Ransomware in Germany, April 2022–March 2023

andreasc
-
0
Ransomware in Germany, April 2022–March 2023
[ad_1]

In the last 12 months, Germany was one of the most attacked countries in the world, the most attacked in the EU, and a favourite target of the notorious Black Basta group.

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are attacks where the victim opted not to pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Between April 2022 and March 2023, Germany was a globally significant target for ransomware gangs. During that period:

  • It was the fourth most attacked country in the world, and the most attacked in the EU
  • The construction sector was harder hit than in the USA, UK, or France
  • LockBit and Black Basta accounted for 54% of known attacks
  • Black Basta attacked targets in Germany far more often than in the UK or France

In August 2022, German power semiconductor manufacturer Semikron disclosed a ransomware attack that had partially encrypted its network, with the attackers claiming to have stolen 2TB of documents.

In the same month, German automotive parts powerhouse Continental was attacked by LockBit, which claimed to have stolen 40TB of files. The company broke off negotiations in late October, and the ransomware gang offered the data for sale or destruction for $50 million, the biggest known ransom of 2022, and the largest this author had seen until LockBIt’s equally outlandish request for $80 million from Royal Mail in early 2023.

Stolen Continental data available for sale or destruction
Stolen Continental data available for sale or destruction

A ransomware attack on German newspaper Heilbronner Stimme in October 2022 disrupted its printing systems, forcing the publication of a six-page emergency edition. The attack affected the entire Stimme Mediengruppe, including companies Pressedruck, Echo, and RegioMail, with Echo’s website and e-paper accessibility also compromised. Editor-in-chief Uwe Ralf Heer reported that a well-known cybercriminal group encrypted its systems and left ransom demands, but did not specify further.

In November 2022, the Vice Society ransomware gang claimed responsibility for a cyberattack on the University of Duisburg-Essen (UDE). The attackers leaked files including backup archives, financial documents, research papers, and student spreadsheets. On January 9, 2023, the university announced that due to extensive and complex damage caused by the attack, its entire IT infrastructure would need to be reconstructed.

Germany is a prime target

In the 12 months from April 2022 to March 2023, Germany was a globally significant target for ransomware, ranking as the fourth most attacked country by known attacks. It was the most attacked country in the EU, and the most attacked country where English isn’t the principle language.

Known attacks in the ten most attacked countries between April 2022 - March 2023
Known attacks in the ten most attacked countries between April 2022 – March 2023

Given the disparity between the USA and the rest of the world in terms of number of attacks, it would be easy to conclude that ransomware is, first-and-foremost, a USA problem. It is not. The size and nature of the US economy means that it has many more targets for ransomware gangs than other countries in the top ten.

We can account for the difference in the size of countries’ economies by dividing the number of known ransomware attacks by a country’s nominal GDP, which gives us an approximate rate of attacks per $1T of economic output. On that basis, the difference between the countries in the top ten is far smaller than the total number of known attacks would suggest. The top ten most attacked countries all suffered between 15 and 66 known attacks per $1T of economic output.

The ten most attacked countries between April 2022 - March 2023, ordered by attacks per $1T GDP
The ten most attacked countries between April 2022 – March 2023, ordered by attacks per $1T GDP

The size of the countries in the top ten also vary enormously, and we can try to account for that by dividing known attacks by the size of each country’s population. On that measure, again, the differences between countries are much smaller than a simple count of known attacks suggests.

On a known attacks per capita basis, Germany sits in a cluster of four advanced European economies with nearly identical rates of attack. In all the variations of our top ten, English-speaking countries occupy at least three of the top five positions, and English-speaking countries with smaller populations and economies, like Canada and Australia, seem to suffer disproportionately.

The situation in Germany is far from good, it just isn’t quite as bad as in the very worst countries. By any measure, Germany is one of the most attacked countries in the world, and its organisations are prime targets for ransomware gangs.

The ten most attacked countries between April 2022 - March 2023, ordered by attacks per capita
The ten most attacked countries between April 2022 – March 2023, ordered by attacks per capita

As in most countries, the German services sector is the most hard hit, accounting for 28% of attacks in the last 12 months, just slightly above the global average of 25%. In most respects, German industry sectors are attacked in roughly the proportions as they are in the UK and France, with some notable exceptions. There were no known attacks on German healthcare in the last 12 months (which, again, does not include unknown attacks), the country suffered fewer attacks on its legal services than either the UK or France, and it does not seem to have suffered the same problems France has had protecting its government sector, or the UK its education sector.

Where Germany suffers more than its neighbours is construction. Its 12% share of known attacks is double the global average, and notably higher than the USA (7%), UK (7%), and France (5%).

Known ransomware attacks by industry sector in Germany, April 2022 - March 2023
Known ransomware attacks by industry sector in Germany, April 2022 – March 2023

Black Basta’s hunting ground

In the UK, no individual ransomware was used in more than two known attacks on construction. In France one gang, LockBit, recorded three. In Germany, two different gangs recorded five known attacks against construction, accounting for a little over two thirds of the total. One of those gangs was LockBit, which is unsurprising given its position as by far the most used ransomware globally. The other was Black Basta, which recorded more attacks against German construction targets in 12 months than it did in the whole of France in the same period.

It seems Black Basta has an appetite for German targets. In the last 12 months it was the second most used ransomware in Germany, with 27 known attacks. In the same period it was busy in the UK with 10 attacks—but overshadowed by LockBit, Vice Society and others—it recorded just three attacks in France, where LockBit absolutely dominated.

