![]() ![]() The massive, combined school district in Los Angeles, California was hit with a ransomware attack this week, forcing more than 600,000 students and staff to reset their passwords. Threat actors traditionally try to target the education sector during this period when schools are more susceptible to an attack and more likely to pay any ransom payments. ![]() Many students are heading back to school across the U.S., which also means an increased risk of cyber attacks for those schools. Affected victims are in several different countries, including the U.S., Spain, Australia, Poland, Germany and Austria. The malware disguises itself as two apps: Mister Phone Cleaner, which has more than 50,000 downloads so far on the Google Play store, according to security researchers, and Kylhavy Mobile Security, which has been downloaded more than 10,000 times. SharkBot, which was first discovered in February, infects Android users and then tries to initiate unwanted bank transfers by stealing users’ login information and intercepting SMS multi-factor authentication messages. The newest version of a well-known banking trojan on the Google Play store is masquerading as legitimate antivirus software and has already been installed on tens of thousands of devices. Additionally, we’ve released new Snort rules and OSqueries to detect any MagicRAT activities and block it before the attackers can get any further. So now what? In the attacks we observed, Lazarus Group commonly exploited VMware vulnerabilities, so users should update any products they’re using as soon as possible. Any new developments from this group are noteworthy for the security community at large. Lazarus is already a formidable threat actor that’s been incredibly active this year, including major cryptocurrency-related attacks aimed at generating money for the North Korean government and subverting international sanctions. Why do I care? The discovery of MagicRAT in the wild is an indication of Lazarus' motivations to rapidly build new, bespoke malware to use along with their previously known malware such as TigerRAT to target organizations worldwide. While being a relatively simple RAT capability-wise, it was built with recourse to the Qt Framework, with the sole intent of making human analysis harder, and automated detection through machine learning and heuristics less likely. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.The Lazarus Group, a well-known state-sponsored threat actor, is adding to its arsenal with a new trojan Talos recently discovered called “MagicRAT.” Lazarus deployed MagicRAT in several instances after the successful exploitation of vulnerabilities in VMWare Horizon platforms. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. Chris also co-hosts the Resilient Cyber Podcast. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. ![]() Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. In addition, he also is an Adjunct Professor for M.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. This ranges from active duty time with the U.S. ![]() Chris has nearly 20 years of IT/Cybersecurity experience. Chris currently serves as the Co-Founder and CISO of Aquia. Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |