Talos researchers wrote that almost immediately after Dark Utilities was established, they saw malware samples in the wild using the service to establish C2 communications channels and remote access capabilities on infected Windows and Linux systems.
The platform uses InterPlanetary File System peer-to-peer networking for hosting the payloads to make them more persistent, easier to hide, and more difficult to take down. Cybersecurity vendor Trustwave last month wrote about how threat groups are increasingly taking advantage of theIPFS is"explicitly designed to prevent centralized authorities from taking action on content hosted there," the Talos researchers wrote.
Once the OS is chosen, a command string is created that the attackers will embed into PowerShell or Bash, according to Talos. To gain persistence, the payload creates a Registry key for Windows systems or a Crontab entry or a Systemd service on Linux machines. Given how quickly Dark Utilities has been able to collect users in a short amount of time – and how likely it is to attract many more the coming months –"organizations should be aware of these C2aaS platform and ensure they have security controls in place to help protect their environments," the researchers wrote.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: pcgamer - 🏆 38. / 67 Read more »
Source: Glasgow_Times - 🏆 76. / 59 Read more »
Source: Daily_Record - 🏆 9. / 89 Read more »
Source: digitalspy - 🏆 56. / 63 Read more »
Source: Daily_Record - 🏆 9. / 89 Read more »