AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

LockBit's tenacious activity despite global investigations

Challenges and countermeasures in the war against the LockBit cyber criminal group

LockBit, a cybercriminal group, continues to launch attacks despite international legal action. Security specialists have discovered new vulnerabilities exploited by the group and Trend Micro analyzes an advanced version of their malware.

This pill is also available in Italian language

Despite the recent Operation Cronos, which led to significant action against the LockBit cyber criminal group, a resurgence of their malicious activity has been detected. The Sophos and Huntress security teams highlighted new attacks linked to this group within 24 hours, indicating the use of exploits for critical vulnerabilities in Connectwise's ScreenConnect application, tracked as CVE-2024-1708 and CVE-2024-1709. ConnectWise has already released updates to mitigate these system weaknesses. Huntress researcher John Hammond mentions attacks on entities such as veterinary clinics and local government offices.

Attribution of attacks remains complex

Security experts could not confirm whether the recent attacks use the original version of LockBit or an "unofficial" variant that spread in 2022. The proliferation of malware versions outside the control of the original creators makes it difficult to trace malicious campaigns to the source principal. This situation confirms the resilience of LockBit, also following the joint efforts of law enforcement authorities at the international level.

LockBit: Persistence despite international operations

The breadth of LockBit's infrastructure, its affiliates and global reach, highlights the fact that law enforcement efforts may not have been sufficient to completely extinguish the threat. The latest attacks could be interpreted as a demonstration that the group has the ability to continue its criminal actions despite the obstacles encountered.

Trend Micro analyzes a new version of LockBit

Security company Trend Micro has obtained a sample of an upcoming version of the LockBit malware (presumably LockBit 4.0), developed in .NET, compressed with MPRESS and compiled using CoreRT, different from the previous one made in C/C++. While some features from previous versions are missing, the code appears to be at an advanced stage of development. This discovery constitutes a further step forward after the Cronos operation, allowing the authorities to deepen the analysis of this criminal phenomenon.

Follow us on WhatsApp for more pills like this

02/25/2024 13:53

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises