Posted on June 23, 2020 at 1:09 PM
The US Department of Homeland Security warned last week that cybercriminals are using remote desktop servers to launch an attack on data centers.
To make sure their activities are more difficult to uncover, the hackers are using Java to write their malware, which is a language antivirus software generally bypass when scanning for malware.
The agency also said the situation cannot be remedied simply by restoring data from backup because of the level of access gained before deploying ransomeware.
Attackers use highly sophisticated mechanism
The malware, known as Tycoon, was uncovered by the KPMG and Blackberry team. According to the security researchers, it uses Java image format to spread ransomware to both Linux and Windows servers.
“Java uses that format internally to share functionality and share code to be used by developers,” the research team stated.
The hacking approach by the attackers shows they use highly complex and sophisticated mechanism for their hacking activities. The research team also pointed out that it’s the first time a malware is utilizing the Java JImage format to establish a built-in malicious Java Runtime Environment.
Malware employed to cripple systems
According to the reports by the research team, the malware was utilized as part of a complex attack meant to target company services, cripple their system, and inflict more havoc as much as possible.
The ramsomware has an earlier version, which had a flaw. As a result, researchers were able to provide a system to help protect victims. But there is no known flaw in the new version, which makes it very difficult to discover and subdue.
Speaking about the malware, director of hunting and intelligence at Blackberry, Claudui Teodorescu, said companies can still get around and regain their files back from the previous version of the malware. But this latest version, without any flaw, makes it difficult to regain the files back.
He said the only two options for the affected company is to have a backup to restore from or meet to their demands by paying the ransom.
Upgrading to more modern endpoint
The security researchers advised that data center managers should not completely rely on antivirus companies to find out how to detect Java-based malware. Instead, they should upgrade their system to a more sophisticated endpoint response system. These systems are capable of detecting the behaviors of the malware to prevent their activities further.
Other Languages also targeted
While the KPMG and Blackberry team recently published full details about this malware, the malware has been existing and operational since late last year. But there is still a limited number of victims.
Some researchers have also reported that the malware may be available in other languages. According to Marcus Carey of ReliaQuest, and author of “Tribe of Hackers,” blocking the Java language is not a viable option, since Java is a prerequisite language for most systems and network to operate. When Java is blocked, that would mean denying their systems access to some programs written in Javas.
And it’s not the only language the hackers are using. Recently, Python, Powershell, and the new Golang programming language were utilized by hackers to conceal their activities while carrying out exploits.
Attacks on the rise
As more employees are working from home due to the COVID-19 pandemic, firms are expanding their utilization of remote access systems.
Apart from the remote desktop protocol servers, commercial remote desktops and virtual network computing are being used. These systems and networks are increasingly being used in today’s business environment. So, it’s no surprise that they are the subjects of malicious attacks as the attack vectors have put more efforts on these targets.
In most cases, the manufacturers and developers of these tools roll them out urgently, which bypasses some security protocols. As a result, it leaves them more vulnerable to hacking attack.
Consequently, attackers take advantage to launch series of attacks on unsuspecting victims to steal data and gain valuable information.