BlueKeep is back. For now, attackers are just using it for cryptomining

For months, cybersecurity analysts have sounded the alarm about a serious vulnerability in old Microsoft operating systems that, if exploited, could infect computers around the world. The hacking has finally begun, and so far, it’s gone off with a whimper, not a bang. Over the weekend, a security researcher who maintains “honeypots,” or simulated environments to trap malicious activity, reported a spike in attacks exploiting the Remote Desktop Protocol vulnerability, known as BlueKeep. But rather than anything “wormable” that can spread from machine to machine, this appears to be a case of opportunists scanning the internet to infect computers for monetary gain. Researchers had warned that BlueKeep could enable outsiders to execute remote code on a compromised machine. Kevin Beaumont, the researcher who gave BlueKeep its name, reported that nearly all of his honeypots had been hit by attackers exploiting the vulnerability. Hackers appear to be using the exploit to try to install […]

The post BlueKeep is back. For now, attackers are just using it for cryptomining appeared first on CyberScoop.

Continue reading BlueKeep is back. For now, attackers are just using it for cryptomining

U.S. announces disruption of ‘Joanap’ botnet linked with North Korea

The Justice Department on Wednesday announced a wide-ranging operation to map and disrupt a botnet linked to North Korea that has infected numerous computers across the globe over the last decade. Through a search warrant and court order, the department inflicted a potentially damaging blow to the so-called Joanap botnet, which U.S. officials attributed to the North Korean government. The search warrant allowed the FBI to control servers that mimicked computers within the botnet, giving the bureau a clearer picture of the zombie computer army and the ability to alert victims. Joanap is malware that targets Microsoft Windows. It works in tandem with a worm dubbed Brambul that stalks computers, looking for a vulnerable way in, the Justice Department said in a press release. “Once installed on an infected computer, Joanap would allow the North Korean hackers to remotely access infected computers,” giving them root-level access and the chance to […]

The post U.S. announces disruption of ‘Joanap’ botnet linked with North Korea appeared first on CyberScoop.

Continue reading U.S. announces disruption of ‘Joanap’ botnet linked with North Korea

Xbash: the Four-Headed Dragon of Malware Set Against Windows and Linux

How does a self-spreading malware with cryptomining and ransomware capabilities sound to you? Entirely hypothetical? Not at all. This new malware strain exists and is a real threat not only to Windows servers but also to Linux. It is dubbed…Read more… Continue reading Xbash: the Four-Headed Dragon of Malware Set Against Windows and Linux

Nuclear Power Plants Have a ‘Blind Spot’ for Hackers. Here’s How to Fix That.

Malware hunters, regulators, and plant employees are hunting further down the supply chain for vulnerabilities as hackers continue to target critical infrastructure. Continue reading Nuclear Power Plants Have a ‘Blind Spot’ for Hackers. Here’s How to Fix That.

Global ransomware attack was meant to be destructive, not collect money

A global ransomware outbreak Tuesday was inherently designed to be destructive in nature, according to private sector cybersecurity researchers. An analysis of Petya conducted by Comae Technologies’ Matthieu Suiche reveals that computer code in the June 27 version of the malware is different than previous samples which were tied to incidents involving monetary gain. The primary difference between past Petya variants and Tuesday’s malware comes in the form of a small block of code that effectively commands the virus to “erase the Windows system’s Master Boot Record (MBR) on default,” said Suiche. “After comparing both implementations, we noticed that the current [implementation] that massively infected multiple entities in Ukraine was in fact a wiper, which just trashed the 25 first sector blocks of the disk,” Suiche wrote in a blog post. Petya effectively demolishes a key function of the victim computer’s boot process even before a victim has the chance to read any ransom […]

The post Global ransomware attack was meant to be destructive, not collect money appeared first on Cyberscoop.

Continue reading Global ransomware attack was meant to be destructive, not collect money

U.S. universities race to contain WannaCry ransomware, officials say

At least five U.S. colleges have been affected by the global ransomware virus known as “WannaCry,” CyberScoop has learned. The Massachusetts Institute of Technology, Trinity College, the University of Washington, North Dakota State University and the University of Maine confirmed Tuesday that computers connected to their networks were infected by the virus. “We had a handful of computers that were compromised but it didn’t spread,” University of Washington News Office Director Victor Balta told CyberScoop. “Normal operations were not affected in any way, but obviously we’re paying attention to this.” The five schools are among the first known cases of U.S.-based educational institutions becoming victims of the WannaCry ransomware campaign. CyberScoop obtained a list of IP addresses with WannaCry infections that included more than a dozen machines at U.S. higher education institutions. Not all of the schools responded to requests for comment. MIT reported that approximately 100 computers were affected by the attack […]

The post U.S. universities race to contain WannaCry ransomware, officials say appeared first on Cyberscoop.

Continue reading U.S. universities race to contain WannaCry ransomware, officials say