Tag: limit | SpinSafe

How to Proactively Limit Damage From BlackMatter Ransomware

January 7, 2022/in Internet Security

The BlackMatter ransomware strain that’s been used in numerous attacks against US critical infrastructure entities and other large organizations in recent months has a serious logic flaw in its code that limits the malware’s effectiveness in some situations.

Organizations that can trigger the faulty logic can potentially mitigate the damage that BlackMatter can cause in their environment, Illusive said in a report Friday.

Illusive researchers discovered the flaw when they observed the ransomware failing to encrypt shares of remote computers in the company’s test environment. A closer inspection of the code showed that BlackMatter encrypts other computers in the same network only if the environment is configured in a particular way.

The logic flaw gives organizations a way to prevent BlackMatter from encrypting file shares, says Shahar Zelig, security researcher at Illusive.

“But it is important to note that the compromised device would still be encrypted,” he says. “And if an attacker has compromised multiple devices, it could still run BlackMatter to encrypt all those devices. This logic flaw is specially about remote shares.”

BlackMatter surfaced in July 2021 soon after the DarkSide ransomware-as-a-service operation shut down following an attack on Colonial Pipeline that stirred concern — and reaction — all the way from the White House down. Like DarkSide, BlackMatter is being distributed under a ransomware-as-a-service model. The malware has been used in attacks against at least two organizations belonging to the US food and agriculture sector and several other critical infrastructure targets. Operators of the ransomware have published data belonging to at least 10 large organizations across the US, Canada, UK, India, Brazil, Thailand, and Chile.

Security vendors that have analyzed the malware describe its payload as highly efficient, small (about 80Kb in size), well-obfuscated, and running mostly in memory. An analysis conducted by Varonis showed the operators of BlackMatter typically gain initial access by compromising vulnerable edge devices, including remote desktops and VPNs, or by abusing login credentials obtained from other sources.

Concerns over BlackMatter prompted…

Source…

New U.S. Rule Would Limit Sales of Hacking Tools to Russia and China

October 21, 2021/in Computer Security

Oct. 21, 2021 8:57 am ET
|

WSJ Pro

Good morning. New export controls on U.S.-made hacking tools take aim at a slice of the cybersecurity industry that operates in gray areas.

The pending regulations will force companies to obtain licenses to sell hacking tools in countries such as China and Russia. But the rules include carve-outs for some firms, including those with select private-sector customers or certain clients who use such software or equipment to hone their own cybersecurity.

The Commerce Department program could push U.S. officials to address the sometimes hazy boundaries between defensive and offensive cyber activity. Some lawmakers are open to the idea of crossing that increasingly blurry line, giving corporate security chiefs legal cover to hack back.

(Continued below.)

Record-breaking Number of DDoS attacks in 2021

Cybercriminals are discovering ever-more-ingenious ways to part organizations from their money. Explore our latest report on the constantly changing threat landscape to stay ahead of your adversaries.