Technology Hackers hide fileless malware using Windows error reporting

14:50  07 october  2020
14:50  07 october  2020 Source:   zdnet.de

Churchill Downs to allow limited attendance at 2020 Kentucky Derby

  Churchill Downs to allow limited attendance at 2020 Kentucky Derby Churchill Downs officials announced Wednesday the track will limit attendance for the September 5 Kentucky Derby to less than 23,000 guests, with no infield.The plan includes no general admission, and the infield will be closed. Pre-purchased general admission tickets will be refunded. Reserved seating will be limited to a maximum of 40% occupancy. Standing-room-only tickets have been eliminated.

An unknown hacking group injected malicious code within the legitimate Windows Error Reporting (WER) service to evade detection as part of a fileless malware attack as discovered by Malwarebytes researchers last month.

Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks.

Windows Logo (Bild: Microsoft) © DEFAULT_CREDIT Windows Logo (Image: Microsoft) The malicious code first reaches a system via a malicious e-mail attachment. When executed, it leaves no traces on a mass storage device. The camouflage via error reporting allows security applications to be tricked.

Malwarebytes has discovered a new hacking campaign , in which fileless malware is used. It uses various techniques to evade detection by security applications. Among other things, it injects code into the Windows error reporting executable for this purpose.

The researchers found the first traces of the new malware on September 17th when analyzing phishing e-mails with a malicious file attachment in ZIP format. According to a report by Bleeping Computer , the document contained therein executes shellcode using a macro belonging to the so-called CactusTorch framework.

Arminia Bielefeld: Hackers paralyze homepage!

 Arminia Bielefeld: Hackers paralyze homepage! © Provided by 90min The Arminia server was temporarily paralyzed Actually, Arminia Bielefeld wanted to start making the tickets for the upcoming home game against 1. FC Köln available on their own homepage last Sunday. However, technical problems caused the site to collapse - hackers are believed to be responsible.

Fileless malware does not use traditional executables to carry-out its activities. So, it does not use the file system, thereby evading signature-based detection system. The fileless malware attack is catastrophic for any enterprise because of its persistence, and power to evade any anti-virus solutions.

Defeating fileless malware . What exactly are fileless threats? The term " fileless " suggests that a threat A compromised device may also have malicious code hiding in device firmware (such as a BIOS) Some malware can have a sort of fileless persistence, but not without using files to operate.

This code in turn stores a .NET object directly in the main memory of the now infected Windows system. The researchers start the binary file directly from the main memory without leaving any traces on mass storage by injecting shellcode into the process of Windows error reporting.

As a further precautionary measure, the malicious error reporting process checks whether a debugger is running or running in a virtual machine, for example - signs that indicate a possible investigation by security researchers. Only after these checks have been successfully carried out does the malware continue its attack and decrypt the final malicious code, which starts in a new thread of error reporting. An analysis of this final malicious code has not yet been possible for Malwarebytes because the domain hosting the code is currently unavailable.

Ransomware attack on hospital could turn into homicide after death of German patient

 Ransomware attack on hospital could turn into homicide after death of German patient © Provided by Clubic According to German authorities, a computer attack against Düsseldorf University Hospital would be in the origin of the death of a patient. Because of the attack, it could not be taken care of by the emergency services and had to be sent, late, to another city. This would be the first time that a death is directly caused by a computer attack. According to the German press, the ransomware in question was not intended for the hospital and had been misdirected.

Errors are encountered. Malware is not detected. Malware keeps coming back. Malware has caused irreversible changes. Windows is already configured to automatically prompt for feedback by default. To ensure this feature is turned on, select Start > Settings > Privacy > Diagnostics & feedback.

3. Windows registry malware – newer types of fileless malware are capable of residing in Windows ’ registry. The Windows Registry is a database that When it first surfaced, fileless malware caused computers to run veeeeeeery slooooooowly, because it used their RAM memory to carry on the attack.

The technique of hiding code in Windows error reporting is not new, according to the report. It is also said to help Cerber ransomware and the remote access Trojan NetWire to avoid detection.

The researchers were also unable to determine who is behind the new campaign. However, some indicators are intended to point to a group supported by the Vietnamese state known as APT32 or OceanLotus and SeaLotus, respectively. This group recently took action against foreign companies investing in Vietnam. But they are also credited with breaking into media companies and human rights organizations worldwide.

ADVERTISEMENT How to react to the increased demand for online videos - important findings and trends

The lockdown introduced by numerous countries due to the corona crisis and the associated social distancing have set new records in online video traffic. In this webinar, learn how to examine and quantify data to assess the load on networks and CDNs.

Register now and watch the recording.

Hacking attacks on government growing more sophisticated, intelligence agency warns .
Hacking attacks launched by online criminals against the Canadian government are growing increasingly sophisticated, warns the head of Canada's cyber security agency."We certainly do see state actors, but by far and large it's cybercrime, which I would say is getting more and more sophisticated," Scott Jones, head of the Communications Security Establishment (CSE) Canadian Centre for Cyber Security, told CBC News.

usr: 6
This is interesting!