Akira ransomware, a prominent threat actor, is continuously evolving its tactics and targeting vulnerable systems, particularly network appliances. Their latest ransomware encryptor targets both Windows and Linux hosts. Akira affiliates have been exploiting vulnerabilities in SonicWall SonicOS, Cisco ASA/FTD, and FortiClientEMS for initial access, followed by credential harvesting, privilege escalation, and lateral movement. The group’s recent shift back to encryption methods, coupled with data theft extortion, emphasizes their focus on stability and efficiency in affiliate operations.
Ransomware gangs are increasingly using the notoriety of established variants, such as LockBit, to intimidate victims. They leverage the fear associated with LockBit’s capabilities to pressure victims into paying ransoms. These gangs often embed hard-coded AWS credentials in their ransomware, allowing them to exfiltrate data using Amazon S3’s Transfer Acceleration feature. This tactic highlights the importance of implementing robust data protection measures, such as strong access controls and secure credential management, to prevent data exfiltration and mitigate ransomware threats.
Necro.N is a highly intrusive mobile malware campaign targeting Android devices, showing similarities to the notorious Joker malware. The campaign involves the distribution of malicious SDKs within mobile applications, exploiting users who download these apps. The malware uses steganography to hide its payload within images, making it challenging to detect. Once installed, the malware can steal sensitive data, subscribe victims to unwanted paid services, and perform other malicious actions. Necro.N poses a major threat to Android users, highlighting the importance of installing apps only from trusted sources.
EDRSilencer is a red team tool that has been observed being abused by threat actors to disrupt endpoint detection and response (EDR) solutions. It achieves this by blocking EDR traffic, making it harder for EDR solutions to identify and respond to malicious activity. This tool was discovered by Trend Micro, they also found that EDRSilencer can be used to conceal malicious activity, allowing threat actors to operate more stealthily. This represents a worrying development in the field of cybersecurity, with threat actors increasingly focusing on evading detection by EDR solutions.