BlackBerry Vulnerability, DeepBlueMagic Ransomware, HolesWarm Malware, CISA Ransomware Guidance- Experts Comments

BACKGROUND:

BlackBerry has publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability. The vulnerability has left 200 million cars, along with critical hospital and factory equipment, vulnerable. CISA strongly encourages critical infrastructure organizations and other organization developing, maintaining, supporting, or using affected QNX-based systems, to patch affected products as quickly as possible.  

Experts Comments

August 20, 2021
Saumitra Das
CTO and Co-founder
Blue Hexagon

“QNX is the operating system of choice for embedded systems and is very widely deployed where real-time guarantees are needed in computing such as medical devices, robotics, cars, etc. This should be at the top of the list for patching and in the meantime, networks reachable from QNX devices should be extensively monitoring from a detection and response perspective to disrupt attacker kill chains. Attackers who are already inside the network may auction off their initial access to more

.....Read More

“QNX is the operating system of choice for embedded systems and is very widely deployed where real-time guarantees are needed in computing such as medical devices, robotics, cars, etc. This should be at the top of the list for patching and in the meantime, networks reachable from QNX devices should be extensively monitoring from a detection and response perspective to disrupt attacker kill chains. Attackers who are already inside the network may auction off their initial access to more sophisticated third parties who exploit this CVE.” 

"Researchers from Heimdal Security have uncovered a new ransomware strain named “DeepBlueMagic” which deletes Volume Shadow copy for Windows, making recovery nearly impossible without a decryption key. The malware was observed by Heimdal on an encryption tool from Jetico called BestCrypt Volume Encryption to start encryption on all drives, except the primary system drive (“C:\”), on an infected Windows Server 2012 R2 system."

“Ransomware actors are always looking at new methods to gain leverage to blackmail. The original leverage was just business downtime from drive encryption but currently it is common for attackers to do double extortion to exfiltrate data as well as encrypt. They can exfiltrate and sell data, name and shame the victim, or just disrupt their business like what can happen with this type of attack. Using deeper disk interfaces is an interesting addition to their toolkit of attacks which may help them from a disruption point of view.”

Researchers at Tencent have identified a malware which exploits unpatched Windows and Linux servers. HolesWarm, the botnet cryptominer, has already compromised 1,000-plus clouds since June and is being referred to as the “King of Vulnerability Exploitation”. The malware has leveraged more than 20 known vulnerabilities in Linux and Windows servers, and Tencent has warned that both government and enterprise should mitigate known vulnerabilities as soon as possible to prevent from falling prey to the next HolesWarm attack."

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.