Safety information report
Want to clear blackmail Software : It is necessary to strengthen the supervision of cryptocurrency exchanges
To 2022 year , Ransomware will remain a major threat , In response to it , The crypto ecosystem must be subject to more regulation .
according to Fortinet A recent report , It's just 2020 year 7 Month to 2021 year 6 Between months , Extortion software activity has soared 1,070%, Other researchers have confirmed the spread of this extortion pattern . Imitate the business model popular in the world of legal technology , Ransomware as a service portal appears in the dark corner of the network , Institutionalize the shadow industry , And cut the skill cap of criminals . This trend should sound an alarm in the encrypted ecosystem , Especially because blackmail software attackers do have the knack of encrypting payment .
Some of the largest centralized exchanges (CEX) First class financial crime investigators are being hired to supervise their anti money laundering work .
Decentralized exchange (DEX) Make things more difficult , Let's face it , It is not as decentralized as the name implies , But like to claim in other ways . in the majority of cases ,DEX Getting to know your customers (KYC) There are few measures ( If any ), Help users jump between coins and blockchains in their spare time , And leave few traces . Although some of them may use various analysis services to conduct background checks on their wallets , But hackers can try to bypass these services using mixers and other tools .
This year, 9 month , The U.S. Treasury Department against OTC brokers Suex Sanctions have been imposed , The reason is that they have effectively promoted extortion software money laundering . This development should be for local CEX and DEX Ring the alarm , Because it applies the domino effect of US sanctions to the encrypted ecosystem .
Blackmail software is a complex problem , It's hard to solve with a panacea decision . This will require a more nuanced approach , And there is likely to be a need for more international cooperation on this issue . For all that , There are good reasons to make exchange regulation a major part of such efforts , To prevent the attacker from obtaining the attack results , So as to hit the financial core of its business .
News source :
https://cointelegraph.com/new...
OpenSea The investigation concluded that , Millions of dollars worth NFT Stolen in phishing attacks
stay OpenSea Millions of dollars worth of NFT After being stolen by hackers , Emerging markets, which cannot replace tokens, fell into chaos on Saturday night .Finzer Express , The company draws conclusions based on internal and external dialogue , The incident was a phishing attack , Not from OpenSea Website .
It can be confirmed that the hacker has stolen more than 300 Million dollars in assets , These include popular NFT, Such as Bored Apes、Azuki and CloneX.
Nansen CEO of Alex Svanevik It is estimated that there is about 19 name OpenSea Users are affected .OpenSea—— More recently than 130 Billion dollar valuation financing , It's the biggest NFT One of the trading platforms .
News source :
https://www.theblockcrypto.co...
How to solve the problem of blackmail attack on health care ?
2021 year , There has been an alarming increase in extortion software attacks against healthcare systems —— In the third quarter alone, there were more than 65 Reports of ransomware attacks against healthcare organizations , Two thirds of organizations report that they have been targeted by blackmail software attacks —— This trend is likely to be in 2022 Year to continue .
Some extortion software organizations specifically target the healthcare industry , Think a successful attack is more likely to lead to payment , Because it can cause chaos . Increasingly, these attacks involve not only the encryption of systems and files , Make them inaccessible until the ransom is paid , It also involves theft and threats to release data to increase influence on victims . Such attacks sometimes affect the provision of health services , Lead to terrible health consequences .
Besides , While understanding that health care entities are victims in these situations , The law enforcement authorities have made it clear that , Healthcare companies must strive to meet federal requirements in the event of a data breach 、 State and local notification requirements . These requirements may include the submission of written documents to the authorities “ Violation report ”, And directly and timely notify the individuals whose data has been leaked .
In view of these challenges , Healthcare organizations can and should actively deal with the harm caused by ransomware by hiring professionals with expertise in dealing with ransomware attacks . Network security companies can make plans to prevent blackmail software attacks , If such an attack occurs , External consultants can help develop response plans . The response plan should outline the factors that the company will consider when deciding whether to pay the ransom , Determine who needs to be consulted , And put forward suggestions on threat mitigation and containment strategies .
News source :
https://www.managedhealthcare...
TrickBot Malware has been Conti Blackmail software gangs take over
TrickBot It's a Windows Malware platform , It uses multiple modules to carry out various malicious activities , For example, stealing information and passwords 、 penetration Windows Domain 、 Access corporate networks and deliver malware . since 2016 Since then ,TrickBot Our developers work with extortion software gangs , Took over and infected millions of devices around the world .
although Ryuk Blackmail software gangs first worked with TrickBot Cooperate to gain access to their technology , But the organization has been Conti Replaced by blackmail software gangs , The gang has been using its malware to access the company's network for the past year . According to the AdvIntel call , Manage all kinds of TrickBot The activity is called Overdose Cybercrime organizations , The organization earned at least... From its attacks 2 Billion dollars .
AdvIntel The safety researchers noticed that ,Conti Has become TrickBot The only user of the botnet . To 2021 end of the year ,Conti Basically acquired TrickBot, Many elite developers and managers have joined the extortion software gang .
Conti Blackmail software organizations plan to use TrickBot The new product BazarBackdoor Malware , Because it's more hidden and harder to detect . Even though BazarBackdoor Used to be TrickBot Part of a larger toolkit , But according to AdvIntel call , It has become its own fully autonomous tool .
News source :
https://www.techradar.com/new...
Break into Microsoft Teams meeting : Hackers spread malicious software wantonly
Hackers break into company accounts , Then pretend to be an employee , With the Microsoft Teams A lot of malware was distributed in the meeting .
