You may have trained employees about phishing emails but are they properly trained about phony call centers? According to the Microsoft security blog, the BazaCall campaign seems to be more dangerous than first believed. Users are tricked into phoning the call center which then prompts them to download the BazaLoader malware. The loader gives hackers remote control of the user system that allows for fast Network compromise and ransomware execution.
In the ever-evolving world of hacker and ransomware names, DoppelPaymer rebranded to Grief because God forbid one of these groups picks a normal-sounding name that doesn’t change every other week. And, just so you have two more names to keep track of two new ransomware gangs that have emerged, Haron and BlackMatter, both of which operate on the ransomware-as-a-service model.
In a move that shows even criminals are trying to automate their jobs away, LockBit 2.0 is using active directory group policies to deploy their ransomware via Windows domains.
When it’s executed on a domain controller the ransomware disables native Microsoft protections such as defender, alerts, and stops sending samples to Microsoft. Then it replaces them with new group policies that schedule the ransomware executable on individual devices.
For those that enjoy blackhat hackers having a hard time, Lawrence Abrams did some reporting on the Babuk gang and their inner strife which led to a split and the creation of a new forum.
And Finally to end on a positive note, the public-private partnership No More Ransom is celebrating its 5th anniversary this past week. And there’s a lot to celebrate! The online portal has enabled over 6 million ransomware victims to recover their files with €1 Billion in Ransom avoided thanks to their decryptors.
Upcoming Security Conferences
Black hat is one of the largest annual security conferences. It’s the corporate version of Defcon and as such is a great opportunity to get face time with security professionals such as the Varonis team. Be sure to stop by our booth!
This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.