![]() |
Cactus, a newly discovered ransomware operation has apparently been exploiting vulnerabilities in VPN appliance vulnerabilities to gain initial access to the networks of "large commercial entities."
Although the new threat actor uses the usual file encryption and data stealing techniques used in ransomware attacks, it encrypts itself to evade detection by antivirus software, making it exceptionally challenging to eliminate.
According
to the cybersecurity experts at Kroll, the Cactus ransomware infiltrates its
victims' networks by exploiting security flaws in VPN appliances. The
researchers discovered that the hackers used compromised service accounts to
access these networks through VPN servers.
The self-encryption attribute of Cactus ransomware is what makes it significant. Cactus operators utilize a batch script and the popular compression tool 7-Zip to obtain the encryptor binary to accomplish this. Once the binary is extracted, the initial ZIP archive is eliminated, and the binary is executed with a specific parameter, making it challenging for antivirus software to identify the threat.
Kroll
investigators further explain that the script is run using three separate
switches: -s for initialization, -r for loading a configuration file, and -i
for encryption.
Once
within the targeted network, the attackers employ an SSH backdoor along with
scheduled tasks to maintain their presence while conducting a number of
reconnaissance operations, such as pinging remote hosts, identifying endpoints,
and locating user accounts.
The
Cactus ransomware executes a batch script that disables standard antivirus software
in order to cause the most damage. The attackers exfiltrate files from infected
PCs to a cloud server before automatically encrypting them with a PowerShell
script.
While detailed
information regarding the Cactus operation, the victims they target, and if the
hackers follow their promise to provide a reliable decryptor if paid are not
yet available, applying the most recent vendor software updates, keeping an eye
out for significant data exfiltration attempts, and acting fast should guard
against the most destructive and final stages of a ransomware attacks.
Mobile devices are an essential part of our lives today. From staying connected with our loved ones to handling our finances and work-related tasks, smartphones have become indispensable. However, this convenience comes with a price.
As our dependence on mobile devices increases, so do the risks associated with mobile data security. In this blog post, we will explore some insights from McAfee's 2023 Consumer Mobile Threat Report and discuss how we can protect our mobile data.
According to the report, cybercriminals are getting more sophisticated in their approach toward mobile threats. They are using advanced techniques such as ransomware, malware, and phishing attacks to target mobile devices.
One of the primary reasons behind the rise in mobile malware is the increase in app usage. Malicious apps often masquerade as legitimate ones, making it challenging to identify them. Once they gain access to your device, they can steal your personal information or lock your device, demanding a ransom payment. Another alarming trend highlighted by the report is the rise of phishing attacks.
Cybercriminals are using social engineering techniques to trick users into providing their login credentials, credit card details, or other sensitive information. They do this by creating fake login pages that look identical to the original ones. Once you enter your details, criminals can use them to gain unauthorized access to your accounts.
McAfee's report suggests the following these things-