Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Kapersky. Show all posts

Cybercriminals are Targeting Gamers Next

 


In 2023, cybercriminals will be seeking out your money and data to steal from you. That is the news gamers, and metaverse pioneers need to be aware of. 

It has been reported that while the objectives of those looking to break into consumers' personal information and steal their financial information will remain the same next year, they will be targeting new people and redeveloping platforms to try to get around the defenses set in place. 

There will be a variety of online frontiers, including gaming platforms and virtual reality worlds, that will be open to cyber criminals. This is because more people and businesses learn, how to deal with traditional email phishing, texting scams, and social media scams. This, according to Kaspersky researchers, could be an opportunity for cybercriminals as more people and companies learn about them. 

According to Kaspersky Researcher, Sony's PlayStation Plus gaming subscription service is currently competing against Microsoft's GamePass service across the globe. There is an expectation that this will encourage a wider number of people to play online games in general. 

There is also a significant increase in criminal behavior associated with those accounts, and related scams are on the rise, Kaspersky said that it is not unlike the subscription-related fraud that has been happening lately.  

Unless you know where your data is being stored or who it has been shared with, it can be challenging to ensure it is safe and private. 

Jeremy Snyder, founder, and CEO of FireTail, a cybersecurity firm that specializes in providing threat-aware technology, noted that even the most basic online activities, such as ordering takeout through a meal delivery service, could involve three or more companies and that no one knows how secure each company's system will be. 

Snyder believes that a lack of visibility will be an imminent risk to security and privacy heading into 2023 and beyond. There is a great deal of data that companies are gathering and sharing these days. However, their knowledge of where that data is or who has access to it is often limited. 

Snyder asked, "Will 2023 mark the year that companies finally start recognizing how serious this problem is?" and if so, what would it look like? In response to that question, I would say, that, "I hope so." 

Wildix explained in its statement that it will also be the responsibility of consumers to think about where their data will be stored. Particularly when it comes to the collection of Internet of Things devices that they have. 

In a recent instance, he noted having seen Wi-Fi traffic being collected by a robotic vacuum sent to a power station in Mongolia daily. He wondered, "How much of that traffic is coming from things in your house you aren't aware of ?" Many things are overlooked that no one thinks about. 

As a consumer, it is also imperative to maintain a record of personal information shared on social media, according to Jeff Hodgin, vice president of products for CyberGRX. People who post on social media are promoting themselves as a brand through these posts. This is similar to how a company posts on social media. The more popular the brand, the more lucrative the target is for cybercriminals. 

"A person wishing to promote themselves should think about the risks involved before making such a move," said Hodgin. The person should ask themselves: "What is my exposure? What would be the consequences of a breach? How likely is that to occur?"

Data Being Nuked by Malware Unseen Before in Russia's Courts and Mayors' Offices

 


According to Kaspersky and Russian news source Izvestia, mayors' offices and courts there are being attacked by never-before-seen malware masquerading as ransomware but wiping out data. 

It has been named CryWiper by Kaspersky researchers, which is a nod to the file extensions that are appended to deleted files after they are destroyed. Kaspersky says that its team has witnessed the malware deliver "pinpoint attacks" on Russian targets via a spyware program. On the other hand, the Izvestia newspaper reported that the targets of the attack were the office of the mayor and the court of the city. 

There was no immediate word on how many organizations were affected, how the malware managed to erase data, or whether data was successfully erased at this time. 

During the past decade, wiper malware has grown in popularity and become increasingly common. A virus called Shamoon was discovered in 2012 and caused havoc for companies named Saudi Aramco and RasGas of Qatar. In Saudi Arabia, Shamoon was again reworked four years later, and a version of the malware that was used to attack multiple organizations was introduced. There have been an approx. $10 billion of damage by the self-replicating malware dubbed NotPetya that spread across the globe within hours and has affected hundreds of thousands of computers worldwide. 

The past year has seen a slew of updated wiper blades emerge. Some examples include DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, and ransom. 

It has been reported by Kaspersky that the company has discovered recent attacks carried out by CryWiper. A note was left after the malware had infected a target. The message reportedly demanded 0.5 bitcoin and included the wallet address for payment. 

The results from Kaspersky's analysis of a sample of malware indicate that although this Trojan disguises itself as ransomware and extorts money from the victims for 'decrypting' their data, it does not encrypt data, but destroys it on purpose on the affected computer, according to the report from Kaspersky. A study of the Trojan's code showed that this was not a mistake made by the developer, but something that he had planned to do originally.

There are some similarities between CryWiper and IsaacWiper, which targeted organizations in Ukraine as part of its campaign. These two types of wipers are composed of pseudo-random numbers that are then used to corrupt targeted files by overwriting the contents of these files. There is a set of algorithms known as the Mersenne Vortex PRNG, these algorithms are rarely used, so the commonalities within these algorithms are striking. 

A unique characteristic that CryWiper shares with other ransomware families is its close connection with Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent. In particular, all three ransom notes contain the same email address. 

While analyzing the sample of CryWiper, Kaspersky discovered that it was a 64-bit Windows executable file. A C++ version of the software was written and compiled with the MinGW-w64 toolkit and the GCC compiler using the MinGW-w64 data set. 

Using Microsoft Visual Studio for malware that is written in C++ is quite unusual. This is because it is more common for malware written in C++ to use Microsoft Visual Studio for that purpose. 

This could have resulted from a choice to allow developers to port their code from Windows to Linux without going through a third-party compiler. 

Due to the large number of API calls that CryWiper makes to the Windows programming interface, it seems unlikely that this is the cause of the problem. In most cases, the developer who wrote the code was probably using a non-Windows device while writing the code. 

An attack that succeeds in wiping out a network often exploits the poor security of the network. Network engineers are advised by Kaspersky to take precautions by using the following tools:

  • A behavioral analysis-based endpoint protection solution is based on the analysis of files. 
  • When an intrusion is detected, security operations centers are responsible for managing detection, response, and taking action to resolve the problem.
  • Detects malicious files and URLs in your email attachments and blocks them to ensure that your mail is safe. Using such a system will make it much more difficult for attack vectors such as email attacks, which are the most common. 
  • Ensure that regular penetration testing and RedTeam projects are conducted. Identifying vulnerabilities in infrastructure and protecting them will help to reduce the attack surface for intruders, which in turn reduces the attack surface of the organization. 
  • Analyzing and monitoring threat data. There is a need to maintain up-to-date knowledge about the tactics intruders employ, the tools they use, and the infrastructure they use to detect and stop malicious activity promptly. 

There is no doubt that wiper malware is likely to continue to spread over the coming months. This is given Russia's invasion of Ukraine and other geopolitical conflicts around the world. 

According to the report by Kaspersky on Friday, "in many cases, wiper attacks and ransomware incidents are caused by weak network security, and it is critical to make sure that these security measures are strengthened." The firm also stated that it could be assumed that the number of cyberattacks, as well as those using wipers, will grow, in large part because of the unstable situation around the world.