Live
- ‘Jathara’ movie review: A rural revenge saga wrapped in tradition
- PM Modi’s ‘Bharat 6G Vision’ poised to get another booster
- Social media doing harm to youngsters, calling time on it: Australian PM Albanese
- Gut microbiome changes may signal onset of rheumatoid arthritis
- Caste census, a historic benchmark in country: MLA Prakash
- Siddharth and Ashika Ranganath’s ‘Miss You’ Set for November 29 Release
- Cops return kidnapped woman within 24 hours
- IT Min lays foundation stone for Co-operative Central Bank building
- Abhishek Bachchan and Aishwarya Rai Divorce Rumors: Family Denies Affair with Nimrat Kaur
- MLA Naini Rajender lauds Comprehensive Family Survey
Just In
New crypto malware targeting Windows, Linux systems: Microsoft
Microsoft has warned customers about a new crypto mining malware that can steal credentials, remove security controls, spread via emails and ultimately drop more tools for human-operated activity
New Delhi: Microsoft has warned customers about a new crypto mining malware that can steal credentials, remove security controls, spread via emails and ultimately drop more tools for human-operated activity.
Called 'LemonDuck', the crypto mining malware is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.
"LemonDuck's threat to enterprises is also in the fact that it's a cross-platform threat. It's one of a few documented bot malware families that targets Linux systems as well as Windows devices," warned Microsoft 365 Defender Threat Intelligence Team.
The malware can quickly take advantage of news, events, or the release of new exploits to run effective campaigns.
"For example, in 2020, it was observed using Covid-19-themed lures in email attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems," Microsoft informed.
This threat, however, does not just limit itself to new or popular vulnerabilities.
It continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.
"Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access," said the company.
In the early years, LemonDuck targeted China heavily, but its operations have since expanded to include many other countries — the US, India, Russia, China, Germany, the UK, Korea, Canada, France, and Vietnam.
"Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilises the credentials present on the device," the Microsoft team said.
The script instructs the mailbox to send copies of a phishing message with preset messages and attachments to all contacts.
Because of this method of contact messaging, security controls that rely on determining if an email is sent from a suspicious sender don't apply.
"This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls," the company suggested.
Last Monday, US President Joe Biden's administration finally came out publicly against China's involvement in cybercrimes, accusing it of running a massive global operation of "state-sponsored activities" causing billions of dollars of losses to victims.
In a show of solidarity indicating the serious global repercussions, all the 30 NATO allies and the European Union, Australia, New Zealand, and Japan joined in indicting Beijing.
Secretary of State Antony Blinken said that the US and its allies had "formally confirmed" that China's Ministry of State Security (MSS) used the vulnerabilities in the Microsoft Exchange Server "in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims".
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com