Ransomware with two or more known attacks in Germany, April 2022 - March 2023
Ransomware with two or more known attacks in Germany, April 2022 – March 2023

In the last year, Black Basta and LockBit were the only ransomware that registered more than four known attacks in a month, with both going as high as eight. Between them, the two groups accounted for 54% of known attacks in Germany and largely determined whether the country would have a bad month at the hands of ransomware gangs or a terrible one.

Monthly ransomware attacks in Germany with LockBit and Black Basta highlighted, April 2022 - March 2023
Monthly ransomware attacks in Germany with LockBit and Black Basta highlighted, April 2022 – March 2023

Black Basta does not reinvent the wheel in the way it operates. Similar to other ransomware groups, attacks frequently begin with initial access gained through phishing attacks. A typical attack might start with an email containing a malicious document in a zip file. Upon extraction, the document installs the Qakbot banking trojan to create backdoor access and deploy SystemBC, which sets up an encrypted connection to a command and control server. From there, CobaltStrike is installed for network reconnaissance and to distribute additional tools.

As is the overarching trend for ransomware groups these days, Black Basta’s primary goal is to steal data so that it can hold the threat of leaked data over its victims. The data is generally stolen using Rclone, which filters and copies specific files to a cloud service. After the data is exfiltratrated, the ransomware encrypts files with the “.basta” extension, erases volume shadow copies, and presents a ransom note named readme.txt on affected devices. Attackers using Black Basta may be active on a victim’s network for two to three days before running their ransomware.

Conclusions

In the last 12 months, Germany was a globally significant hunting ground for ransomware gangs, and the country with the fourth highest total of known attacks. Across the various industry sectors, construction was over represented, suffering a higher proportion of known attacks than the construction sectors in the USA, France, and the UK. Much like the education sector in the UK and the government sector in France, it should be alarming that, with an entire world of targets to choose from, it has attracted a disproportionate amount of attention.

In particular, the German construction sector suffered at the hands of LockBit and Black Basta, which displayed a liking for German targets of all kinds and was the second most used ransomware. Black Basta recorded considerably more attacks in Germany in the last year than in either the UK or France. In fact, the only country in the world to suffer more Black Basta attacks in the last twelve months than Germany was the USA.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Apple Officially Inaugurates Its First-Ever Retail Store in India

andreasc
-
0
Apple Officially Inaugurates Its First-Ever Retail Store in India
[ad_1]

Apple Store India Mumbai BKC

Apple confirmed earlier this month that it would be opening its first flagship store in India this week, and now the day has finally arrived. CEO Tim Cook officially opened the door to the first-ever Apple retail store in India earlier today. 

Located at the Jio World Drive mall in Mumbai’s Bandra Kurla Complex, the store aims to strengthen Apple’s offline presence in the country. The opening was attended by thousands of tech fans, some of whom arrived hours before the doors officially opened.

The store design is similar to other Apple flagship stores worldwide, but it includes unique Indian touches, such as a handcrafted timber ceiling with elements sourced from Delhi and a 14-meter-long stainless steel staircase flanked by grey stone walls and mosaic flooring sourced from Rajasthan.

The store is also carbon neutral and runs on 100% renewable energy, with staff wearing green t-shirts to reflect this theme. There are nearly 100 employees at the store, speaking over 20 languages and providing expert guidance on all Apple products. 

Customers can purchase all of Apple’s products currently available in India, including MacBooks, iPhones, iPads, and watches, from the store. The store also showcases Apple Arcade, HomePod, Apple Music, and Apple TV+. The Genius Bar on the first floor offers assistance to visitors.

India has emerged as an increasingly important market for Apple. The company’s manufacturing partners have also ramped up the local assembling of iPhone and other products in the country. The Mumbai store’s opening is a major step in Apple’s commitment to expanding its footprint in India, and a second store is set to open in New Delhi on April 20.

Image Credits: Apple


[ad_2]
Source link

Take a first look at the Motorola Razr Lite design

andreasc
-
0
Take a first look at the Motorola Razr Lite design
[ad_1]

The Motorola Razr Lite has just surfaced in CAD-based renders, allowing us to check out its design. The images we’ll show you below come from @OnLeaks and MySmartPrice.

The Motorola Razr Lite design surfaced in a bunch of renders

The Motorola Razr Lite is one of two foldable smartphones Motorola is planning to announce in the near future. Evan Blass confirmed, way back in October last year, that two Razr devices are on the way.

Well, one of them just surfaced, the ‘Lite’ model. The other device will be the Motorola Razr Plus 2023, or whatever Motorola opts to call it, we’re still not sure. In any case, let’s focus on the ‘Lite’ model, shall we?

If you take a look at the gallery below the article, you’ll be able to see the device itself. The phone has a large main display, with a centered display camera hole. We still don’t have the exact dimensions, though.

This phone will have a truly small cover display

Its cover display is quite small, though. It sits next to the phone’s rear cameras. There are two cameras on the back, as you can see. This cover display is very small, while the one on the other Razr foldable will be a lot bigger.

This tiny display will likely allow you to check your notifications, alarm status, incoming calls, and so on. The functionality is limited due to its size. You will, however, almost certainly be able to keep it always on for that reason. So, you’ll always have a glimpse at what’s going on.

The source did note that the design renders here are based on “low quality, real-life pictures of a testing stage prototype”. So, the final product may differ a bit compared to this, just note that.

We still do not have any specifications for this smartphone, so we cannot really share those. Chances are more info will surface soon, though, so stay tuned.


