New crypto malware targeting Windows, Linux systems: Microsoft
Microsoft has warned customers about a new crypto mining malware that can steal credentials, remove security controls, spread via emails and ultimately drop more tools for human-operated activity.
Named as 'LemonDuck', the crypto mining malware is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.
The malware can quickly take advantage of news, events, or the release of new exploits to run effective campaigns. "LemonDuck's threat to enterprises is also the fact that it's a cross-platform threat.
In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems," Microsoft informed. This threat, however, does not just limit itself to new or popular vulnerabilities.
It continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.
LemonDuck targeted China heavily, but its operations have since expanded to include many other countries - the US, India, Russia, China, Germany, the UK, Korea, Canada, France, and Vietnam. Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilises the credentials present on the device," the Microsoft team said.
The script instructs the mailbox to send copies of a phishing message with preset messages and attachments to all contacts. This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls," the company suggested.
Last Monday, US President Joe Biden's administration finally came out publicly against China's involvement in cybercrimes, accusing it of running a massive global operation of "state-sponsored activities" causing billions of dollars of losses to victims.
Newgen to streamline end-to-end lending processes with Mambu
Newgen Software is announcing its partnership with cloud banking platform, Mambu. The part...
UiPath and Amelia bring in a new era of seamless digital experiences for the Future of Work
UiPath and Amelia, the enterprise leader in Trusted AI have announced a partnership that b...
Zoom expands Zoom IQ with a host of new capabilities
Zoom Video Communications has announced the expansion of Zoom IQ, a smart companion that e...
Team Computers along with Microsoft Surface hosts 300 IT leaders
Team Computers has organized an event to showcase how the diverse range of Microsoft Surfa...
Cisco aiming to build a trusted and resilient future for the nation
Daisy Chittilapilly, President, Cisco India & SAARC The US-based te...
Providing multilingual internet crucial to bridge digital divide in India: MeitY Addl Secy
Calling India the right place for Universal Acceptance Day celebrations, Bhuvnesh Kumar, I...
The new wave of start-ups in the country is a testimony to the entrepreneurial temperament of the youth
PHDCCI conducted “Bharat Startup Summit, 2023” The conclave through discussion...