fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gangs Automate Payload Delivery With SystemBC Malware

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj

Ransomware Gangs Automate Payload Delivery With SystemBC Malware

SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims.

The malware, first spotted in 2018 and used in several 2019 campaigns as a “virtual private network”, has allowed ransomware gangs and their affiliates to deploy a persistent backdoor on the targets’ systems in the form of a Tor SOCKS5 proxy.

This helped them create obfuscated communication channels for automated ransomware payload staging and delivery, and data exfiltration.

Used by both Ryuk and Egregor

According to information collected by Sophos researchers while investigating recent Ryuk and Egregor ransomware attacks, SystemBC has been deployed in all their attacks during the last months.

“We are increasingly seeing ransomware operators outsource the deployment of ransomware to affiliates using commodity malware and attack tools,” said Sophos security researcher Sean Gallagher in a report shared in advance with BleepingComputer.

“SystemBC is a regular part of recent ransomware attackers’ toolkits— Sophos has detected hundreds of attempted SystemBC deployments worldwide over the last few months.”

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Ryuk is deploying SystemBC on the domain controller together via multiple malware strains including Buer Loader, BazarLoader, and Zloader, while Egregor operators preferred using the Qbot information stealer.

The attacks investigated by Sophos used several multiple malware-as-a-service providers as a launching pad to deliver the initial malicious payloads and, according to the researchers, “they involved days or weeks of time on the targets’ networks and data exfiltration.”

SystemBC in Ryuk attack
Source: Sophos

Automated payload deployment

The ransomware operators use this persistent backdoor as a remote administration tool (RAT) together with the Cobalt Strike post-exploitation tool in the lateral movement stage of their attacks after gaining access to victims’ networks.

SystemBC is also used as a dedicated persistence and execution tool to automate various tasks including the deployment of the ransomware on network endpoints after exfiltrating stolen data.

Attackers also use it to execute commands on infected Windows devices sent over a Tor connection, as well as for delivering malicious scripts, dynamic link libraries (DLLs), and scripts that get automatically executed without requiring the operators’ manual intervention.

While these automation capabilities were originally designed to be used in mass exploitation attacks, RaaS operations have tweaked it to be used for mass deployment on the network of singular victims.

SystemBC
Source: Sophos

This enables the ransomware operators to manage attacks targeting multiple victims at a time, “allowing for hands-off deployment of ransomware using Windows built-in tools if the attackers gain the proper credentials.”

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Even though some Windows anti-malware tools detect and block SystemBC deployment attempts, ransomware gangs are still able to drop them on their targets’ networks by using legitimate credentials stolen in the initial stages of their attacks or by taking advantage of less capable antivirus solutions.

“The use of multiple tools in ransomware-as-a-service attacks creates an ever more diverse attack profile that is harder for IT security teams to predict and deal with,” Gallagher said.

“Defense-in-depth, employee education and human-based threat hunting are essential to detecting and blocking such attacks.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us