A warning has been issued by Microsoft to all its customers regarding a crypto-mining malware that can steal credentials and remove security controls. It is being spread via email and can drop tools for human-operated activity. The malware is called ‘LemonDuck’ and is being used to target Windows and Linux systems. The malware uses older and newer vulnerabilities in the system to gain access to run effective malicious campaigns.
A malware worth just Rs 3,600 on the dark web is being sold which helps to steal data of mac and windows users. The malware is known as ‘Xloader’ as reported by Check Point Research. Using this malware the hackers can get access to log-in credentials, collect screenshots, log keystrokes, and execute malicious files. Over 50% of victims are from the US, while hackers in 69 countries have requested the evolved malware.
Microsoft confirmed the distribution of a malicious driver in gaming environments. It’s called Netfilter and is used to communicate with Chinese C2 IPs. In the investigation so far, no evidence has been found that stolen code-signing certificates were used. A threat actor tried to submit the driver using Microsoft’s process and managed to acquire Microsoft-signed binary in a legal manner. No enterprise environments have been affected so far.
Western Devices has advised users of My book live and My book live duo to disconnect their devices from the internet after malware was found. The malware wiped out the entire data of users. Many users posted on the WD community saying their devices were factory reset, some had lost years’ worth of data while some said their passwords were no longer working. WD reported no breach to its cloud services or systems.
Asian countries, in 2021, saw a rise of 15 % in the average cost of a DNS attack to $908,140 from $792,840 last year. Over 90 % of firms across the world witnessed a rise in DNS attacks. India, according to a report, witnessed the steepest rise in the number of DNS attacks. Phishing, this year, continues to grow along with malware-based attacks. The threat report was compiled by network security and automation solutions provider EfficientIP.
Microsoft’s Exchange Server software has been hacked by China-based threat actors to gain access to the network of at least 30,000 organisations across the US, including govt and commercial firms. Four vulnerabilities in the email software were exploited by hackers to access email accounts and install malware. Microsoft has released several security updates to fix these bugs and is advising the customers to install those immediately.
National Power Grid took all possible measures to protect its network from hacking by Chinese state-backed hackers when CERT-In in Nov detected ShadowPad malware, one of the largest supply chain vector. The national grid operator and its other units were alerted about the malware along with the possibility of a cyberattack. In Feb, another cybersecurity agency detected an attempt by Red Echo, a Chinese group, trying to break into the grid control system.
With clients investing heavily in network defences after the sophisticated cyber-attack by suspected Russian hackers that uncovered vulnerabilities in software supply chains, Palo Alto Networks reported its first $1 bn quarter of revenue. Sales escalated by 25% to $1.02 bn, according to Bloomberg, which is the biggest YOY increase in seven quarters. Over 18,000 SolarWinds clients were exposed to Russian malware in the recent past.