AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

LockBit's tenacious activity despite global investigations

Challenges and countermeasures in the war against the LockBit cyber criminal group

LockBit, a cybercriminal group, continues to launch attacks despite international legal action. Security specialists have discovered new vulnerabilities exploited by the group and Trend Micro analyzes an advanced version of their malware.

This pill is also available in Italian language

Despite the recent Operation Cronos, which led to significant action against the LockBit cyber criminal group, a resurgence of their malicious activity has been detected. The Sophos and Huntress security teams highlighted new attacks linked to this group within 24 hours, indicating the use of exploits for critical vulnerabilities in Connectwise's ScreenConnect application, tracked as CVE-2024-1708 and CVE-2024-1709. ConnectWise has already released updates to mitigate these system weaknesses. Huntress researcher John Hammond mentions attacks on entities such as veterinary clinics and local government offices.

Attribution of attacks remains complex

Security experts could not confirm whether the recent attacks use the original version of LockBit or an "unofficial" variant that spread in 2022. The proliferation of malware versions outside the control of the original creators makes it difficult to trace malicious campaigns to the source principal. This situation confirms the resilience of LockBit, also following the joint efforts of law enforcement authorities at the international level.

LockBit: Persistence despite international operations

The breadth of LockBit's infrastructure, its affiliates and global reach, highlights the fact that law enforcement efforts may not have been sufficient to completely extinguish the threat. The latest attacks could be interpreted as a demonstration that the group has the ability to continue its criminal actions despite the obstacles encountered.

Trend Micro analyzes a new version of LockBit

Security company Trend Micro has obtained a sample of an upcoming version of the LockBit malware (presumably LockBit 4.0), developed in .NET, compressed with MPRESS and compiled using CoreRT, different from the previous one made in C/C++. While some features from previous versions are missing, the code appears to be at an advanced stage of development. This discovery constitutes a further step forward after the Cronos operation, allowing the authorities to deepen the analysis of this criminal phenomenon.

Follow us on Twitter for more pills like this

02/25/2024 13:53

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report