[ad_2]
Source link

New iOS bug forces people to constantly enter their Apple ID passwords

andreasc
-
0
New iOS bug forces people to constantly enter their Apple ID passwords
[ad_1]

Over the past few years, iOS has gone from being one of the most stable operating systems to one that experiences regular bugs and crashes. Despite Apple’s efforts to provide its users with a seamless experience, the frequent occurrence of issues has left many iPhone users frustrated. And now, a new bug is causing panic amongst iPhone users by continuously asking for their Apple ID password, even after they enter the correct details.

The issue came to light when many users took to Twitter and Reddit to report being logged out of their Apple ID accounts, with some unable to log back in. Additionally, the bug has also caused issues with users’ Apple TV+ subscriptions, which have disappeared without explanation.

Talking about the issue, the Twitter user “Andreu.” wrote, “So why does my Apple ID randomly ask me to enter my password? I don’t think that’s normal,” and many others echoed this sentiment. Affected users on Reddit reported similar experiences, with one Redditor saying, “Randomly popped up as a notification on my phone, I signed in, and then changed my password. Kinda freaked me out.” While the true extent of this problem is unknown, reports have suggested that it has impacted users in Brazil and Japan, potentially indicating that it is a regional issue.

How to fix the issue?

Although Apple’s System Status webpage has not acknowledged any problems with Apple ID, there are some simple solutions to fix this bug on your own. Firstly, turn off your iPhone and reboot it, as this can help clear any glitches that are causing the constant prompts. If this doesn’t work, try changing your Apple ID password. Apple Support has a helpful video that walks you through this process.

Unfortunately, this is not the only recent issue with Apple’s services. The company’s Weather app was down for multiple days earlier this month, and on April 5, many Apple online services were inaccessible to users for hours. These outages have left Apple users feeling frustrated and unable to carry out daily tasks.


[ad_2]
Source link

New Android Malware Infecting 60 Google Play Apps

andreasc
-
0
New Android Malware Infecting 60 Google Play Apps
[ad_1]
Android Malware 60 Apps

Recently, McAfee’s Mobile Research Team discovered ‘Goldoson,’ a new type of Android malware, has crept into the Google Play store through 60 genuine apps, downloaded by a whopping 100 million users.

The sneaky malware component found in all 60 apps was not the developers’ fault. It had been slipped into a third-party library, which they unintentionally integrated into their apps.

While apart from this, there is good news for McAfee Mobile Security users, as the antivirus software now identifies the Goldoson menace as Android/Goldoson and shields its users against this threat, along with other threats.

Capabilities of Goldoson

Data or information that can be collected from affected devices by the malware include the following:-

EHA
  • Data on installed apps
  • WiFi connected devices
  • Bluetooth connected devices
  • User’s GPS location
  • Location History
  • MAC address of Bluetooth nearby
  • MAC address of  Wi-Fi nearby

Apart from this, Goldson not only infiltrates your device through legitimate apps but can also conduct ad fraud. 

The malware can automatically click on ads in the background without your consent, potentially costing you time, money, and device performance.

List of Apps and Current Status

Here in the below table, we have mentioned all the apps and their current Status:-

  • L.POINT with L.PAY (10M+, Updated*) 
  • Swipe Brick Breaker (10M+, Removed**) 
  • Money Manager Expense & Budget (10M+, Updated*) 
  • TMAP – 대리,주차,전기차 충전,킥보 …  (10M+, Updated*) 
  • 롯데시네마 (10M+, Updated*) 
  • 지니뮤직 – genie (10M+, Updated*) 
  • 컬쳐랜드[컬쳐캐쉬] (5M+, Updated*) 
  • GOM Player (5M+, Updated*)
  • 메가박스(Megabox) (5M+, Removed**) 
  • LIVE Score, Real-Time Score (5M+, Updated*)
  • Pikicast (5M+, Removed**) 
  • Compass 9: Smart Compass (1M+, Removed**) 
  • GOM Audio – Music, Sync lyrics (1M+, Updated*) 
  • 곰TV – All About Video (1M+, Updated*) 
  • 전역일 계산기 디데이 곰신톡–군인 … (1M+, Updated*) 
  • 아이템매니아 – 게임 아이템 거래 … (1M+, Removed**) 
  • LOTTE WORLD Magicpass (1M+, Updated*) 
  • Bounce Brick Breaker (1M+, Removed**) 
  • Infinite Slice (1M+, Removed**) 
  • 나홀로 노래방–쉽게 찾아 이용하는 … (1M+, Updated*) 
  • SomNote – Beautiful note app (1M+, Removed**) 
  • Korea Subway Info : Metroid (1M+, Updated*) 
  • GOODTV다번역성경찬송 (1M+, Removed**) 
  • 해피스크린 – 해피포인트를 모으 … (1M+, Updated*) 
  • UBhind: Mobile Tracker Manager (1M+, Removed**) 
  • 스피드 운전면허 필기시험 … (1M+, Removed**) 
  • 이상형 월드컵 (500K+, Updated*) 
  • CU편의점택배 (500K+, Removed**) 
  • 스마트 녹음기 : 음성 녹음기 (100K+, Removed**) 
  • 캣메라 [순정 무음카메라] (100K+, Removed**) 
  • 컬쳐플러스:컬쳐랜드 혜택 더하기 … (100K+, Updated*) 
  • 창문닫아요(미세/초미세먼지/WHO … (100K+, Removed**) 
  • 롯데월드타워 서울스카이 (100K+, Updated*) 
  • Snake Ball Lover (100K+, Removed**) 
  • 게토(geto) – PC방 게이머 필수 앱 (100K+, Removed**) 
  • 기억메모 – 심플해서 더 좋은 메모장 (100K+, Removed**) 
  • 풀빵 : 광고 없는 유튜브 영상 … (100K+, Removed**) 
  • Money Manager (Remove Ads) (100K+, Updated*) 
  • Inssaticon – Cute Emoticons, K (100K+, Removed**)
  • 클라우드런처 (100K+< Updated*) 
  • 작은영화관 (50K+, Updated*) 
  • 매표소–뮤지컬문화공연 예매& … (50K+, Updated*) 
  • 롯데월드 아쿠아리움 (50K+, Updated*) 
  • 롯데 워터파크 (50K+, Updated*) 
  • T map for KT, LGU+ (50K+, Removed**) 
  • 숫자 뽑기 (50K+, Updated*) 
  • 로더(Loader) – 효과음 다운로드 앱 (10K+, Removed**) 
  • GOM Audio Plus – Music, Sync l (10K+, Updated*) 
  • Swipe Brick Breaker 2 (10K+, Removed**) 
  • 안심해 – 안심귀가 프로젝트 (10K+, Removed**) 
  • 불러봄내 – 춘천시민을 위한 공공  … (10K+, Removed**) 
  • 판타홀릭 – 아이돌 SNS 앱 (5K+, Removed**) 
  • 씨네큐브 (5K+, Updated*) 
  • TNT (5K+, Removed**) 
  • 베스트케어–위험한 전자기장, … (1K+, Removed**) 
  • InfinitySolitaire (1K+, Removed**) 
  • 안심해 : 안심지도  (1K+, Removed**) 
  • 노티아이 for 소상공인 (1K+, Removed**) 
  • TDI News – 최초 데이터 뉴스 앱 … (1K+, Removed**) 
  • 눈팅 – 여자들의 커뮤니티 (500+, Removed**) 
  • 팅서치 TingSearch (50+, Removed**) 
  • 츄스틱 : 크리샤츄 Fantastic (50+, Removed**) 
  • 연하구곡 (10+, Removed**)

