Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Japan Cyber attack. Show all posts
ransomware attacks
Conti Ransomware Cyber Security Cyberattack Japan Japan Cyber attack Logs Malware Detection ransomware attacks

JPCERT Shares Tips for Detecting Ransomware Attacks Using Windows Event Logs

 

Japan’s Computer Emergency Response Center (JPCERT/CC) recently revealed strategies to detect ransomware attacks by analyzing Windows Event Logs, offering vital early detection before the attack spreads. JPCERT’s insights focus on identifying digital traces left behind by ransomware within four key types of event logs: Application, Security, System, and Setup logs. These logs reveal valuable clues about the entry points used by attackers and can assist in quicker mitigation. Ransomware attacks often target system vulnerabilities and attempt to encrypt files, delete backups, or modify network settings, leaving detectable traces within the event logs. 

For example, the notorious Conti ransomware can be recognized by multiple event logs connected to the Windows Restart Manager, showing event IDs 10000 and 10001. Other ransomware variants like Akira, Lockbit3.0, and HelloKitty, which share similar encryptor technology, leave comparable logs. Additionally, ransomware such as Phobos records when system backups are deleted, a key indicator of malicious activity. Detecting these logs promptly allows administrators to intervene before damage escalates. Midas ransomware, known for spreading infection via network changes, logs event ID 7040. Similarly, BadRabbit leaves event ID 7045 when installing its encryption component, while Bisamware logs events during the beginning and end of a Windows Installer transaction (event IDs 1040 and 1042). 

Other ransomware strains, like Shade, GandCrab, and Vice Society, create errors related to accessing COM applications and deleting Volume Shadow Copies, which are pivotal for restoring encrypted data. JPCERT’s findings illustrate that monitoring for these specific event IDs in combination with a broader security framework could be a game-changer in ransomware defense. Though older ransomware variants like WannaCry and Petya left no such traces in Windows logs, modern ransomware often does. As a result, tracking these logs offers an effective layer of protection against new threats, helping to prevent encryption and data loss. 

It is important to note that no single method of detection is foolproof. A multi-layered approach that combines monitoring event logs with other security tools and protocols remains crucial for protecting systems from ransomware attacks. By using this event log analysis strategy, organizations can significantly reduce the chances of ransomware spreading undetected, giving them the edge in stopping an attack before it cripples their network.
Read more »
NEM
Bitcoin bitcoin exchange cryptocurrency Cyber Crime Japan Cyber attack NEM

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.
Read more »
Malware Attack
Breaking News Cyber Attacks Cyber Crime Japan Cyber attack Malware Attack

Cyber attack in Japan : Malware steals 3k confidential documents from farm ministry


In a suspected Cyber attack against the Japan, Foreign hackers might have compromised more than 3000  confidential data from the country's Ministry of Agriculture,Forestry and Fishery by infecting the ministry's system with a malware.

Investigators from the governemnt revealed that malware used in the suspected cyber-attack to be HTran, a connection bouncer program believed to have been developed by a Chinese hacker group around 2003, The report from The Daily Yomiuri says.

HTran is often used in cyber-attacks to steal information, as it can send data secretly.

"The programme was also used to steal data from the Finance Ministry, as HTran data transmissions were discovered to have taken place from October 2010 to November 2011" The report says.

Initially, the ministry did not inform the police, despite the fact that the intrusion fell under the Unauthorized Access Prohibition Law. However, now, the police have launched their own investigation to determine what information has been compromised.
Read more »
Subscribe to: Posts (Atom)