Search This Blog

Showing posts with label Internet Explorer. Show all posts

Maze Ransomware and its Various Campaigns Continue to Threaten the Cyber World


Ever since this year began, the Maze ransomware has been hitting headlines. Recently researchers discovered more samples of Maze in numerous industries making it one of the major threats for the cyber-world.

Another form of the "ChaCha" ransomware, Maze surfaced in mid-2019 and has been wreaking havoc ever since, across continents and any organization it could get it hands-on.

Per sources, Maze is most usually dispensed by way of emails loaded with malicious Exel and Word attachments. But that’s not the only method of distribution.

According to reports, cyber-criminals also use “exploit kits” by the name of “Spelevo”. Sources mention that in previous cases it has been used to exploit Flash Player vulnerabilities, CVE-2018-15982 and CVE-2018-4878. Other exploits that Maze has abused include CVE-2018-8174 (Internet Explorer) and CVE-2018-1150 (Pulse VPN).

Maze ransomware initially tries to get a strong idea of the target device’s internal surroundings and begins to create a place for itself. Once that’s done it tries to access user privileges to carry lateral movements and kick start the file encryption throughout drives. But, before the encryption, files are exfiltrated so as to be used for future compulsion in any way possible.

If the security system of a device isn’t laden with necessary protective gauges it could possibly crash completely under the pressure of Maze ransomware. The infection could put sensitive information at large and incapacitate operations almost killing the company’s finances.

Per sources, Maze ransomware has shown its hold across industries like construction, education, energy, finance, government, healthcare, hospitality, law, life sciences, media and communications, pharma, technology, and telecommunications. McAfee, in March, made available a detailed report about the Maze ransomware.

According to a report, there’s an “Anti-Ransomware Protection module” which hunts ransomware related encryption-based activities. It allows users to keep track of the activities.

Per sources, lately, Maze ransomware was spotted compromising several IT service providers. It also set up a footing in another victim device’s network via insecure Remote Desktop Protocol or by using brute-force on the account of the local administrator.
Cloud backups too aren’t safe from the Maze ransomware because they are widely tracked on the vulnerable networks. With the login credentials, all backed-up data could be sent to the threat-actors via a server under their control.

The solution for any such occurrences is as repetitive as ever; stronger security mechanisms, better passwords especially remote systems with remote access possibilities and of course, heftier protection measures.



Internet Explorer Targeted by North Korean Hackers: How to Stay Safe?



In a recent cybersecurity issue, some hackers from North Korea are attacking Internet Explorer by exploiting a vulnerability, which is said to be a zero-day flaw. The company Microsoft has not yet spoken on the issue and is still silent. 



Users should immediately stop using Internet Explorer for a while to stay safe from the hackers, suggest cybersecurity experts. If the users still prefer to use Microsoft software, they can download the latest Edge Browser by Microsoft. The Edge browser is safe from the attack as well as offers a better user experience while browsing than Internet Explorer. Other secured browsers include Google Chrome and Mozilla Firefox.

But if the users still want to use the traditional software, cybersecurity experts at Tom's Guide suggest downloading a limited time user account that is safe for any software modification.

Microsoft has scheduled to release its next security patch, not until the 11th of February, therefore, its a long wait before the latest update is issued.

Microsoft reveals the Flaw-

In an online advisory published on 17th January, Microsoft explained the vulnerability, saying the flaw allows the hacker to corrupt the memory and perform arbitrary coding. If achieved successfully, the hacker has full access to the system, the same as the genuine user.

"Let us imagine a scenario where the hacker hosts a website on the web, which is specially made to exploit the vulnerability via Internet Explorer, in this case, the hacker can lure the user to visit the website by sending him emails," says Microsoft.

Once the hacker has access to the admin user rights, the user system is hacked and the hacker has command over the system. He can modify the programs, install or delete any existing software or worse, delete important data.

The hackers are likely to be from North Korea-

One should not ignore this vulnerability because it has ties to hackers from North Korea. The attack on Internet Explorer seems to be similar to the one that affected the Mozilla firefox. Researchers at Qihoo 360 discovered the attack and accused Darkhotel, a group of hackers from North Korea, for carrying out this activity.

Microsoft Advises Its Users to Stop Using Its Legacy Internet Explorer Web Browser


Microsoft's cyber security expert Chris Jackson advises users to quit utilizing the 'legacy' internet browser, which Microsoft formally ended in 2015 encouraging them to move to a much more 'modern browser' that is fully informed regarding current web guidelines as well as standards.

In a blog entry post the 'Perils of using Internet Explorer as your Default Browser ' Jackson clarified with explanation with several reasons as to why the users should switch.

“Internet Explorer is a compatibility solution, we're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers.”


'...As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web,' he adds later.

While he includes further that it's commonly fine for users to utilize Internet Explorer in an undertaking situation, yet they would secure themselves better on the off chance if they change to a more up to date browser.