Technical Analysis

Security analysts have observed that the malicious Goldoson library is stealthy and smarter. 

As it registers your device and receives remote configurations from a remote server whose domain is obfuscated while the app is active, putting your privacy at risk. 

The remote configuration holds the key to the malware’s devastating impact. It determines the frequency of each component’s operation and defines the specific parameters for all the harmful functions.

This library checks periodically, pulls information from the device, and sends it to the remote servers based on its configured parameters.

The tags ‘ads_enable’ and ‘collect_enable’ serve as on/off switches for the malware’s various functions, while the other parameters outline the conditions and requirements for their operation. The malware can choose which functions to activate with these settings and when.

Two factors determine the extent of data collection by the Goldoson malware, and here below we have mentioned them:-

  • The level of permissions granted to the infected app during installation.
  • The specific Android version it is operating on.

While Android 11 and later versions are more secure against unapproved data collection.

But, besides all the security measures, McAfee detected that Goldson still managed to accumulate sensitive information from about 10% of the apps on these versions.

The malware’s ad-clicking function is quite sneaky – it loads hidden HTML code into a customized WebView and uses it to visit URLs repeatedly, all while remaining out of sight. 

By doing so, the malware generates ad revenue without the user’s knowledge. The stolen data is transmitted every two days, but the remote configuration can alter the frequency. 

The malware developers can modify the transmission rate to avoid detection and to keep up with their malicious activities.

Goldoson has infiltrated multiple Android app stores, with over 100 million downloads traced back to Google Play alone. Another app store, Korea’s biggest one, has approximately 8 million installations. 

Users must remain vigilant and take precautions while downloading apps from unknown sources.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Related Read:


[ad_2]
Source link

Detecting ransomware gangs hiding in plain sight

andreasc
-
0
Detecting ransomware gangs hiding in plain sight
[ad_1]

Good tools gone bad.

Regular readers of our monthly ransomware review (read our April edition here) know that Ransomware-as-a-Service (RaaS) gangs have been making headlines globally with their disruptive attacks on organizations.

Sometimes, though, it’s not enough to merely know about of the problem.

In order to truly protect ourselves from RaaS gangs, we have to ‘peel back the onion’, so to speak, and get a closer look at how, exactly, they behave. If we know how RaaS gangs evade detection once in a network, for example, we may be able to kick them out before they can do any damage.

One of the most concerning behaviors we’ve observed from RaaS gangs is their use of Living off the Land (LOTL) attacks, where attackers leverage legitimate tools to evade detection, steal data, and more.

Let’s dive into the dangers of LOTL attacks in RaaS operations and provide guidance for under-resourced IT teams on how to detect and block such threats.

The deceptive nature of LOTL attacks

In an ideal world, IT teams whose organizations are under attack would have clear and direct evidence of the malicious activity.

For example, if unusual network connections are being made to remote IP addresses associated with known malicious actors, then there’s little doubt that you’re under attack—enabling IT to put a halt to the behavior early on.

But now imagine you’re diligently monitoring a network for any signs of suspicious activity. As you scan a seemingly endless stream of logs, searching for any anomalies that could signal trouble, you notice some activity from PowerShell, a versatile and legitimate scripting tool.

Script Block Logging records all blocks of code as they’re executed by PowerShell, which could you point to suspicious activity. Source.

Namely, there are scripts using commands that an attacker could use to steal data from the company’s network, but which also resembled legitimate administrative tasks used by IT professionals for various system administration tasks. Considering it’s regular business hours, you figure it’s part of a routine IT maintenance operation and move on.

But, lo and behold, it was a RaaS gang the whole time!

