1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This crafty ransomware uses an unusual social-engineering tactic

    From TechnologyDaily@1337:1/100 to All on Fri Aug 16 12:15:05 2024
    This crafty ransomware uses an unusual social-engineering tactic to gain access to victim systems

    Date:
    Fri, 16 Aug 2024 12:03:00 +0000

    Description:
    Mad Liberator accessed a network via a legitimate remote desktop application.

    FULL STORY ======================================================================

    Cybersecurity researchers from the Sophos X-Ops Incident Response team have observed hackers deploying an unusual social engineering tactic to gain
    access to victim systems and steal sensitive data.

    The team outlined how a new ransomware player called Mad Liberator emerged in mid-July 2024, mostly focused on data exfiltration (rather than system encryption), but also sometimes engaged in double extortion (encryption +
    data theft). It also has a data leak website where it threatens to publish
    the stolen data unless the victims pay up.

    What sets Mad Liberator apart from other threat actors is their initial
    access vector. Usually, hacking groups would trick their way inside, usually with phishing email or instant messaging services. In this case, however,
    they seem to have guessed the unique Anydesk identifier. Abusing legitimate software

    Anydesk is a legitimate remote desktop application used by thousands of businesses worldwide. Each device where Anydesk is installed gets a unique identifier, a 10-digit number, which other endpoints can dial and thus gain access to. Oddly enough, the attackers one day just dialed into one of the computers belonging to the victim organization, seemingly with absolutely no prior interaction. The computer that was targeted also does not belong to any high-profile employee or manager.

    The victim just assumed the IT department was doing regular maintenance so they accepted the dial-in, no questions asked.

    This gave the attackers unabated access, which they used to deploy a binary that, on the surface, looks like a Windows update. They also disabled
    keyboard input from the victims side, to make sure they dont spot the ruse by accidentally pressing the Esc button and minimizing the running program.

    After a few hours, the crooks managed to pull sensitive data from the device, connected cloud services, and scanned for other connected devices they might pivot to.

    Once again, assume nothing, suspect everything proves to be the proper
    mindset to remain secure in the workplace. More from TechRadar Pro Ransomware remains the most pressing security issue worldwide but even schools are
    being targeted now Here's a list of the best malware removal tools around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-crafty-ransomware-uses-an-unusual- social-engineering-tactic-to-gain-access-to-victim-systems


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)