Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions
Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359.
"These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools," the tech giant said in a post on Friday.
Storm-#### ( Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Using Money-Making Scripts to Deliver Multiple Malware
The FBI warned about attacks on government and non-profit organizations in April, which involved deploying multiple malware strains on victim devices.
Besides this, the attackers aim to achieve the following things:-
Mine resources
Steal data
Establish backdoor access to systems
Cybersecurity researchers at Securelist recently identified numerous malicious money-making scripts that hackers actively use to deliver multiple malware.
Since late 2022, under this campaign, security analysts detected the following things:-
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Technical analysis
Following the April report on indicators of compromise, experts uncovered new malicious scripts in their August telemetry.
The following scripts appear to exploit vulnerabilities on servers and workstations to tamper with Windows Defender:-
runxm1.cmd
start.cmd
The start.cmd script aims to disable protection via the registry while runxm1.cmd script adds files to exceptions, obtains administrator rights, and renames security solution folders.
Here below, we have mentioned all the executable and configuration files that the scripts attempt to download from this domain:-
start.cmd initiates RtkAudio.exe using config.txt for Monero mining. Additional downloaded files include View.exe, executed to save various files in the C:UsersPublic directory.
Files saved by View.exe (Source – Securelist)
Analysis of the files reveals keylogger functionality in Systemfont.exe, while IntelSvc.exe acts as a typical backdoor, connecting to a C2 server for instructions.
Attack Geography
Researchers have noted over 10,000 attacks targeting 200+ users globally since May 2023, primarily affecting B2B sectors such as-
Government agencies
Agriculture
Retail
However, besides this, all these threats were primarily encountered in the following countries:-
Russian Federation
Saudi Arabia
Vietnam
Brazil
Romania
Threat actors are increasingly targeting the B2B sector, using initial crypto-miner infections as a gateway for more harmful attacks like backdoors and keyloggers.
To defend against these evolving threats, businesses must continuously enhance their security measures.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
API Security Trends 2023 – Have Organizations Improved their Security Posture?
APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications.
However, this increased reliance on Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Microsoft rolls back decision to stop Windows 11 22H2 preview updates
Microsoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024. […] Read More