The attacker had studied the company’s environment and had a deep understanding of the tools and processes typically used by employees, and so they managed to avoid raising suspicion by blending in with typical PowerShell usage. By conducting the attack during normal business hours, the attackers also avoided any of the usual scrutiny that would come from moving across a network late at night. 

This is exactly why LOTL attacks are so dangerous: by mimicking normal behavior, LOTL attacks make it extremely difficult for IT teams and security solutions to detect any signs of malicious activities. Experienced analysts, however, might be able to pick up on subtle anomalies or patterns that indicate a LOTL attack, leveraging their expertise and deep understanding of system behaviors.

On the other hand, new or under-resourced teams may struggle to identify such attacks due to a lack of experience or insufficient tools, leaving them vulnerable to these stealthy threats.

5 LOTL tools used by ransomware gangs 

While attackers use a seemingly innumerable amount of legitimate tools for LOTL attacks, below are five of the most common ones we’ve seen the most active ransomware gangs using for their attacks.

Tool Used For Used To Used By
PowerShell Versatile scripting language and shell framework for Windows systems Execute malicious scripts, maintain persistence, and evade detection LockBit, Vice Society, Royal, BianLian, ALPHV, Black Basta
PsExec Lightweight command-line tool for executing processes on remote systems Execute commands or payloads via a temporary Windows service LockBit, Royal, ALPHV, Play, BlackByte
WMI Admin feature for accessing and managing Windows system components Execute malicious commands and payloads remotely LockBit, Vice Society, Black Basta, Dark Power, Cl0p, BianLian
Mimikatz Open source tool for Windows security and credential management Extract credentials from memory and perform privilege escalation LockBit, Black Basta, Cuba, ALPHV
Cobalt Strike Commercial pen test to assess network security and simulate advanced threat actor tactics Command and control, lateral movement, and exfiltration of sensitive data LockBit, Black Basta, Royal, ALPHV, Play, Cuba, Vice Society

Again, readers of our monthly ransomware review will recognize that each gang listed here are responsible for the lion’s share of yearly ransomware attacks.

LockBit, for example, topped our 2023 State of Malware Report as being responsible for more than 3 times more attacks than the next most active ransomware, ALPHV. In February 2023 alone, the LockBit group identified 126 victims onto its leak page.

Vice Society, on the other hand, is responsible for 70 percent of known attacks on UK education institutions.

Advice for IT teams

The four tips listed below, combined of cutting-edge technology and unique expertise, can greatly help IT teams uncover LOTL attacks:

1. Regularly monitor network traffic and logs

  • Regularly analyze your network traffic for any unusual patterns or connections to known malicious IP addresses or domains associated with the use of tools like Chisel, Qakbot, or Cobalt Strike. 
  • Enable logging on critical systems (firewalls, servers, and endpoint devices) and regularly review logs for unusual activities or signs of compromise.

2. Stay informed of the latest threat intelligence

  • Leverage threat intelligence feeds to stay informed about new attack techniques, indicators of compromise (IOCs), and other relevant threat data.
  • Use this data to fine-tune your security monitoring, detection, and response capabilities to identify and mitigate LOTL attacks.

3. Leverage behavioral analysis and anomaly detection

  • Implement advanced monitoring tools that focus on detecting unusual user or system behavior rather than relying solely on known signatures or patterns.
  • Machine learning and artificial intelligence can be leveraged to identify deviations from normal behavior, which might indicate an ongoing LOTL attack.

Malwarebytes EDR observes the behaviors of processes, registry, file system, and network activity on the endpoint using a heuristic algorithm looking for deviations. Here you can see all detection rules triggered in the suspicious activity and their mapping to MITRE ATT&CK.

4. Restrict the abuse of legitimate tools

  • Focus on managing and controlling the use of legitimate tools and system features often exploited in LOTL attacks.
  • Limit access to certain tools only to users who require them, monitoring their usage, and applying specific security policies to restrict potentially harmful actions.

In short, by continuously analyzing network and system data, identifying potential weak points, and anticipating attacker tactics, IT teams can begin to get the upper-hand against RaaS gangs that employ LOTL techniques.

24×7 security monitoring and threat hunting for your organization

Monitoring network traffic, enabling and reviewing logs, checking for anomaly detection, and implementing application control are essential steps for detecting and blocking malicious activity. However, these efforts often require around-the-clock coverage and deep cybersecurity expertise, which can be difficult for small and medium-sized organizations to maintain.

This is where Malwarebytes Managed Detection and Response (MDR) comes in.

stop hidden threats

Malwarebytes MDR analysts are experienced in detecting malicious use of legitimate tools and blocking attackers. They use their expertise to identify unusual patterns or connections to malicious IP addresses, domains, or unauthorized application usage related to the LOTL attacks conducted by the RaaS gangs.

By partnering with Malwarebytes MDR, businesses can enhance their security posture and gain peace of mind, knowing that a skilled team of security experts is working 24x7x365 to proactively detect and respond to potential threats. Find more MDR resources below!


[ad_2]
Source link

Samsung pushes April update to the Galaxy A71 5G

andreasc
-
0
Samsung pushes April update to the Galaxy A71 5G
[ad_1]

Another mid-range Samsung smartphone is receiving the April security patch. Samsung has released the latest security update for the Galaxy A71 5G. It follows dozens of other Galaxy devices in the party.

As of this writing, the April SMR (Security Maintenance Release) for the Galaxy A71 5G is limited to a couple of Asian countries. According to SamMobile, which first reported this rollout, the 2020 premium mid-range handset is getting the latest update in Saudi Arabia and the UAE. The new firmware build number for the device is A716BXXS7FWC1. A wider release covering the phone in other markets, including the US, should follow soon.