Researchers have documented in recent months “ Thousands of times ” adopt Microsoft Teams Malicious attacks spread by the conference , The basis of an attack is usually Microsoft 365 Account stolen : Hackers are very good at using traditional email phishing methods to invade Microsoft 365 account , They learned that the same login credentials apply to Microsoft Teams.
Once it can be accessed in this way , Attackers can participate relatively undisturbed Teams meeting . According to the analysis of , The infection process is always the same : Link to a malicious executable in chat , Pretend to be legal “ user-centric ” The program . after , Usually , Victims need further inexperience , They were deceived by the so-called legitimate sender , To install malware . In this step , The Trojan horse can kill malicious people DLL Release files to PC On , To take over the system remotely .
News source :
https://california18.com/brea...
Rapid growth is based on Golang Of “Kraken” Botnets appear
According to the cyber security company ZeroFox reports , In the past few months , in the light of Windows Based on the Golang The new botnet has been deployed on every new (C&C) Hundreds of new systems were captured on the server .
go by the name of Kraken Botnets can download and execute secondary payloads on infected systems , But in addition to being persistent , It can also collect information 、shell Command execution 、 Cryptocurrency theft and screenshots .
Kraken Originally in 2021 year 10 month 10 Day appears in GitHub On , Its source code precedes all observed binaries . however , It is not clear whether botnet operators created GitHub Just stole the account code .
lately ,Kraken Developers have added the ability to steal funds from various cryptocurrency wallets . The data obtained from the cryptocurrency pool shows , Botnet operators earn about... Per month 3,000 dollar .
News source :
https://www.securityweek.com/...
2021 More than... Were detected in 6.2 Billion ransomware attacks
according to SonicWall The data of , Last year, the enterprise IT The blackmail software attacks faced by the team are in the triple digits (105%) Grow to more than 6.23 100 million times .
This security provider released a new 2022 year SonicWall Cyber Threat Report , It's based on from near 215 A country / Regional 100 It is compiled from the analysis of 10000 safety sensors and third-party sources .
Almost all monitored threats , Including Internet of things malware 、 Encryption threats and encryption hijackings , stay 2021 Year on year increase . However , Extortion software is growing particularly rapidly , since 2019 Has soared since 232%, And 2020 Compared with the data of , Near... Detected 3.19 100 million times .
In addition to the increase in attacks against government targets 1885% Outside , Health care (755%)、 education (152%) And retail (21%) The threat of blackmail software has also surged .
according to SonicWall The data of , The global Cryptojacking Attacks increased 19%, A record 9710 Ten thousand times , The number of malware detection on the Internet of things has increased 6%, achieve 6010 Ten thousand times .
Interestingly , The supplier also saw Log4Shell The rapid and significant impact of vulnerability exploitation . stay 12 month 11 solstice 1 month 31 During the day , The threat participants recorded 1.42 Billion utilization attempts , Reach... Every day 270 Ten thousand times .
SonicWall President and CEO Bill · connor (Bill Conner) Express , The proliferation of threats has also prompted defenders to enhance their resilience . Expect to 2021 end of the year , Global cybersecurity spending will grow 12.4%, yes 2020 Twice as many years .
News source :
https://www.infosecurity-maga...
Security vulnerabilities threaten
Hackers use Log4j Patched vulnerabilities in the spread of ransomware VMware user
The hacker attacked VMware user ,Log4j The vulnerability reappears in the infected system . According to network security analysts , The notorious organization behind this attack is TunnelVision.
According to Sentinel One According to the researchers , Cybercriminals have been actively sabotaging... By deploying backdoors and collecting sensitive information about victims VMware. They inject PowerShell command , Create a backdoor user . Security vulnerabilities begin with Log4j Exploit , because Tomcat process , They use PS reverse shell Get orders .
Usually ,VMware Use Apache Tomcat To deploy Java Medium Web Applications .TunnelVision Hackers can remotely control the network through the server .
According to another report , This is a TunnelVision What the team did after setting up .
- Create backdoor users and include them in the network administrators group .
- Execute reconnaissance orders .
- utilize ProcDump、comsvcsMiniDump and SAM Hive dump for data collection .
- install Ngrok and Plink To start Remote Desktop control .
News source :
https://www.techtimes.com/art...
Google To the world 32 Million users issued an emergency warning
Google said through its blog post that , In all Chrome Browsers have found one classified as high severity (CVE-2022-0609) The zero day loophole of , And is being hacked .
Other... Were detected in the browser 7 A loophole , Include 6 Two are classified as high-level and 1 One was rated as intermediate , Affect all Windows、Mac and Linux operating system .
Google Keep the details of the vulnerability confidential , up to now , The following is available information about vulnerabilities sorted by risk level :
1. high -CVE-2022-0603
2. high -CVE-2022-0604
3. high -CVE-2022-0605
4. high -CVE-2022-0606
5. high -CVE-2022-0607
6. high -CVE-2022-0608
7. in -CVE-2022-0610
According to Forbes , The zero day vulnerability exploited by hackers this time is a “Use-After-Free”(UAF) Loophole , Make it a target for hackers Chrome The most successful 、 The most popular form of hacker attack .
Google Suggest Chrome Users update their web browser to Chrome to update 98.0.4758.102. To update Chrome, Please go to the menu (3 Point icon )> Set up > About Chrome, Wait for the update download process to complete , Then click restart to restart the browser .
News source :
