The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft.
At the same time, there now are two distinct operating structures that both use the LemonDuck malware but are possibly being operated by two different organizations that appear to have separate goals, further extending the reach of the malware, the researchers with the Microsoft 365 Defender Threat Intelligence Team wrote in a recent technical paper.
Enterprises Remain Riddled With Overprivileged Users and Attackers Know It
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
Recent breaches have underscored the dangers of overprivileged user accounts and software processes, highlighting the need for companies to discover and mitigate the privileged accounts that could be used by attackers to further compromise important systems and applications.
Last month, the breach of an administrative account at video service provider Verkada left the firm s customers among them, Tesla and Cloudflare open to surveillance by online intruders. Verkada s cloud video service appears to have allowed super users unrestricted access to customer video streams and cameras, allowing a single breach to have massive impact. Similarly, through the compromise of the update process for SolarWind s Orion remote management software, attackers gained complete access
Enterprises Remain Riddled With Overprivileged Users and Attackers Know It
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
Recent breaches have underscored the dangers of overprivileged user accounts and software processes, highlighting the need for companies to discover and mitigate the privileged accounts that could be used by attackers to further compromise important systems and applications.
Last month, the breach of an administrative account at video service provider Verkada left the firm s customers among them, Tesla and Cloudflare open to surveillance by online intruders. Verkada s cloud video service appears to have allowed super users unrestricted access to customer video streams and cameras, allowing a single breach to have massive impact. Similarly, through the compromise of the update process for SolarWind s Orion remote management software, attackers gained complete access