CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

admin by admin
January 7, 2023
in Information Security


Jan 06, 2023Ravie LakshmananEndpoint Security / Cyber Threat

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.

“While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform,” the tech giant’s Security Threat Intelligence team said in a Thursday report.

The initial vector for these ransomware families involves what the Windows maker calls “user-assisted methods,” wherein the victim downloads and installs trojanized applications.

Alternatively, it can also arrive as a second-stage payload that’s dropped by an already existing malware on the infected host or as part of a supply chain attack.

Irrespective of the modus operandi employed, the attacks proceed along similar lines, with the threat actors relying on legitimate operating system features and exploiting vulnerabilities to break into the systems and encrypt files of interest.

This includes the use of the Unix find utility as well as library functions like opendir, readdir, and closedir to enumerate files. Another method touched on by Microsoft, but not adopted by the ransomware strains, entails the NSFileManager Objective-C interface.

KeRanger, MacRansom, and EvilQuest have also been observed to utilize a combination of hardware- and software-based checks to determine if the malware is running in a virtual environment in an attempt to resist analysis and debugging attempts.

Ransomware Families Targeting macOS Systems

KeRanger, notably, employs a technique known as delayed execution to escape detection. It achieves this by sleeping for three days upon its launch before kick-starting its malicious functions.

Persistence, which is essential to ensuring that the malware is run even after a system restart, is established by means of launch agents and kernel queues, Microsoft pointed out.

While FileCoder uses the ZIP utility to encrypt files, KeRanger uses AES encryption in cipher block chaining (CBC) mode to achieve its goals. Both MacRansom and EvilQuest, on the other hand, leverage a symmetric encryption algorithm.

EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software.

It also packs in capabilities to execute any file directly from memory, effectively leaving no trace of the payload on disk.

“Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets,” Microsoft said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Eradicate “IT Business Alignment” – How to Empower a Data-Driven Partnership

Next Post

Initiatebodoversight ~ Future of CIO

Related Posts

Information Security

Okta Discloses Broader Impact Linked to October 2023 Support System Breach

by admin
November 29, 2023
Information Security

Security at multiple layers for web-administered apps

by admin
November 29, 2023
Information Security

Non-delivery and non-payment scams top the charts in holiday fraud

by admin
November 29, 2023
Information Security

N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

by admin
November 28, 2023
Information Security

Introducing new central configuration capabilities in AWS Security Hub

by admin
November 28, 2023
Next Post

Initiatebodoversight ~ Future of CIO

Recommended

Okta Discloses Broader Impact Linked to October 2023 Support System Breach

November 29, 2023

Security at multiple layers for web-administered apps

November 29, 2023

Non-delivery and non-payment scams top the charts in holiday fraud

November 29, 2023

Using AI to Improve ITSM Processes

November 28, 2023

N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

November 28, 2023

Introducing new central configuration capabilities in AWS Security Hub

November 28, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.