WHAT ARE MALWARE?
Malware is basically ‘MALicious softWARES’ which are used intentionally to cause damage to systems and networks.
What Are Malware Threats?
In simple terms, a threat is thus a potential of having a breach.
Altogether MALWARE THREATS are a chance of having a potential breach due to a particular vulnerability or flaw in the system or network.
How is malware introduced into systems or networks?
- Due to a vulnerability in the system or network.
- thus, By phishing emails(Social Engineering).
- Due to downloads from malicious sites.
- Installation of cracked software.
however, There are various possibilities for how malware can be introduced into a system or network.
so, Let’s look at some of the most common types of malware:-
MALWARE THREATS BASED ON HIGH SEVERITY
OPERATION NORTH STAR
In the year 2020, the ATR team discovered a series of malicious documents containing job postings taken from leading defense contractors. Basically, these malicious documents were sent to targets (victims).
These malicious documents installed data gathering implants in the victim’s system.
The targets of these attacks were known to be highly skilled people. as of now, there is no clearance about the victim’s campaigns.
Observed Countries:
United States, Germany, Isreal, India, Spain, Italy, Luxembourg, turkey, Estonia, United Kingdom, Chile, Ukraine, Denmark, Mexico, United Arab Emirates.
Observed Sectors:
The unknown sector, retail, Transportation, and Shipping.
PAY2KEY RANSOMWARE
This malware seems to infect the target via insecure RDP connections and propagate through the network via PsExec.The encryption of the data is based on AES and RSA algorithms, with an RSA key supplied by the C2 server at runtime during communication. Mainly the companies in Israel and Europe were affect by this malware. As the days go by, many more companies are getting affect by this malware.
Observed Countries:
India, Turkey, Italy, United States, Chile, Israel, Mexico.
Observed Sector:
The unknown sector, Utilities, Retail.
Connecting vatet, PyXie, and Defray777
These three malware families are attributed to the financially motivate threat group refer GOLD DUPONT. The malicious software refer as valet loader, PyXie Remote access tool, and Defray777 ransomware is the tool components use to carry out the attack.
The Defray777 ransomware family is also refer as RansomX and RansomEXX was recently port to Linux, giving the attacker another platform for infection.
These threat groups target various entities like Government, healthcare, Schools, and industries.
Observed Countries:
United States, Ireland, Brazil, Germany, Isreal, India, Spain, Italy, Luxembourg, turkey, Estonia, United Kingdom, Thailand, South Africa, France, Switzerland, Peru, Hungary Ukraine, United Kingdom, Mexico.
Observed Sector:
The Unknown sector, Utilities, Retail.
RansomwareEXX
This ransomware started targetting companies in mid-2020 it shares commonalities with Defray777. It started spreading a Linux variant basically the Linux version is ransomware. If the victim pays the ransom they will receive the decryptor. The Linux version namely ‘decryptor64’ and is a command-line decryptor.
Observed Countries:
United States, Germany, Isreal, India, Spain, Italy, Luxembourg, Ukraine, Mexico, Canada.
Observed Sectors:
Various Sectors
REFERENCES:
- https://us.norton.com/internetsecurity-malware-what-is-a-computer-worm.html
- https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-fileless-malware.html
- https://en.wikipedia.org/wiki/Malware
- https://www.macafee.com/
written by: Karthik Jogi
Reviewed By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs