New Xbash Malware: A Deadly Fusion of Ransomware, Botnet, Cryptominer

With cryptocurrency once again making the headlines, a new malware called Xbash has been found at Palo Alto Networks by the researchers. The malware is reported to be a deadly fusion of botnet, ransomware and cryptocurrency mining software.

The probable targets of Xbash are – servers running on Windows or Linux, it attacks poorly protected systems with weak passwords or devices functioning with unpatched known vulnerabilities.

Notably, the lethal combo comes with a customized execution based on the OS it is crippling. Dissecting it a bit, it targets Windows for cryptocurrency mining and self-propagation and Linux devices are vulnerable to Xbash’s ransomware threat which creates botnets.

The ransomware mildly assaults the victims by first encrypting a file of theirs and then with an unreliable claim of restoring the same at expenses.

Boring a startling likeness to the infamous NotPetya, Xbash too suffers a deficiency of features to assist the restoration of data. For the release of the file held captive, it asks for a ransom, however, the file continues being encrypted even after the payment has been made.

Reportedly, so far the criminals have seized a sum of $6,000 in Bitcoin from the 48 systems who succumbed to the malware. Thus, labeling Xbash as a mere ransomware won’t sum its objective up, which apparently is an irrevocable ruination of victim’s data.

Xbash is equipped with features that allow (once enabled) it to compromise an organization’s intranet. Its potential of compromising networks and equipping attackers to tamper with an organization’s major services is what elevates its rank further on the scale of danger.

First spotted in May 2018, Xbash is an 'Iron Group' manufactured malign creation. Reportedly, the entity is associated with other ransomware attacks as well.

Currently found in 4 different versions with distinct codes and timestamps, it is believed that Xbash is still under development which further implies that the attackers are strengthening the foundation by embedding more lethal functionalities in the malware or perhaps simplifying the intranet attack.

Irrespective of the scenario, users are advised to perform timely backups for crucial data and take preventive measures wherever necessary.  

Quick Heal finds over 180 million threats to Windows OS

Global Internet security firm Quick Heal Technologies has detected more than 180 million threats on desktops and laptops with Windows Operating System in India.

According to the quarterly threat report released by the firm on Wednesday, more than 2 million malware, 16,000 ransomware, 13,000 crypto-mining malware, 141,000 exploits, and 40,488 potentially unwanted applications (PUAs) and adware are detected on a daily basis.

“More than 18 crore threats were detected on Windows devices of individual and enterprise users between April and June 2018. May was the busiest month, with more than 74 million incidents detected, followed by April and June that witnessed 55 million and 51 million detections respectively,” a Quarterly Threat Report 2018 said.

“The absence of appropriate cybersecurity measures has also made users and businesses across India more vulnerable to emerging threats,” it further added.

Joint Managing Director and Chief Technology Officer, Sanjay Katkar said in a statement, "Cybercriminals are at a completely different level today than they were a few years ago. They are using novel technologies to drive increasingly-complex attacks and are targeting larger user bases."

"The latest threat report highlights this risk that individuals and businesses in India currently face with this evolution of the threat landscape," Katkar said.

The Trojan Horse families have registered a quarter-on-quarter growth of four percent in the second quarter of 2018 and remained the most dominant malware in this quarter also.

“Individual users and businesses across India need to understand the massive risk that they are exposed to at present. Ignorance is not a viable cybersecurity strategy. The need of the hour is to drive large-scale adoption of cutting-edge security solutions such as those offered by Quick Heal and Seqrite,” he said.

However, the rise of cryptojacking remains the biggest worry, as it is getting direct monetary benefits to cybercriminals.

“Cryptojacking attacks remain undetected for a long time and can often be used as a platform to launch other complex attacks…over 3 million cryptojacking hits were detected till May 2018, with the number of active mobile cryptojacking variants increasing to 25,” the report said.

Dark Mode On WhatsApp!

In its next software update, WhatsApp is all set to let loose to the world, fresh features like Dark Mode which would turn the icons and the screen to a darker shade and would boost the battery life.

Renewed features of this super trendy app will help make late-night texting easier for the eyes and it aims to cut the blue light which can lead to sleeping disorders. This mode is already prevalent in other smartphone apps. The Dark mode which is also called a dark theme changes the default colour scheme.

Given the habit of going through WhatsApp’s beta code customarily just to hunt for new feature updates, WABetsInfo was the publication that had leaked the information about the Dark Mode scheme. The dark mode which according to the publication is a dream, as mentioned via Twitter, does not just save the eyes, but is a major battery Saviour and helps the battery to last longer.

Devices with the OLED screen would pick up the feature in a way that the blacks displayed on the screen won’t activate individual pixels leading to a lot less power consumption.

The latest beta version included the dark mode but there is no assurance of its being available to the user’s worldwide as on a daily basis a lot of contemporary features are tried out but never make it to the final version of the update.

Despite all that’s being said, WhatsApp hasn’t made an official statement on the issue. Only when the update is finally installed would the questions that exist, be answered. 

Students, staff may be behind many college cyber-attacks

A security analysis of cyber-attacks against universities and colleges in the UK has discovered staff or students could often be responsible, rather than organised crime or hacking groups who are often blamed for these cyber attacks.

Attributing cyber attacks is often a difficult task but Jisc, a government-funded digital support service for higher education that provides cyber-security has examined the timing of 850 attacks in 2017-18 and found that Distributed Denial of Service (DDoS) attacks against university campuses are more likely in term time and during the working day and dramatically drop when students are on holiday.

They increased from 8 or 9am and then tailed off in the early afternoon. There was a very sharp decline in attacks in the Christmas, Easter and summer breaks and during half-terms - with attacks rising again sharply when terms resumed.

Rather than criminal gangs or agents of foreign powers, the findings suggest many of the attacks on universities and colleges are more likely to have been caused by disgruntled staff or students wanting to provoke "chaos".

While the research paper notes that in many cases the reasons behind these DDoS campaigns can only be speculated about, just for fun, for the kudos and to settle grudges are cited as potential reasons.

"This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle. Or perhaps the bad guys simply take holidays at the same time as the education sector," said John Chapman, head of security operations at Jisc (formerly the Joint Information Systems Committee).

In one case, a DDoS attack against a university network which took place across four nights in a row was found to be specifically targeting halls of residence. In this instance, the attacker was launching an attack in order to disadvantage a rival in online games.

"It's notoriously difficult to identify individual cyber-criminals," says Chapman.

Investing in the digital economy - A Special communication network for Russian officials

The Russian government approved the national program "Digital economy" and allocated 1 trillion rubles (217 billions $) from the Federal budget for the implementation of the presidential task — in six years to triple domestic investment in the digital economy, to create a modern, safe and accessible to all IT-structure, to transfer state agencies mainly to Russian software.

In other words, the government decided to move from the category of countries with developing economies to the list of developed economies at the expense of IT-projects.

It is interesting to note that experts have already begun work on the creation of a wireless network for officials and representatives of law enforcement agencies. It should appear by 2024. You can find this proposal in the passport of the national program "Digital economy."

The network will use LTE-450 technology, which is characterized by high-speed and low latency data transmission. Devices in this range can work walkie-talkies, as well as transmit video.

By the way, for the operation of the announced network requires a frequency range of 450MHz, which uses the company Tele2. Tele2 representatives say that the company is ready to take part in the project and now they are discussing it with the authorities.

The passport of the "Digital Economy" does not say how much money will be required to create a communication network.