This update doesn’t seem to bring anything notable to the Galaxy A71 5G. By notable, we mean user-facing changes, improvements, or new features. Otherwise, the device is getting a big security patch with more than 70 vulnerability patches. At least five of those are critical patches. According to Google, some of those vulnerabilities could enable remote attackers to gain system-level access to your device without you doing anything.

If you’re using a Galaxy A71 5G, you should install this update as soon as possible. While you may receive a notification once the OTA (over the air) rollout hits your unit, you can also manually check for updates. To do that, go to the Settings app and select Software update. Now, tap on Download and install to see if you have a new update pending download. If there’s no OTA update available, check back again later.

Galaxy A71 5G will not get the Android 14 update

Samsung launched the Galaxy A71 5G in April 2020, with sales beginning in June of that year. The device arrived running Android 10 out of the box. Over the past three years, it has received updates to Android 11, Android 12, and Android 13. The handset picked up the Android 13-based One UI 5.1 update last month. It brought a host of new features and improvements.

Unfortunately, that’s the last major feature update for the Galaxy A71 5G. The device is now in its final year of official support from Samsung and will not receive new features anymore. That means no Android 14. The handset isn’t eligible for four Android OS updates. It will only get security updates going forward. We will keep you posted on those releases. In the meantime, if you’re considering upgrading to a recent Samsung phone in a similar price bracket, you may check out the Galaxy A54 5G.


[ad_2]
Source link

Samsung doesn’t plan to utilize its 1-inch camera in Galaxy phones

andreasc
-
0
Samsung doesn’t plan to utilize its 1-inch camera in Galaxy phones
[ad_1]

Samsung is reportedly working on a 1-inch camera sensor for smartphones. However, it doesn’t plan to use that sensor in its Galaxy phones. The company will supply the gigantic camera to other vendors.

Sony launched the world’s first 1-inch smartphone camera last year. The Sony IMX989 debuted inside the Xiaomi 12S Ultra in July. This camera has made it into several other devices since then, including the Vivo X90 Pro+ and the OPPO Find X6 Pro. Samsung has been rumored to be readying a competing solution for some time now but it hasn’t introduced a 1-inch camera sensor yet. The latest word is that the company is still working on the new camera. Noted Twitter tipster @Tech_Reve recently confirmed that.

While the tipster didn’t reveal a launch date or even a tentative timeframe, they shared some interesting bits of information. According to them, Samsung “has no intention” of using the big camera in Galaxy devices. Instead, it will sell the sensor to rival firms. The Korean behemoth is probably looking to capitalize on the demand for a new 1-inch smartphone camera from Chinese firms such as Xiaomi, Oppo, and Vivo. They currently don’t have a second choice over the Sony IMX989.

Samsung will focus on improving its 200MP camera for Galaxy devices

Samsung will not use a 1-inch camera in its upcoming smartphones because it plans to improve its 200MP sensor featured in the Galaxy S23 Ultra. Next year’s Galaxy S24 Ultra may get an improved version of it. The company will reportedly introduce a new 200MP camera with the Galaxy S25 series in 2025. Rumors have it that it will include technologies like nanophotonics and arrive as the world’s first image sensor built on a 17nm process node.

Moreover, Samsung also plans to introduce a new 50MP flagship camera in 2025. The ISOCELL GN3 sensor found in the Galaxy S23 and Galaxy 23+ will make it to the Galaxy S24 series as well. However, with the Galaxy S25 series, the company is expected to equip the smaller two models with a new sensor.

It remains to be seen if Samsung’s decision not to launch a Galaxy phone with a 1-inch camera sensor backfires amid competition from Chinese vendors. Bigger sensors mean bigger pixels, effectively allowing more light to go through. Theoretically, this should enable brighter and sharper pictures in low-light conditions. Time will tell what Samsung has in store for its flagship smartphone camera for the next few years.


[ad_2]
Source link

LockBit Ransomware Expands Attack Spectrum to Mac Devices

andreasc
-
0
LockBit Ransomware Expands Attack Spectrum to Mac Devices
[ad_1]

Analysis by Apple’s Patrick Wardle confirms that Lockbit ransomware “poses no threat to macOS users.”

LockBit ransomware gang is reportedly developing a new version of malware that can encrypt files on Apple macOS, as revealed by MalwareHunterTeam. This would be the first instance of malware targeting Mac devices, as LockBit has previously focused on Linux and Windows devices.

The ransomware group is known for its RaaS (ransomware-as-a-service) operation, lending ransomware to cybercriminals for a fee. The new malware is named locker_Apple_M1_64, and there are separate versions for PowerPC Macs as well.

Malware Details:

The new malware, locker_Apple_M1_64, was first detected targeting Mac devices in November 2022, according to Vx-Underground, a platform that examines malware samples. It has not been detected by any anti-malware engines on VirusTotal, but information about this malware has been limited since last fall.

Researchers have noted that the LockBit ransomware gang is expanding its attack spectrum by targeting Macs, which marks a significant development in their tactics.

Expert Analysis:

According to Patrick Wardle, a security researcher and founder of Objective-See, while the malware is capable of running on Macs, it does not pose a serious risk due to several factors. The malware sample analyzed by Wardle was not signed by a trusted certificate, which means macOS won’t run it.

Additionally, Apple’s file system protection solutions such as Transparency, Consent, and Control/TCC would limit the impact of the malware even if it manages to infiltrate a macOS device. Moreover, the malware had bugs, and Wardle concluded that it was not ready for prime time.

