![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
New Delhi: Microsoft<\/a> has warned customers about a new crypto mining malware that can steal credentials, remove security controls, spread via emails and ultimately drop more tools for human-operated activity.
Called 'LemonDuck<\/a>', the crypto mining malware is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.
\"LemonDuck's threat to enterprises is also in the fact that it's a cross-platform threat. It's one of a few documented bot malware families that targets Linux systems as well as Windows devices,\" warned Microsoft 365 Defender Threat Intelligence Team.
The malware can quickly take advantage of news, events, or the release of new exploits to run effective campaigns.
\"For example, in 2020, it was observed using Covid-19-themed lures in email attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems,\" Microsoft informed.
This threat, however, does not just limit itself to new or popular vulnerabilities.
It continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.
\"Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access,\" said the company.
In the early years, LemonDuck targeted China heavily, but its operations have since expanded to include many other countries the US, India, Russia, China, Germany, the UK, Korea, Canada, France, and Vietnam.
\"Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilises the credentials present on the device,\" the Microsoft team said.
The script instructs the mailbox to send copies of a phishing message with preset messages and attachments to all contacts.
Because of this method of contact messaging, security controls that rely on determining if an email is sent from a suspicious sender don't apply.
\"This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls,\" the company suggested.
Last Monday, US President Joe Biden's administration finally came out publicly against China's involvement in cybercrimes, accusing it of running a massive global operation of \"state-sponsored activities\" causing billions of dollars of losses to victims.
In a show of solidarity indicating the serious global repercussions, all the 30 NATO allies and the European Union, Australia, New Zealand, and Japan joined in indicting Beijing.
Secretary of State Antony Blinken said that the US and its allies had \"formally confirmed\" that China's Ministry of State Security (MSS) used the vulnerabilities in the Microsoft Exchange Server \"in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims\".
<\/body>","next_sibling":[{"msid":84726075,"title":"The week that was in 10 stocks: New debutants fly high; telcos bled most","entity_type":"ARTICLE","link":"\/news\/the-week-that-was-in-10-stocks-new-debutants-fly-high-telcos-bled-most\/84726075","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":84727433,"entity_type":"ARTICLE","title":"New crypto malware targeting Windows, Linux systems: Microsoft","synopsis":"Called 'LemonDuck', the crypto mining malware is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.","titleseo":"telecomnews\/new-crypto-malware-targeting-windows-linux-systems-microsoft","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":341,"shares":0,"engagementtimems":1250000},"Alttitle":{"minfo":""},"artag":"IANS","artdate":"2021-07-25 15:05:12","lastupd":"2021-07-25 15:10:42","breadcrumbTags":["crypto malware","Lemonduck malware","Microsoft Windows","lemonduck","yrpto mining","Microsoft","international","Internet","cryptocurrency news","Windows crypto malware"],"secinfo":{"seolocation":"telecomnews\/new-crypto-malware-targeting-windows-linux-systems-microsoft"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-07-25" data-index="article_1">
- Telecom乐动扑克News
- 2分钟阅读
新密码恶意软件针对Windows、Linux系统:微软
叫做“LemonDuck”,加密矿业恶意软件是针对Windows和Linux系统,通过网络钓鱼电子邮件传播,利用,USB设备和蛮力攻击在不同的国家,包括印度。
读到
新德里消息:微软警告客户关于一个新的加密矿业恶意软件,可以偷凭证,消除安全控制,通过电子邮件传播,最终下降更多的工具,有人驾驶的活动。
名为“LemonDuck,加密矿业恶意软件是针对Windows和Linux系统,通过网络钓鱼电子邮件传播,利用,USB设备和蛮力攻击在不同的国家,包括印度。
“LemonDuck威胁企业也在这一事实是一个跨平台的威胁。的几个僵尸木马记录家庭目标Linux系统以及Windows设备,”微软365年后卫威胁情报小组警告说。
恶意软件可以迅速利用新闻,事件,或释放新的利用运行有效的活动。乐动扑克
”例如,在2020年,观察使用Covid-19-themed鱼饵在电子邮件攻击。在2021年,它利用新补丁的Exchange服务器漏洞获得过时的系统,“微软的信息。
这一威胁,然而,并不仅仅限制新的或受欢迎的漏洞。
继续使用旧的漏洞,对攻击者的时候重点转向修补一个受欢迎的漏洞,而不是调查妥协。
“值得注意的是,LemonDuck删除其他攻击者从受损设备摆脱竞争对手的恶意软件和防止新的感染修补漏洞曾经获得相同,”说,该公司。
最初几年,LemonDuck针对中国,但其业务已经扩大到包括许多其他国家美国、印度、俄罗斯、中国、德国、英国、韩国、加拿大、法国和越南。
“一旦进入一个系统,一个前景邮箱,作为正常的一部分,剥削行为,LemonDuck试图运行一个脚本,该脚本利用的凭证在设备上,“微软团队说。
脚本指示邮箱与预设钓鱼消息的副本发送消息和附件所有联系人。
因为这个消息的联系方法,依赖于确定的安全控制发送一封电子邮件从一个可疑的发送者不适用。
“这意味着电子邮件安全策略,减少扫描或覆盖内部邮件需要重新评估,作为发送邮件通过接触刮非常有效地绕过邮件控制,”该公司表示。
上周一,美国总统乔•拜登(Joe Biden)政府终于公开反对中国的参与网络犯罪,指责它运行一个大规模的全球行动的“国家资助活动”向受害者造成数十亿美元的损失。
以示团结表示严重的全球影响,所有的30个北约盟国和欧盟、澳大利亚、新西兰和日本在北京起诉加入。
国务卿安东尼布林肯说,美国及其盟友已经“正式确认”,中国国家安全部(MSS)使用Microsoft Exchange服务器中的漏洞”的大规模的网络间谍行动,肆意破坏成千上万的计算机和网络,大多属于私人部门的受害者”。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动