{"id":1492,"date":"2024-12-13T12:09:17","date_gmt":"2024-12-13T12:09:17","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1492"},"modified":"2024-12-13T12:09:17","modified_gmt":"2024-12-13T12:09:17","slug":"new-windows-drive-by-security-attack-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/","title":{"rendered":"New Windows Drive-By Security Attack\u2014What You Need To Know"},"content":{"rendered":"<p><span style=\"color: #000000;\">Although little is known, in truth, about a cybercriminal actor employing what has become known as the Cloak ransomware threat, the group has risen rapidly to gain status as a significant player in the ransomware landscape since first emerging in 2022. Threat researchers at Halcyon have now\u00a0<a class=\"color-link\" style=\"color: #000000;\" title=\"https:\/\/www.halcyon.ai\/blog\/cloak-ransomware-variant-exhibits-advanced-persistence-evasion-and-vhd-extraction-capabilities\" href=\"https:\/\/www.halcyon.ai\/blog\/cloak-ransomware-variant-exhibits-advanced-persistence-evasion-and-vhd-extraction-capabilities\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.halcyon.ai\/blog\/cloak-ransomware-variant-exhibits-advanced-persistence-evasion-and-vhd-extraction-capabilities\" aria-label=\"analyzed the Cloak ransomware threat and uncovered a new and worrying variant\">analyzed the Cloak ransomware threat and uncovered a new and worrying variant<\/a>\u00a0that not only displays \u201csophisticated extraction and privilege escalation mechanisms\u201d but also terminates processes related to both security and data backup tools. This new Cloak variant, Halcyon warned, can spread by way of dangerous drive-by downloads disguised as legitimate updates like Microsoft Windows installers. Here\u2019s what you need to know.<\/span><\/p>\n<p><span style=\"color: #000000;\">The newly published Halcyon analysis of this latest Cloak ransomware variant details a number of attack strategies used by the threat actors operating the criminal exploit. Network access acquired through initial access brokers and\u00a0<a class=\"color-link\" style=\"color: #000000;\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/19\/security-warning-as-new-2sp-cyber-attacks-emerge-why-2fa-is-your-friend\/\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/19\/security-warning-as-new-2sp-cyber-attacks-emerge-why-2fa-is-your-friend\/\" target=\"_self\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/19\/security-warning-as-new-2sp-cyber-attacks-emerge-why-2fa-is-your-friend\/\" aria-label=\"social engineering\">social engineering<\/a>\u00a0unsurprisingly top the list.\u00a0<a class=\"color-link\" style=\"color: #000000;\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/02\/why-you-must-beware-of-dangerous-new-scam-yourself-cyber-attacks\/\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/02\/why-you-must-beware-of-dangerous-new-scam-yourself-cyber-attacks\/\" target=\"_self\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/02\/why-you-must-beware-of-dangerous-new-scam-yourself-cyber-attacks\/\" aria-label=\"Phishing\">Phishing<\/a>,\u00a0<a class=\"color-link\" style=\"color: #000000;\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/03\/new-windows-backdoor-security-warning-for-bing-dropbox-google-users\/\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/03\/new-windows-backdoor-security-warning-for-bing-dropbox-google-users\/\" target=\"_self\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/03\/new-windows-backdoor-security-warning-for-bing-dropbox-google-users\/\" aria-label=\"malicious advertising\">malicious advertising<\/a>\u00a0and\u00a0<a class=\"color-link\" style=\"color: #000000;\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/30\/google-and-microsoft-users-warned-rockstar-2fa-bypass-attacks-incoming\/\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/30\/google-and-microsoft-users-warned-rockstar-2fa-bypass-attacks-incoming\/\" target=\"_self\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/30\/google-and-microsoft-users-warned-rockstar-2fa-bypass-attacks-incoming\/\" aria-label=\"exploit kits\">exploit kits<\/a>\u00a0are all employed to get the Cloak malware installed onto a target system, but Halcyon has also warned that the attackers are using what is known as a. drive-by download tactic, disguising the threat as a legitimate system update such as a Windows installer, for example.<\/span><\/p>\n<p><span style=\"color: #000000;\">It is believed that Cloak is connected to the Good Day ransomware group, using a version of some ransomware that was derived from previously leaked source code to the Babuk ransomware threat. Not that this really matters to victims or potential victims, but what matters is that once delivered by way of a loader that has the ransomware payload embedded within, Cloak uses sophisticated extraction and privilege escalation mechanisms, according to this latest report. \u201cIt terminates processes and services related to security, backups, and databases,\u201d the security analysts warned, \u201cwhile modifying system settings to hinder recovery and user actions.\u201d Encryption keys are securely generated with Curve25519 and SHA512, encrypting files on both local drives and network shares using an HC-128 algorithm. The Cloak ransomware variant \u201cemploys advanced evasion techniques, including executing from virtual hard disks to avoid detection,\u201d the report said.<\/span><\/p>\n<p><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/12\/dangerous-new-windows-drive-by-security-alert-what-you-need-to-know\/\"><span style=\"color: #000000;\">Read the Full Story Here<\/span><\/a><\/p>\n<p><span style=\"color: #000000;\">Source: Forbes<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Although little is known, in truth, about a cybercriminal actor employing what has become known as the Cloak ransomware threat, the group has risen rapidly to gain status as a significant player in the ransomware landscape since first emerging in 2022. Threat researchers at Halcyon have now\u00a0analyzed the Cloak ransomware threat and uncovered a new [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1124,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1492","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Windows Drive-By Security Attack\u2014What You Need To Know - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Windows Drive-By Security Attack\u2014What You Need To Know - Community\" \/>\n<meta property=\"og:description\" content=\"Although little is known, in truth, about a cybercriminal actor employing what has become known as the Cloak ransomware threat, the group has risen rapidly to gain status as a significant player in the ransomware landscape since first emerging in 2022. Threat researchers at Halcyon have now\u00a0analyzed the Cloak ransomware threat and uncovered a new [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-13T12:09:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"1916\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/\",\"name\":\"New Windows Drive-By Security Attack\u2014What You Need To Know - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg\",\"datePublished\":\"2024-12-13T12:09:17+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg\",\"width\":1280,\"height\":1916},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Windows Drive-By Security Attack\u2014What You Need To Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Windows Drive-By Security Attack\u2014What You Need To Know - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/","og_locale":"en_US","og_type":"article","og_title":"New Windows Drive-By Security Attack\u2014What You Need To Know - Community","og_description":"Although little is known, in truth, about a cybercriminal actor employing what has become known as the Cloak ransomware threat, the group has risen rapidly to gain status as a significant player in the ransomware landscape since first emerging in 2022. Threat researchers at Halcyon have now\u00a0analyzed the Cloak ransomware threat and uncovered a new [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2024-12-13T12:09:17+00:00","og_image":[{"width":1280,"height":1916,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/","name":"New Windows Drive-By Security Attack\u2014What You Need To Know - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg","datePublished":"2024-12-13T12:09:17+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/11\/emailforwardhacker.jpg","width":1280,"height":1916},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/new-windows-drive-by-security-attack-what-you-need-to-know\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"New Windows Drive-By Security Attack\u2014What You Need To Know"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1492"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1492\/revisions"}],"predecessor-version":[{"id":1493,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1492\/revisions\/1493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1124"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}