Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. This week a few quite chilling hacks appeared in my feed. They all may at first glance appear amusing but think how they could well have turned out…

In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage JScript launcher, how we extracted BlackByte binary from the second stage DLL, the inner workings of the ransomware, and our decryptor code. In this blog, we will detail how we analyzed and de-obfuscated the JScript launcher, BlackByte’s code, and strings.

Please click here for Part 2 UPDATE 19.October.2021 - Based on some reactions and responses to our BlackByte analysis, and specifically, the included decryptor, we wanted to provide an update and some clarification. First off, we’ve updated the decryptor on github to include two new files. One is the compiled build of the executable to make the tool more accessible and the second is a sample encrypted file “spider.png.blackbyte” that can be used to test the decryptor.

“Buy Now, Pay Later” (or BNPL) schemes are instant approval loans given at the point of sale on eCommerce websites. They are commonly seen on fashion websites, where shoppers are offered the chance to buy products right away and split the payment for their items over several months. Taking the FinTech world by storm in recent years, well-known BNPL providers include Klarna, Clearpay, Laybuy, Payl8r, Afterpay and Affirm.

A document sent to the US Congress published by Motherboard, the technology section of Vice, confirms that CIA personnel, the NSA and other members of the US Intelligence Community widely use ad blockers in their Internet browsers. This measure was adopted to remove the distraction of adverts on web pages for employees, but it provides additional protection against malware.

The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.

Can MDR solve the cybersecurity crisis? The short answer: Every generation has its take on how to do security. And each one thinks it has found the solution in new technology. In the 1990s, the LAN firewall rose to prominence, followed by refinements in the form of unified threat management (UTM) and next-generation firewalls (NGFW) that put even more traffic inspection barriers in the way of malware communication.

The cyberworld has witnessed and defended against several forms of attacks. Some of the most common ones known to disrupt a network include credential stealing, malware installations, worms and viruses, and insider threats. In order to execute these attacks successfully, attackers often use different tools and techniques. For instance, in a ransomware attack, an attacker may install malicious software to encrypt all the files and folders in your network and demand a ransom to recover the files.

The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email. Ransomware is then downloaded and the breach is underway.