Live
- Two Russian oil tankers with 29 on board damaged due to bad weather
- Telangana's Traditions Will Be Protected, Village by Village : BRS Leader MLC K. Kavitha
- Uganda to relocate 5,000 households from landslide-prone areas in eastern region
- Harish Rao Criticizes CM Revanth Reddy: "His Time is Over"
- Vijay Sethupathi Hails 'Vidudala-2' as a Theatrical Game-Changer
- Sahaj Yog: A Path to Inner Transformation and Harmony City takes giant strides
- Allu Arjun meets his uncle Nagababu at his residence
- J&K L-G felicitates Langar organisations & NGOs for contribution during Amarnath Yatra
- Hit by Covid, MP's Rakesh Mishra sees revival of his fortunes, courtesy PM SVANidhi scheme
- Trailblazing Yakshagana Artiste Leelavathi Baipaditthaya No More
Just In
New crypto malware targeting Windows, Linux systems: Microsoft
Microsoft has warned customers about a new crypto mining malware that can steal credentials, remove security controls, spread via emails and ultimately drop more tools for human-operated activity
New Delhi: Microsoft has warned customers about a new crypto mining malware that can steal credentials, remove security controls, spread via emails and ultimately drop more tools for human-operated activity.
Called 'LemonDuck', the crypto mining malware is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.
"LemonDuck's threat to enterprises is also in the fact that it's a cross-platform threat. It's one of a few documented bot malware families that targets Linux systems as well as Windows devices," warned Microsoft 365 Defender Threat Intelligence Team.
The malware can quickly take advantage of news, events, or the release of new exploits to run effective campaigns.
"For example, in 2020, it was observed using Covid-19-themed lures in email attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems," Microsoft informed.
This threat, however, does not just limit itself to new or popular vulnerabilities.
It continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.
"Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access," said the company.
In the early years, LemonDuck targeted China heavily, but its operations have since expanded to include many other countries — the US, India, Russia, China, Germany, the UK, Korea, Canada, France, and Vietnam.
"Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilises the credentials present on the device," the Microsoft team said.
The script instructs the mailbox to send copies of a phishing message with preset messages and attachments to all contacts.
Because of this method of contact messaging, security controls that rely on determining if an email is sent from a suspicious sender don't apply.
"This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls," the company suggested.
Last Monday, US President Joe Biden's administration finally came out publicly against China's involvement in cybercrimes, accusing it of running a massive global operation of "state-sponsored activities" causing billions of dollars of losses to victims.
In a show of solidarity indicating the serious global repercussions, all the 30 NATO allies and the European Union, Australia, New Zealand, and Japan joined in indicting Beijing.
Secretary of State Antony Blinken said that the US and its allies had "formally confirmed" that China's Ministry of State Security (MSS) used the vulnerabilities in the Microsoft Exchange Server "in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims".
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com