World Hacker attacks on logistics company

12:50  08 april  2021
12:50  08 april  2021 Source:   zdnet.de

1 American evacuated from Mozambique as ISIS-linked rebels seize coastal town

  1 American evacuated from Mozambique as ISIS-linked rebels seize coastal town At least one American has been evacuated from Mozambique following deadly attacks by ISIS-linked rebels who left beheaded bodies strewn on beaches and in the streets. John Godfrey, the State Department's acting special envoy for the global coalition to defeat ISIS, condemned the "sheer brutality" of the attacks in the coastal northeastern town of Palma and said the local jihadist group responsible has become increasingly brazen.

apple-supply-chain © default_credit Apple-Supply Chain ESET has found that the Lazarus Group is specifically attacking logistics companies. This is tricky, because failures in global freight logistics can have serious consequences.

Interruptions in the Global Supply Chain can jeopardize supply chains worldwide. Because whether digital or analog: failures are particularly tricky for global freight logistics. This has recently shown the blockade of the Suezkanal by the container ship "Ever Given".

ESET Researcher has now discovered a previously unknown backdoor that was used in an attack on a freight logistics company in South Africa. Behind the malware is the infamous Lazarus group. For this purpose, the Security experts of the European IT security manufacturer have discovered similarities with previous operations and procedures of the Hacker Group. The backdoor named Vyveva has several espionage functions, such as collecting information on the destination computer and its forwarding to Lazarus calculator. An interruption of the IT systems would have been possible. The spying program communicates with its Command & Control (C & C) server via the gate network. Your results have now published the ESET researchers on WelivesCurity.

9 tips to protect your organization against ransomware

  9 tips to protect your organization against ransomware Over the past six months, the number of organizations hurt by ransomware shot up by more than 50%, says Check Point Research.SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

"VyveVA has numerous similarities in the code with older Lazarus samples. In addition, the use of a fake TLS protocol in network communication, the concatenation of command lines and the way the encryption and gate services are used to be used to the APT group. Therefore, we can attribute the backdoor with high probability of the Lazarus group, "says Filip Jurčacko, the ESET researcher who analyzed Vyveva.

The investigations of the European IT security manufacturer indicate that VyveVA was used specifically. The ESET researchers could only find two sacrificial calculators, which are servers of a South African logistics company. In the analysis by the ESET researchers came out that Vyveva has been in use for at least December 2018.

Ransomware as a service is the new big problem for business

  Ransomware as a service is the new big problem for business Easy-to-use ransomware as a service schemes are booming, accounting for almost two-thirds of ransomware campaigns during the past year, warn researchers.Ransomware as a service is proving effective for cyber criminals who want a piece of the cyber-extortion action but without necessarily having the skills to develop their own malware, with two out of three attacks using this model.

The backdoor executes commands issued by the hacker group, such as collecting sensitive data. Also, there is a command to change time stamp for files. The communication to the C & C server holds VyveVA via the gate network and contact it in three-minute intervals. The spy program sends information about the affected computer and its drives. Here, so-called watchdogs are used, which send a message to the C & C server for certain changes at the infected system.

"Particularly interesting are special watchdogs of the backdoor, which monitor newly connected and separated drives. Also, there is a watchdog that monitors the number of active sessions. This can be the number of logged-in users, for example. These components can trigger a connection to the Command and Control (C & C) server outside the regular, preconfigured three-minute interval, "explains Jurčacko.

in the worldwide goods trade Swap logistics companies with each other and are often networked together. Therefore, it is not excluded that here further companies are affected by this attack.

Webinar When Endpoint Protection counts every second: Why the defusing in real time is decisive

Carsten Maceus, Systems Engineer at Fortinet, explained in this webinar, as a modern IT security architecture should look in business. He illustrates this using the example of a football stadium where Bengalos, throats, folders and spectators act. Exciting.

Register now and view webinar recording

Parents were at the end of their chain — then ransomware hit their kids' schools .
Cybercriminals have ramped up attacks against public school districts, underscoring how ransomware has become a daily scourge preying on Americans almost daily.Like most parents, Sanders has been performing a daily juggling act. When she's not teaching special education classes at Buffalo Public Schools, she and her husband are usually making sure their three kids are attending their remote classes.

usr: 0
This is interesting!