New IoT and ransomware threats headline this week's top stories. Plus a brand new malware course from eLearnSecurity.
eLearnSecurity releasing Malware Analysis Professional on May 19
With the rapid development of malware, many businesses are struggling to defend their network against malicious software and quickly analyze and eliminate attacks. With that in mind, eLearnSecurity is releasing our newest course, Malware Analysis Professional (MAP). MAP is an in-depth training course detailing how security professionals can dissect malware through static and dynamic analysis in order to understand the mechanics and purpose of malware strains.
MAP is an excellent addition to a blue team cyber security professional's arsenal and is also helpful for red teamers who are interested in a deeper understanding of malware. Join eLearnSecurity's cyber experts on Tuesday, May 19th at 1 pm for a webinar introducing Malware Analysis Professional. Live attendees will be eligible for exclusive giveaways and course discounts.
Kaiji IoT Malware Strain Uses Go and Brute Force to Attack Devices
A new strain of malware that attacks Internet of Things (IoT) connected devices is top of mind for many IoT security researchers. Kaiji, named after a Japanese manga comic book, attacks IoT devices and Linux-based servers with the intention of releasing distributed denial of service (DDoS) attacks. Written in the Go programming language and using brute force techniques, the new malware strain suggests a maturation in how cyber criminals create IoT botnets.
Bitnet Defender describes how Kaiji "targets servers and 'smart' internet-connected devices via SSH brute forcing, taking advantage of administrators who are using weak or recycled passwords."
What's interesting about Kaiji is that it was written in Go (or GoLang), a programming language originally developed by Google and now finding popularity with cyber criminals. Kaiji is still a young malware strain, currently too simple for sophisticated attacks. But researchers expect the IoT botnet to grow stronger as hackers experiment and tweak the code to attack more efficiently.
Organizations that allow employees to connect personal IoT devices to secure networks are vulnerable to even simplistic malware tactics. Too many people and admins use passwords that are easy to guess, and once one device is vulnerable, it's possible for an attacker to access sensitive information and intellectual property or even shut down a network.
New Ransomware LockBit Can Cripple a Network in Hours
Wired recently published an article on LockBit, a new entry in the growing Ransomware as a Service (RaaS) model that has proven successful for organized cyber criminals. While not as well known as ransomware competitors such as Ryuk, LockBit is gaining ground due to its quick attack method and automation. While Ryuk requires a human hacker and often hours or days of intel gathering once a network is infiltrated, LockBit's processes are manual and can spread laterally within hours.
As Wired notes, LockBit is also gaining market share because "using SMB, ARP tables, and PowerShell is an increasingly common way of spreading malware throughout a network, and with good reason. Because almost all networks rely on these tools, it's hard for antivirus and other network defenses to detect their malicious use."
Ransomware is evolving as criminal enterprises start to structure their organizations in a way that mirrors modern corporations. With their own sales teams, marketing, finance, and customer support, RaaS allows a lower barrier of entry for many criminals who lack the sophisticated knowledge to deploy ransomware as complex as LockBit. Businesses need to prepare for these organized attacks and cyber security professionals must stay up-to-date with the latest trends and training in order to stifle this growing industry.
CISO Magazine Interviews Malware Analysis Expert Shyam Sundar Ramaswami
Shyam Sundar Ramaswami understands the value of trending topics. In an interview published in CISO magazine, the lead security and threat research at CISCO discussed how malware exploits news trends such as pop culture and new technology to persuade unwitting victims to click on malware. Whether it's a website advertising a free version of the latest comic book movie or malicious emails announcing changes to necessary tax forms, cyber criminals understand the pathos of their victims and how to cater phishing emails to their wants and needs.
Ramaswami's interview gives insight into the importance of malware analysis–whether you're a business worried about the security of your network or a cyber security professional interested in expanding your skillset. With the increasing sophistication of criminal enterprises and more organizations relying on a BYOD (bring your own device) policy, bad actors have more vulnerabilities to exploit than ever before, relying on a general public that struggles to understand the difference between legitimate and malicious links.