Author Topic: Is the real big one round the corner...  (Read 1850 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Is the real big one round the corner...
« on: July 05, 2021, 10:10:13 PM »
Dear members of the security community as Google would put it,

We have seen REvil ransomware group now attacking more and more dastardly. They seem to have enormous funds in bitcoins to get their hands on the very high ranking not yet known vulnerabilities, that others have been sitting on for years not known even to the knowledge of the community.

What was it that Kaspersky detected, what it's av wasn't supposed to flag and let forces turn a sour eye on them?

Many a question, no or very little anwers. World Economic Forum specialists warning now for the big one to come or better say being "in the pipeline" to deregulate the very core of Interweb's infrastructure.

Ransomware attacking concerns and firms may influence also stock=markets (ransomeware gangs publish insights into their potential victims, as they operate like enterpreneurs). It also may drive prices up, as concerns or industries seek to compensate millions and millions in bitcoin losses. Sometimes even insiders from MS wonder what will be the crux of the next attack, they did not see coming. Be aware of your updates (e.g. on coming July 8th).

These are dangerous digital times to live in folks, keep avast at your side (or would it be site)?
Forewarned is forearmed, the proverb goes,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Is the real big one round the corner...
« Reply #1 on: July 06, 2021, 01:26:04 AM »
Here's more on that same topic, https://youtu.be/KIkSVxUJ0H0
Biden had promised to make this a priority.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Is the real big one round the corner...
« Reply #2 on: July 06, 2021, 02:24:14 AM »
Here's more on that same topic, https://youtu.be/KIkSVxUJ0H0
Biden had promised to make this a priority.

Its about time Governments got serious about this and have the funds seized from the bitcoin accounts as the proceeds of crime.  After all in order for the ransom to be paid the account has to be given, that is the start of the financial trail.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Charyb-0

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2508
Re: Is the real big one round the corner...
« Reply #3 on: July 06, 2021, 09:22:59 PM »
1.  I wonder if Avast would have detected and prevented Kaseya and/or SolarWinds?
2.  How does one trust any software anymore considering the exploits we have seen? I'm sure I read somewhere that SolarWinds was digitally signed.
3.  What would be the best setting for Avast antivirus to protect against this?
4.  Would default settings be ok? A whitelist doesn't appear to be the answer.

edit: removed some info.
« Last Edit: July 07, 2021, 02:20:27 AM by Charyb »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is the real big one round the corner...
« Reply #4 on: July 07, 2021, 06:15:20 PM »
Hi Charyb,

DLL-hijacking is very much of an issue here.

Microsoft Defender
To execute the attack the attackers used a vulnerable version of Microsoft Defender, according reports by Sophos AV's Mark Loman.
That specific version is vulnerable to side-loading, in which malicious code can be loaded into a dll-file, when positioned correctly. Attackers often position such a dll-file often inside the directory of the accompanying executable. When the executable is being run also the malicious dll-file will be laoded. All part of a process called dll-hijacking.

As soon as such a dll-file has been loaded into memory, the malware will rid itself from the hard disk. Then the executable and compromitted Microsoft Defender file will encrypt hard disk, external disks and network disks. All this will be performed by a Microsoft Signed application that securitycontrols will more often then not trust and will allow to run.

An opponent that is able to perform such cybercriminal operations is a tremendous opponent.
Be afraid, folks, be very afraid, see where Big Tech security through obscurity may lead us.
The Cybercrime Twilight zone, real insecurity may be out there somewhere....

pol

« Last Edit: July 07, 2021, 06:20:30 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Is the real big one round the corner...
« Reply #5 on: July 07, 2021, 06:34:51 PM »
Where did it mention MS Defender? Can you share the link?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Charyb-0

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2508
« Last Edit: July 07, 2021, 08:52:10 PM by Charyb »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Is the real big one round the corner...
« Reply #7 on: July 07, 2021, 10:11:39 PM »
Thanks. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is the real big one round the corner...
« Reply #8 on: July 09, 2021, 11:05:59 AM »
But whenever old vulnerable customer portals are left to be abused online,
we haven't achieved the more secure situation we are after.
Not by a long way. Sometimes I also feel like preaching for the choir.
Interwebz a dangerous place to be sometimes.

Read for instance: https://krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/
Re: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2862 
which has led to a world-wide ransomware attack,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!