An infamous crypto mining malware that was noted to prominence a few years ago is on the rise again, targeting Windows PCs (and Linux ones too) by focusing on older vulnerabilities that are now under major scrutiny by the security community. Can’t be. Called Lemonduck, the growing threat was recently reported by the Microsoft 365 Defender Threat Intelligence Team, and details how Lemonduck has evolved into a highly sophisticated malware — and today it is being used by threat actors to target companies with old, imperfect vulnerabilities in their systems.
Once shot, the results can be dire. According to Microsoft, LemonDuck’s capabilities include stealing key credentials from windows and Linux PCs, removing security controls to power down system administrators, spreading via email (in potential spear phishing attempts), and installing them in systems to enable further remote code execution (RCE) backdoors – so Something that can leave a computer completely open to an endless number of ransomware, spyware or other sophisticated cyber warfare tools.
Highlighting how serious and widespread the lemonduck threat can be, Microsoft Post The case says, “(LemonDuck) uses a wide range of dissemination mechanisms – phishing emails, exploits, USB devices, brute force, among others – and it has shown that it can be used to spread news, events, or releases quickly.” Can leverage. New exploits to drive effective campaigns. For example, in 2020, it was seen using Covid-19-themed lures in email attacks. In 2021, it tried to gain access to older systems. Took advantage of newly patched Exchange Server vulnerabilities.”
Alarmingly, Microsoft also revealed that the attackers initially focused largely on China, but India is now in the list of the top 10 most affected countries due to this malware. India follows the United States, Russia, China, Germany and the UK in the list of the top six countries targeted by the attackers. biggest target companies Being in the manufacturing and IoT sectors. The threat is compounded by an evolving malware infrastructure, which further increases the threat and difficulty for the cyber security community to deal with such incidents.
Microsoft also details the use of Lemoncat, a different but equally dangerous and highly developed targeted malware tool, which is being used in RCE attacks to set up backdoors in systems. The latter activity is a necessary gateway for threat actors, who can then use it to spy on users, deploy ransomware, steal sensitive data, and cyber blackmail for a wide range of malicious benefits.
Summarizing the growing threats to LemonDuck and LemonCat, Microsoft’s threat intelligence team states, “This threat is cross-platform, constantly evolving. Such research emphasizes the importance of broad visibility across a wide range of threats, as well as the ability to correlate simple, disparate activity such as coin mining to more dangerous adversarial attacks.”
The two malware, initially known for botnet and crypto mining attacks, are certainly not the last on the list of tools that can carry out devastating cyberattacks on important companies engaged in critical sectors. Given that older systems are one of the biggest tools through which these attacks spread, it is imperative for both users and IT administrators to implement immediate and immediate updates, which patch many vulnerabilities in systems that would otherwise be critically vulnerable. can come in contact with.
read all Breaking News, breaking news And coronavirus news Here
.