BlackByte ransomware hastens attacks

Recent intrusions by BlackByte 2.0 ransomware have been completed within a span of only five days, The Hacker News reports. Various tools and techniques have been leveraged by threat actors to achieve the abbreviated attacks, with vulnerable Microsoft Exchange Servers initially exploited to obtain initial network access wherein malicious activities could be conducted, a report from Microsoft's Incident Response team showed. After conducting encryption and avoiding detection through process hollowing and antivirus evasion, BlackByte 2.0 uses web shells with remote access and control to ensure system presence. Attackers were also observed to leverage Cobalt Strike beacons for command-and-control operations, "living-off-the-land" tools, and conduct volume shadow copy alterations, before distributing backdoors that ensure continued compromise. Such attacks should prompt organizations to strengthen their patch management policies to ensure timely security update application, as well as activate tamper protection that would bolster their security systems' defenses against attacks, according to Microsoft.