The Indian Computer Emergency Response Team (CERT-In) has discovered security flaws in high-profile smartphone brands, including Samsung, Apple, and Google Pixel devices. After carefully analyzing these devices' security features, CERT-In has identified certain possible weaknesses that can jeopardize user privacy and data.
The CERT-In advisory highlights significant concerns for iPhone users, indicating a security flaw that could be exploited by malicious entities. This revelation is particularly alarming given Apple's reputation for robust security measures. The advisory urges users to update their iOS devices promptly, emphasizing the critical role of regular software updates in safeguarding against potential threats.
Samsung and Google Pixel phones are not exempt from security scrutiny, as CERT-In identified vulnerabilities in these Android-based devices as well. The CERT-In advisory underscores the importance of staying vigilant and promptly applying security patches and updates provided by the respective manufacturers. This is a reminder that even leading Android devices are not immune to potential security risks.
The timing of these warnings is crucial, considering the increasing reliance on smartphones for personal and professional activities. Mobile devices have become integral to our daily lives, storing sensitive information and facilitating online transactions. Any compromise in the security of these devices can have far-reaching consequences for users.
As cybersecurity threats continue to evolve, both manufacturers and users need to prioritize security measures. CERT-In's warnings underscore the need for proactive steps in identifying and addressing potential vulnerabilities before they can be exploited by malicious actors.
In response to the CERT-In advisory, Apple and Samsung have assured users that they are actively working to address the identified security flaws. Apple, known for its commitment to user privacy, has pledged swift action to resolve the issues outlined by CERT-In. Samsung, too, has expressed its dedication to ensuring its users' security and promised timely updates to mitigate the identified risks.
By using dictionary attack method, the ransomware acquire unauthorized access to victims’ networks, finally succeeding in server compromise and data breaches.
The CERT-In alert states, “It has been observed that Mallox Ransomware is currently targeting unsecured Microsoft SQL Servers, using them as entry points into victim's ICT infrastructures to distribute the ransomware” “It has also been observed that the threat actor group has used brute force techniques on publicly exposed MS SQL instances to gain initial access to the victim's network infrastructure.”
Apparently, Mallox ransomware uses double extortion techniques, through which it steals sensitive data before encrypting a company’s files. The threat actor then proceeds to threaten victims to leak the stolen data on leak sites if ransom demands are not fulfilled.
Thus, it has become necessary for companies and individuals to take security measures actively in order to safeguard their MS-SQL servers from these attacks and prevent falling prey to the Mallox ransomware.
A study by the Unit 42 researchers claims that compared to last year, Mallox ransomware activity has increased by 174%. Strong action is required to counter the threat as a result of the increase in attacks.
The hackers responsible for Mallox have discovered a way to use unprotected MS-SQL servers as a gateway into their victims' networks, expanding their scope and the potential harm they might cause.
Moreover, the ransomware group utilizes several tools, one of them being a network scanner and data exfiltration techniques in order to cover traces of their illicit infiltration and evade security obstacles.
Once the Mallox Ransomware gains access to a target network, it attacks with lethal accuracy. Using the command line and PowerShell, the ransomware payload is downloaded from a remote server, preparing the environment for the malicious encryption procedure. Additionally, it tries to delete volume shadows, which presents a formidable barrier for the affected organization when trying to restore files.
Mallox takes additional deliberate steps to avoid detection and obstruct the forensic investigation. Application, security, setup, and system event logs are cleared by the ransomware, leaving minimal evidence of its operations.
Also, it changes file permissions, blocks users from accessing essential system functions, and shuts down security-related services.
CERT-In shares a list of strategies that will help organizations mitigate the risk of Mallox ransomware and shares steps to secure their Microsoft SQL Server.