Select Page
The Myths of Ransomware Attacks and How To Mitigate Risk

The Myths of Ransomware Attacks and How To Mitigate Risk

Today’s modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that 57% of security leaders expect to be compromised by within the next year.

As organizations continue to evolve, in turn so does ransomware. To help you stay ahead, Lookout Chief Strategy Officer, Aaron Cockerill met with Microsoft Chief Security Advisor, Sarah Armstrong-Smith to discuss how remote work and the cloud have made it more difficult to spot a ransomware attack, as well as how deploying behavioural-anomaly-based detection can help mitigate ransomware risk. Access the full interview.

Aaron Cockerill: I feel like the way modern enterprises operate, which includes a combination of technologies, has allowed the ransomware to thrive. Having experienced this type of attack in my past roles, I know how many CISOs are feeling out there. The human instinct is to pay the ransom. What trends are you seeing?

Sarah Armstrong-Smith: It’s quite interesting to think about how ransomware has evolved. We think about these attacks as being really sophisticated. The reality is that attackers favour the tried and tested: they favour credential theft, password spray, they’re scanning the network, buying credentials off the dark web, using ransomware kits.

So in many ways, things haven’t changed. They are looking for any way into your network. So although we talk about cyber attacks becoming sophisticated, that initial point of entry really isn’t what sets the ransomware operators apart, it’s what happens next.

images from Hacker News

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Researchers have demonstrated what they call the “first active contactless attack against capacitive touchscreens.”

GhostTouch, as it’s called, “uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it,” a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.

The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events.

The experimental setup involves an electrostatic gun to generate a strong pulse signal that’s then sent to an antenna to transmit an electromagnetic field to the phone’s touchscreen, thereby causing the electrodes — which act as antennas themselves — to pick up the EMI.

images from Hacker News

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information.

The list of security vulnerabilities is as follows –

  • CVE-2022-0734 – A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user’s browser, such as cookies or session tokens, via a malicious script.
  • CVE-2022-26531 – Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash.

images from Hacker News

Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers

Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers

Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new research published today.

“An attacker running code on a vulnerable QCT server would be able to ‘hop’ from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further permissions to other BMCs on the network and by doing that gaining access to other servers,” firmware and hardware security firm Eclypsium said.

A baseboard management controller is a specialized system used for remote monitoring and management of servers, including controlling low-level hardware settings as well as installing firmware and software updates.

Tracked as CVE-2019-6260 (CVSS score: 9.8), the critical security flaw came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC’s physical address space, resulting in arbitrary code execution.

Successful exploitation of the vulnerability can provide a threat actor with full control over the server, making it possible to overwrite the BMC firmware with malicious code, deploy persistent malware, exfiltrate data, and even brick the system.

images from Hacker News

Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers

Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year.

Dubbed ChromeLoader, the malware is a “pervasive and persistent browser hijacker that modifies its victims’ browser settings and redirects user traffic to advertisement websites,” Aedan Russell of Red Canary said in a new report.

ChromeLoader is a rogue Chrome browser extension and is typically distributed in the form of ISO files via pay-per-install sites and baited social media posts that advertise QR codes to cracked video games and pirated movies.

While it primarily functions by hijacking user search queries to Google, Yahoo, and Bing and redirecting traffic to an advertising site, it’s also notable for its use of PowerShell to inject itself into the browser and get the extension added.

 

images from Hacker News