New crypto malware targeting Windows, Linux systems: Microsoft
Named as 'LemonDuck', the crypto mining malware is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.
The malware can quickly take advantage of news, events, or the release of new exploits to run effective campaigns. "LemonDuck's threat to enterprises is also the fact that it's a cross-platform threat.
In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems," Microsoft informed. This threat, however, does not just limit itself to new or popular vulnerabilities.
It continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.
LemonDuck targeted China heavily, but its operations have since expanded to include many other countries - the US, India, Russia, China, Germany, the UK, Korea, Canada, France, and Vietnam. Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilises the credentials present on the device," the Microsoft team said.
The script instructs the mailbox to send copies of a phishing message with preset messages and attachments to all contacts. This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls," the company suggested.
Last Monday, US President Joe Biden's administration finally came out publicly against China's involvement in cybercrimes, accusing it of running a massive global operation of "state-sponsored activities" causing billions of dollars of losses to victims.
Avaya inks strategic partnership with Alcatel-Lucent Enterprise
Avaya and Alcatel-Lucent Enterprise have announced at GITEX Global the next phase of their...
SunTec Business Solutions and Whatfix to drive adoption of SaaS products
SunTec Business Solutions has announced the strategic partnership and integration of its p...
Speakers call for creating an AI ecosystem for building a growth engine for Odisha, at the 3rd Odias in ML Global Conference
Entrepreneurs, technologists, policymakers, academicians, industry executives, and student...
Autodesk paves the way to power digital transformation in the Cloud
Autodesk has kicked off Autodesk University (AU) 2022, the company’s annual design c...
DSCI’s National CoE and IIT Bombay host Cybersecurity R&D Roadshow 2022
National Cybersecurity Centre of Excellence (NCoE), a joint initiative of Data Security Co...
New draft of Data Protection Bill is being worked on to augment efficient usage knowing it would be used by the industry: Additional Secretary, Meity
Speaking at the CII International Technology Summit 2022 “Technology 4.0 Adoption, A...