In a blog post, Wardle stated that the ransomware is buggy and contains flaws, including buffer overflows that cause it to prematurely exit.

While this may be the first time a large ransomware group created ransomware capable of running on macOS, it is worth noting that this sample is far from ready for prime time […] From its lack of a valid code-signing signature to its ignorance of TCC and other macOS file-system protections as it stands it poses no threat to macOS users.

Patrick Wardle

Conclusion:

In conclusion, the LockBit ransomware gang’s development of a macOS version of malware targeting Mac devices is a significant development in their attack tactics. However, based on Apple’s analysis, the current version of the malware does not pose a serious risk to macOS devices due to security measures in place.

Nevertheless, it underscores the need for continued vigilance against evolving malware threats and the importance of robust cybersecurity measures to protect against ransomware attacks on all platforms.

  1. BitTorrent sites drop crypto-ransomware on macOS
  2. EvilQuest ransomware hits macOS via pirated software
  3. macOS malware XcodeSpy sneaking into spy on victims

[ad_2]
Source link

Samsung Galaxy S23 vs Samsung Galaxy S21

andreasc
-
0
Samsung Galaxy S23 vs Samsung Galaxy S21
[ad_1]

The Samsung Galaxy S23 is one of the most compact high-end Android smartphones in the market at the moment. In this article, we’ll compare it with its predecessor. No, I’m not talking about the Galaxy S22, as we already did that comparison. This time around, we’ll compare the Samsung Galaxy S23 vs Samsung Galaxy S21. Many of you are probably considering upgrading at this point, and if you’re aiming at a more compact flagship, there are not that many choices out there

These two phones may look somewhat similar, but there’s more here than meets the eye. They also have quite a few differences in the spec department, so we’ll get over that too. Speaking of which, we’ll first list their specifications, and will take things from there. We’ll compare the two phones across a number of other categories, including design, display, performance, battery, cameras, and audio.

Specs

Samsung Galaxy S23Samsung Galaxy S21
Screen size6.1-inch fullHD+ flat AMOLED display (120Hz refresh rate, 1,750 nits peak brightness)6.2-inch FullHD+ Dynamic AMOLED 2X display (120Hz adaptive refresh rate, LTPS)
Screen resolution2340 x 10802400 x 1080
SoCQualcomm Snapdragon 8 Gen 2 for GalaxyQualcomm Snapdragon 888 or Samsung Exynos 2100
RAM8GB (LPDDR5X)8GB (LPDDR5)
Storage128GB (UFS 3.1)/256GB (UFS 4.0)/512GB (UFS 4.0), non-expandable128GB/256GB, non-expandable
Rear cameras50MP (f/1.8 aperture, 24mm lens, 1.0um pixel size, OIS, Dual Pixel PDAF)
12MP (ultrawide, f/2.2 aperture, 13mm lens, 120-degree FoV, 1.4um pixel size)
10MP (telephoto, f/2.4 aperture, 70mm lens, 1.0um pixel size, OIS, 3x optical zoom, PDAF)		12MP (f/1.8 aperture, 1.8um pixel size, OIS, Dual Pixel PDAF)
12 MP (f/2.2 aperture, 1.4um pixel size, 120-degree FoV)
64MP (f/2.0 aperture, 0.8um pixel size, OIS, PDAF, Hybrid Optic 3X, 30X Space Zoom)
Front cameras12MP (f/2.2 aperture, 26mm lens, Dual Pixel PDAF)10MP (f/2.2 aperture, 1.22um pixel size, 80-degree FoV, Dual Pixel AF)
Battery3,900mAh, non-removable, 25W wired charging, 15W wireless charging (Qi/PMA), reverse wireless charging
Charger not included		4,000mAh, non-removable, 25 fast wired charging, 15W Qi wireless charging, Wireless PowerShare
Charger not included
Dimensions146.3 x 70.9 x 7.6mm151.7 x 71.2 x 7.9mm
Weight168 grams169 grams
Connectivity5G, LTE, NFC, Bluetooth 5.3, Wi-Fi, USB Type-C5G, LTE, NFC, Bluetooth 5.0, Wi-Fi, USB Type-C
SecurityIn-display fingerprint scanner (ultrasonic)In-display fingerprint scanner (ultrasonic)
OSAndroid 13
One UI 5.1		Android 11 (upgradable)
One UI 3.0
Price$799/$849/TBA$274 (refurbished)
BuySamsungAmazon

Samsung Galaxy S23 vs Samsung Galaxy S21: Design

These two devices do look somewhat similar. They both have flat displays, a centered display camera hole, and thin displays. The curvature in the corners is also quite similar. You will easily tell the two apart when you flip them, however. The Galaxy S21 has a dedicated camera island, while the Galaxy S23 does not. Each of the three cameras on the Galaxy S23 protrude directly from the backplate.

The Galaxy S23 is made out of aluminum and glass, while the Galaxy S21 combines aluminum with plastic. Yes, that’s a plastic backplate on the back of the Galaxy S21, though you wouldn’t necessarily know it just by holding the phone. The Galaxy S23 is shorter, narrower, and slightly thinner. That’s mostly because it has a slightly smaller display. It’s also a gram or two lighter, but that’s not a difference you’ll be able to notice.

Both devices are IP68 certified for water and dust resistance. Both of them feel really nice in the hand, though they are quite slippery. They do feel like premium products, even the Galaxy S21 with a plastic backplate, as you’re unable to tell the difference, really. That plastic will scratch more easily, though, of course. Therefore, the Galaxy S23 is, technically, a more premium product of the two.

