Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending May, 2023
Subscribers favorite #1
A new ransomware group dubbed Cactus targeting vulnerabilities in VPN appliances. It has unique characteristics that encrypt itself to avoid detection by security software. The ransomware is believed to have first been deployed in March. The ransomware targets known vulnerabilities in Fortinet VPN appliances to gain access .
Cactus goes through the regular ransomware steps – spreading through a targeted network, stealing and encrypting files as it goes along, but its obfuscation technique is what makes it interesting compared to various forms of ransomware before it.
Subscribers favorite #2
Researchers have discovered a new ransomware called RA Group that has been active for at least a month, The group has already compromised three organizations in the U.S. and one in South Korea. Researchers say that the group is using the leaked Babuk ransomware source code.
The binary has the debug path that has the same mutex name as the Babuk ransomware, suggests the malware borrows Babuk’s leaked source code. The RA Group also uses a double extortion model and runs a date leak site similar to other threat actors.
Subscribers favorite #3
Researchers have uncovered a new ransomware variant, dubbed Rapture, that employs a minimalistic approach and leaves a minimal footprint.
Rapture shares similarities with the Paradise ransomware, such as the RSA key configuration file and the requirement of a .NET 4.0 framework for execution. Rapture differs in the way that it was found to be injected into legitimate processes, and in some instances, the attackers dropped it as a *.log file. Rapture appends six characters to encrypted files and requires specific command lines for proper execution.
The ransom note dropped by Rapture bears a resemblance to the Zeppelin ransomware, although no other connections between the two have been identified.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
Researchers have identified a spike in attacks attempting to exploit the Ruckus Wireless Admin remote code execution by a botnet known to be AndoryuBot.
The vulnerability tracked as CVE-2023-25717. The bot supports multiple DDoS attack techniques and uses SOCKS5 proxies for C2 communications. The issue affects Ruckus Wireless Admin version 10.4 and earlier used by multiple Ruckus wireless Access Point devices. A remote, unauthenticated attacker can exploit the vulnerability to execute arbitrary code and take complete control of a vulnerable device.
Subscribers favorite #5
A new ransomware operation brought in to limelight by the researchers called Akira and targets businesses worldwide, breaching corporate networks, stealing, and encrypting data.
Threat actors have over dozens of organizations in their portfolio as victims from areas like finance, manufacturing, real estate, education, and consultancy. Among the recently claimed attacks includes the Bluefield, the Bridge Valley Community and Technical College, Mitchell Partnership Inc., Garcia Hamilton & Associates, and New World Travel, Inc.