What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-31 10:00:00 | Les attaques de ransomwares sont-elles toujours une menace croissante en 2024? Are Ransomware Attacks Still a Growing Threat in 2024? (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Ransomware attacks continue to pose a growing threat to organizations as it has emerged as the number one threat, affecting 66% of organizations in 2023 and pulling over $1 billion from the victims. These attacks have increased in frequency and sophistication, resulting in significant financial loss, operation disruption, theft of sensitive data, and reduced productivity rates. Also, it damages the organization\'s reputation and results in the loss of customer trust and compliance violations. An organization needs a comprehensive protection strategy to reduce the frequency of these attacks and the risks they pose. Ransomware Business Model: How These Attacks Are Evolving? In the past, ransomware attacks mainly relied on phishing emails, remote desktop protocol exploits, and vulnerable ports to increase their chances of success. Additionally, these attacks employ evasion techniques to bypass traditional security measures like firewalls or antivirus software. These methods have resulted in famous attacks like WannaCry, TeslaCrypt, and NotPetya. With time, ransomware attackers have evolved and have become more sophisticated, targeted, and profitable for cybercriminals. Below is an insight into the latest trends that hackers adopt to launch a successful ransomware attack: Exploiting Zero-Day Vulnerabilities The shift in ransomware gangs and their sophisticated tactics and procedures (TTPs) raise the number of ransomware attacks. . Previously, REvil, Conti, and LockBit were the famous ransomware gangs, but now Clop, Cuban, and Play are gaining immense popularity by employing advanced hacking techniques like zero-day vulnerabilities. Sophos\'s State of Ransomware 2024 revealed exploited vulnerabilities as the root cause of ransomware attacks. The Clop ransomware gang has used the zero-day vulnerability in the MOVEit Transfer platform to steal the sensitive data of different organizations. This group also targeted the GoAnywhere zero-day vulnerability in January 2023, affecting 130 organizations, and exploited the Accellion FTA servers in 2020. Similarly, Cuban and Play used the same attacking technique to compromise the unpatched Microsoft Exchange servers. Double and Triple Extortion Another reason for the rise in ransomware attacks is the introduction of the double or triple extortion technique. Cybersecurity firm Venafi reported that 83% of ransomware attacks included multiple ransom demands in 2022. Cybercriminals encrypt the data, exfiltrate sensitive information, and threaten to release it or sell it on the dark web if the ransom is not paid in a double extortion scheme. This tactic prove | Ransomware Malware Tool Vulnerability Threat Studies Legislation Prediction Medical Technical | NotPetya Wannacry Deloitte | |
 |
2021-12-05 19:50:59 | Jouer avec Named Pipe et NotPetya Playing With Named Pipe and NotPetya (lien direct) |
Il y a longtemps, dans une galaxie très loin, je m'amusais en inversant Notpetya.
Les fichiers ont été abandonnés par NotPetya pendant l'analyse dynamique, j'ai identifié certains fichiers abandonnés sur le disque par l'échantillon.
Les fichiers sont tombés sur le disque
Un fichier exécuté utilisant un tuyau nommé l'un d'eux a attiré mon attention: il est exécuté par l'échantillon avec un argument de tuyau nommé.
Un binaire exécuté avec un argument de pipe nommé
A long time ago, in a galaxy far far away, I was having fun reversing NotPetya. Files dropped by NotPetya During the dynamical analysis, I identified some files dropped on the disk by the sample. Files dropped in the disk An executed file using named pipe One of them caught my eye: it is executed by the sample with a named pipe argument. A binary executed with named pipe argument |
Technical | NotPetya | ★★★★ |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
