The findings were made public earlier this
week in two separate advisories issued by the cyberspace protection team.
The first cyber danger is the ‘Lokilocker’
ransomware, which can wipe data from any version of Windows system or platform.
It results in data loss and denial of service (DoS), lowering user
productivity.
Lokilocker is a ransomware that encrypts
user files and renders the compromised machine useless if the victim does not
pay the requested ransom in time.
The NCC CSIRT made these statements in a
press release: “To protect against infections by Lokilocker and similar
ransomware, the best rule is to always have a backup copy of your data, which
should be stored offline,” the advisory stated.
The ransomware hides its harmful activity
by displaying a phony window update page, canceling particular programs and services,
and entirely disabling the affected system’s task manager, windows error
reporting, machine firewall, and windows defender.
Unfortunately, it features built-in
mechanisms that inhibit data recovery by deleting backup files, shadow copies,
and system restore points. It also updates original equipment manufacturer
(OEM) information in the infiltrated system’s registry and overwrites the user
login note.
In addition to CSIRT remarks, all downloads
and email attachments should be approached with caution, even if they come from
reputable sources. “Users should also ensure their attachments are scanned with
an up-to-date antimalware solution, before opening,” they added.
The NCC CSIRT has uncovered a Botnet that
targets Microtik Routers as the second cyber threat. Thousands of routers from
Microtik that have been determined to be susceptible are being utilized to form
one of the largest botnets in history, according to CSIRT.
Due to a directory traversal vulnerability
in the WinBox interface, this botnet leverages an already-known vulnerability
that allows unauthenticated remote attackers to read arbitrary files and
authenticated remote attackers to write arbitrary files. The previously
exploited weakness allowed the attackers to enslave all of the routers and then
rent them out as a service.
In accordance with new research published
by Avast, a cryptocurrency mining campaign taking advantage of the newly
disrupted Glupteba botnet as well as the famed Trickbot malicious software was
found to have been disseminated by the very same command-and-control (C2)
server.
The C2 server functions as
botnet-as-a-service, which controls nearly 230,000 vulnerable MicroTik routers.
The Botnet, however, has been linked to what is now called the Meris Botnet.
Bypass authentication, data loss, denial of
service, remote code execution, sniffer password, and unauthorized access are
among the threats emerging from the botnet. These circumstances put victims of
this cyber threat at risk of malware dissemination, bitcoin mining (which
consumes more system resources), remote code execution, and data theft.
To stay safe from the botnet, NCC CISRT
advised users to update or apply the latest patches to their routers as soon as
they become available, create strong router passwords, hide the router
administration interface from the public, avoid illegitimate or cracked
software versions of legitimate applications, and use decent antivirus software
with built-in web-filtering, and apply the latest patches as soon as they
become available.