There are many types of ransomware and they generally start with spam and then move to infect the system with ransomware.
As per a report published by the computing giant this week, the DEV-0569 cyberattack group, tracked by Microsoft Security Threat Intelligence, has been spotted enhancing its detection, detection evasion, and post-compromise payloads as it continues to advance its detection capabilities.
A specific characteristic of DEV-0569 is that it uses malvertising and phishing links in spam emails and fake forum pages to convince the recipient to download a malware downloader masquerading as a software installer or update, the Microsoft researchers added.
As a result of the group’s innovations in just a few months, the Microsoft team was able to observe the group’s actions. These included hiding malicious links in contact forms and burying fake installers on legitimate download sites. They also used Google ads to mask the group’s malicious activity through their advertising campaigns.
The Microsoft team explained that the malware payloads for DEV-0569 are encrypted and delivered as signed binaries, according to their report. In recent campaigns, the group has also been seen to use the open-source tool NSUDO in an attempt to disable antivirus solutions, as the group is well-known for relying heavily on defense evasion techniques to get around defenses.
DEV-0569 has proven successful, and Microsoft Security described the group as a platform where other ransomware operations can use DEV-0569 as an access broker.
Cyberattacks: How Ingenuity Can Counter Them
Apart from the new tricks, Mike Parkin, senior technical engineer at Vulcan Cyber, notes that the threat group effectively adjusts its campaign tactics along the edges. Despite this, they depend on users making mistakes during the process. The key to ensuring a successful defense program is to educate the user, according to Mike Parkin.
Dark Reading reports that the phishing and malvertising attacks reported here entirely depend on the user interacting with the lure to make the attacks successful. As a consequence, when the user does not interact with the system, there is no security threat.
Read the full article here