BlueKeep is back. For now, attackers are just using it for cryptomining

For months, cybersecurity analysts have sounded the alarm about a serious vulnerability in old Microsoft operating systems that, if exploited, could infect computers around the world. The hacking has finally begun, and so far, it’s gone off with a whimper, not a bang. Over the weekend, a security researcher who maintains “honeypots,” or simulated environments to trap malicious activity, reported a spike in attacks exploiting the Remote Desktop Protocol vulnerability, known as BlueKeep. But rather than anything “wormable” that can spread from machine to machine, this appears to be a case of opportunists scanning the internet to infect computers for monetary gain. Researchers had warned that BlueKeep could enable outsiders to execute remote code on a compromised machine. Kevin Beaumont, the researcher who gave BlueKeep its name, reported that nearly all of his honeypots had been hit by attackers exploiting the vulnerability. Hackers appear to be using the exploit to try to install […]

The post BlueKeep is back. For now, attackers are just using it for cryptomining appeared first on CyberScoop.

Continue reading BlueKeep is back. For now, attackers are just using it for cryptomining

Scammers are dangling an iOS jailbreak to trick victims into downloading a malicious app

It’s only been a week weeks since a researcher released an iOS exploit that could allow outsiders to jailbreak an iPhone, but scammers already are leveraging the tool to try commandeer victims’ phones. Last month, a researcher known as @axi0mx published checkm8, a series of technical instructions that enable users to remove restrictions imposed on their iPhone by Apple or telecommunication companies. Now, after weeks of publicity around checkm8, attackers have launched a malicious website that masquerades as a legitimate page, only to launch a hacking tool that tries to take over an affected device. Cisco’s Talos threat intelligence crew on Tuesday said they found checkrain[.]com, a site meant to look like an offshoot of checkra1n, a legitimate project that researchers can use to modify their iPhone’s processes and jailbreak their device. Instead of allowing that, though, the malicious checkrain site encourages visitors to download an application that clicks on […]

The post Scammers are dangling an iOS jailbreak to trick victims into downloading a malicious app appeared first on CyberScoop.

Continue reading Scammers are dangling an iOS jailbreak to trick victims into downloading a malicious app

‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]

The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.

Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Is ‘REvil’ the New GandCrab Ransomware?

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” Continue reading Is ‘REvil’ the New GandCrab Ransomware?

From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth

Two years after the WannaCry ransomware wreaked havoc on the internet, security professionals are having a grim case of déjà-vu. They’ve tallied the internet-facing computers that aren’t patched for BlueKeep, a vulnerability in old Microsoft Windows operating systems, and wonder when that negligence will come home to roost. “I think everyone is in agreement that once exploits for this are public, it’s going to be bad,” Craig Williams, Cisco Talos’ director of outreach, told CyberScoop. The BlueKeep vulnerability is in Remote Desktop Services, a popular Windows program that grants remote access to computers for administrative purposes. By abusing that remote access, a hacker could delete data or install a new program on a system. “Every CISO right now should have a plan already written down to deal with BlueKeep once the exploit starts surfacing,” Williams said. Organizations need layered defenses so that any BlueKeep-based infection “doesn’t spread like wildfire behind what you […]

The post From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth appeared first on CyberScoop.

Continue reading From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth