Encircle News!

Retro Game Arcade
, , ,

This crafty ransomware uses an unusual social-engineering tactic to gain access to victim systems

TechRadar – All the latest technology news

Cybersecurity researchers from the Sophos X-Ops Incident Response team have observed hackers deploying an unusual social engineering tactic to gain access to victim systems and steal sensitive data.

The team outlined how a new ransomware player called Mad Liberator emerged in mid-July 2024, mostly focused on data exfiltration (rather than system encryption), but also sometimes engaged in double extortion (encryption + data theft). It also has a data leak website where it threatens to publish the stolen data unless the victims pay up.

What sets Mad Liberator apart from other threat actors is their initial access vector. Usually, hacking groups would trick their way inside, usually with phishing email or instant messaging services. In this case, however, they seem to have “guessed” the unique Anydesk identifier.

Abusing legitimate software

Anydesk is a legitimate remote desktop application used by thousands of businesses worldwide. Each device where Anydesk is installed gets a unique identifier, a 10-digit number, which other endpoints can “dial” and thus gain access to. Oddly enough, the attackers one day just dialed into one of the computers belonging to the victim organization, seemingly with absolutely no prior interaction. The computer that was targeted also does not belong to any high-profile employee or manager.

The victim just assumed the IT department was doing regular maintenance so they accepted the dial-in, no questions asked.

This gave the attackers unabated access, which they used to deploy a binary that, on the surface, looks like a Windows update. They also disabled keyboard input from the victim’s side, to make sure they don’t spot the ruse by accidentally pressing the Esc button and minimizing the running program.

After a few hours, the crooks managed to pull sensitive data from the device, connected cloud services, and scanned for other connected devices they might pivot to.

Once again, “assume nothing, suspect everything” proves to be the proper mindset to remain secure in the workplace.

More from TechRadar Pro

https://www.techradar.com/pro/security/this-crafty-ransomware-uses-an-unusual-social-engineering-tactic-to-gain-access-to-victim-systems

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

August 2024
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing This Week in Tech (Audio)

Former YouTube CEO Susan Wojcicki dies after 2 years with lung cancer Google (GOOGL) Loses DOJ Antitrust Suit Over Search Engine on Phone Browsers Will Google's historic monopoly lawsuit be the death knell for Mozilla and Firefox? Google pulls Olympics AI ad 'Dear Sydney' Brands should avoid this popular term. It's turning off customers US court blocks Biden administration net neutrality rules The KOSA Internet Censorship Bill Just Passed The Senate—It's Our Last Chance To Stop It Judge tosses challenge to Louisiana's age verification law aimed at porn websites CNET to Be Sold to Ziff Davis in Sign of Possible Media Deals to Come Intel announces two extra years of warranty amid chip crashing and instability issues — longer warranty applies to 13th- and 14th-Gen Core processors Canadian news engagement down significantly one year after Meta's ban: study Microsoft's AI Can Be Turned Into an Automated Phishing Machine 'The Godmother of AI' says California's well-intended AI bill will harm the U.S. ecosystem Scoop: X files antitrust lawsuit against ad industry group GARM Scientists Say Secret to Fusion May Lie in Hellmann's Mayonnaise Host: Leo Laporte Guests: Abrar Al-Heeti, Shoshana Weissmann, and Andrew Chow Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: ziprecruiter.com/twit mintmobile.com/twit bitwarden.com/twit expressvpn.com/twit NetSuite.com/TWIT
  1. TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing
  2. TWiT 991: This Show Is Securities Fraud – Intel Layoffs, KOSA, Don Lemon
  3. TWiT 990: Dogecoin Fort Knox – AI Cheese, SearchGPT, "Free" Facebook
  4. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Streaming the Olympics
  5. TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo