
Many a question, no or very little anwers. World Economic Forum specialists warning now for the big one to come or better say being “in the pipeline” to deregulate the very core of Interweb’s infrastructure.
Ransomware attacking concerns and firms may influence also stock=markets (ransomeware gangs publish insights into their potential victims, as they operate like enterpreneurs). It also may drive prices up, as concerns or industries seek to compensate millions and millions in bitcoin losses. Sometimes even insiders from MS wonder what will be the crux of the next attack, they did not see coming. Be aware of your updates (e.g. on coming July 8th).
These are dangerous digital times to live in folks, keep avast at your side (or would it be site)?
Forewarned is forearmed, the proverb goes,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Its about time Governments got serious about this and have the funds seized from the bitcoin accounts as the proceeds of crime. After all in order for the ransom to be paid the account has to be given, that is the start of the financial trail.
Microsoft Defender
To execute the attack the attackers used a vulnerable version of Microsoft Defender, according reports by Sophos AV’s Mark Loman.
That specific version is vulnerable to side-loading, in which malicious code can be loaded into a dll-file, when positioned correctly. Attackers often position such a dll-file often inside the directory of the accompanying executable. When the executable is being run also the malicious dll-file will be laoded. All part of a process called dll-hijacking.
As soon as such a dll-file has been loaded into memory, the malware will rid itself from the hard disk. Then the executable and compromitted Microsoft Defender file will encrypt hard disk, external disks and network disks. All this will be performed by a Microsoft Signed application that securitycontrols will more often then not trust and will allow to run.
An opponent that is able to perform such cybercriminal operations is a tremendous opponent.
Be afraid, folks, be very afraid, see where Big Tech security through obscurity may lead us.
The Cybercrime Twilight zone, real insecurity may be out there somewhere…
But whenever old vulnerable customer portals are left to be abused online,
we haven’t achieved the more secure situation we are after.
Not by a long way. Sometimes I also feel like preaching for the choir.
Interwebz a dangerous place to be sometimes.