Samsung Galaxy S23 vs Samsung Galaxy S21: Display

The Samsung Galaxy S23 includes a 6.1-inch fullHD+ (2340 x 1080) Dynamic AMOLED 2X display. This display is flat, and it supports a 120Hz refresh rate. It also has HDR10+ content support, and gets up to 1,750 nist of peak brightness. We’re looking at a 19.5:9 display aspect ratio, while the Gorilla Glass Victus 2 is in charge of protecting the panel itself.

Samsung Galaxy S21 Review AM AH 08

The Galaxy S21, on the other hand, has a 6.2-inch fullHD+ (2400 x 1080) Dynamic AMOLED 2X display with a 120Hz refresh rate. It also has support for HDR10+ content. You may wonder what’s different in comparison with the Galaxy S23. Well, the brightness aspect. This panel gets up to 1,300 nits, nowhere near the Galaxy S23’s display. And while this display is also flat, it has a different aspect ratio of 20:9. This display is protected by the Gorilla Glass Victus.

Truth be said, both of these displays are great. They’re vivid, more than sharp enough, and have great viewing angles. The touch response is also quite good, so there’s really not much to complain about. The Galaxy S23 is definitely the better choice if you’re planning to use the device plenty while you’re outdoors, especially in direct sunlight. The difference in brightness is quite noticeable.

Samsung Galaxy S23 vs Samsung Galaxy S21: Performance

The Samsung Galaxy S23 is fueled by the Snapdragon 8 Gen 2 for Galaxy SoC. It also includes 8GB of LPDDR5X RAM and UFS 4.0 flash storage. The Galaxy S21, on the other hand, is fueled by the Snapdragon 888 or Exynos 2100, depending on the market. It includes 8GB of LPDDR5 RAM and UFS 3.1 flash storage. The Galaxy S23 definitely has the edge when it comes to performance.

The fact the Galaxy S23 comes with the Snapdragon 8 Gen 2 for Galaxy in all markets is a great move by Samsung. Exynos models have been inferior to their Snapdragon counterparts over the years. The Galaxy S23 is technically a much more powerful phone, based on the performance-related specs. That much is obvious. Is that something you’ll notice in day-to-day performance?

Well, let’s just say that the Galaxy S21 still performs really well, but when you pit it directly against the Galaxy S23, you’ll notice the added fluidity. A much more noticeable difference can be spotted while gaming, as the Galaxy S23 can chew through anything, basically, with style. The Galaxy S21 is a bit easier to bog down with the most demanding titles. The Galaxy S23 also has better power consumption, especially when compared with the Exynos Galaxy S21 model.

Samsung Galaxy S23 vs Samsung Galaxy S21: Battery

There is a 3,900mAh battery inside the Galaxy S23, while the Galaxy S21 includes a 4,000mAh unit. Back when we tested the Galaxy S21 battery life, we were able to cross the 6-hours screen-on-time mark and still have about 15% of battery life. Well, on most days, at least. The Galaxy S23 offers comparable results. You should not have a problem getting over the 6-hour screen-on-time mark on either phone, presuming you’re not a gamer.

Your mileage may, of course, differ. You’ll be using different apps, in different situations, and have different signal strengths. Still, the battery life on these two phones is nowhere near as bad as is on the Galaxy S22. That device really didn’t provide much in terms of battery life. Most of you will be happy with what these two have to offer. If you already use the Galaxy S21, upgrading to the Galaxy S23 should bring you similar results.

When the charging is concerned, they’re the exact same. They both support 25W wired, 15W wireless, and 4.5W reverse wireless charging. You won’t get a charger with either phone, actually. Samsung doesn’t include it in the box, so you’ll have to get one separately in order to take advantage of the full charging speed.

Samsung Galaxy S23 vs Samsung Galaxy S21: Cameras

The Galaxy S23 is equipped with a 50-megapixel main camera, a 12-megapixel ultrawide unit (120-degree FoV), and a 10-megapixel telephoto camera (3x optical zoom). The Galaxy S21, on the flip side, has a 12-megapixel main camera, a 12-megapixel ultrawide camera (120-degree FoV), and a 64-megapixel telephoto camera (1.1x optical zoom). It is to be expected for the Galaxy S23 to offer better results, and it does, quite noticeably.

Samsung Galaxy S21 Review AM AH 09

The Galaxy S23 provides better results in pretty much every way. The least visible change is in the ultrawide camera, but that doesn’t mean the Galaxy S23 isn’t better in that regard too. The Galaxy S23 can take sharper images, which are also balanced better, not to mention it does better with HDR too. In low light, the results come out both sharper, and better exposed in general.

The telephoto camera is miles better, as the Galaxy S21’s doesn’t offer anything close to a 3x optical zoom. The ultrawide camera provides better colors for images, and sharper results overall. On top of that, the photos look less artificial. That being said, the Galaxy S21 still provides good results, but noticeably worse in comparison with its much younger cousin. Something similar can be said for video recording, but the difference is not that big.

Audio

Both the Galaxy S23 and S21 feature a set of stereo speakers. Those speakers are optimized by AKG, and they’re good in both cases. We did notice more details from the Galaxy S23, and also a wider soundstage in general. Both sets of speakers are loud enough.

There is no audio jack on either of these two phones. You will have to use their Type-C ports, if you’d like to connect your headphones via a wire. Alternatively, the Galaxy S23 offers Bluetooth 5.3 support, while the Galaxy S21 comes with Bluetooth 5.0.


[ad_2]
Source link
1...1,2861,2871,288...1,452Page 1,287 of 1,452