CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

admin by admin
January 7, 2023
in Information Security


Jan 06, 2023Ravie LakshmananEndpoint Security / Cyber Threat

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.

“While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform,” the tech giant’s Security Threat Intelligence team said in a Thursday report.

The initial vector for these ransomware families involves what the Windows maker calls “user-assisted methods,” wherein the victim downloads and installs trojanized applications.

Alternatively, it can also arrive as a second-stage payload that’s dropped by an already existing malware on the infected host or as part of a supply chain attack.

Irrespective of the modus operandi employed, the attacks proceed along similar lines, with the threat actors relying on legitimate operating system features and exploiting vulnerabilities to break into the systems and encrypt files of interest.

This includes the use of the Unix find utility as well as library functions like opendir, readdir, and closedir to enumerate files. Another method touched on by Microsoft, but not adopted by the ransomware strains, entails the NSFileManager Objective-C interface.

KeRanger, MacRansom, and EvilQuest have also been observed to utilize a combination of hardware- and software-based checks to determine if the malware is running in a virtual environment in an attempt to resist analysis and debugging attempts.

Ransomware Families Targeting macOS Systems

KeRanger, notably, employs a technique known as delayed execution to escape detection. It achieves this by sleeping for three days upon its launch before kick-starting its malicious functions.

Persistence, which is essential to ensuring that the malware is run even after a system restart, is established by means of launch agents and kernel queues, Microsoft pointed out.

While FileCoder uses the ZIP utility to encrypt files, KeRanger uses AES encryption in cipher block chaining (CBC) mode to achieve its goals. Both MacRansom and EvilQuest, on the other hand, leverage a symmetric encryption algorithm.

EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software.

It also packs in capabilities to execute any file directly from memory, effectively leaving no trace of the payload on disk.

“Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets,” Microsoft said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Eradicate “IT Business Alignment” – How to Empower a Data-Driven Partnership

Next Post

Initiatebodoversight ~ Future of CIO

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Initiatebodoversight ~ Future of CIO

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.