A new version of LockBit 3.0 (LockBit Black) was released in June 2022, along with a new leak site and the first Bug Bounty program on the dark web.

You may also be interested in reading: Conti vs. LockBit 2.0 – a Trend Micro Research in Brief.

The encryption process includes adding the extension “HLJkNskOq” or “19MqZqZ0s” to each file and changing the icons of the locked files to the icon of the “.ico” file that was removed by the LockBit sample to trigger the infection.

According to a report by Trend Micro researchers, the ransomware then displays a ransom note that mentions Elon Musk and the EU General Data Protection Regulation (GDPR). LockBit 3.0 then changes the wallpaper on the victim’s computer to report a ransomware attack.

Much of LockBit’s similarity to BlackMatter comes from the repetition of privilege escalation and data collection to identify APIs needed to terminate other processes, and the use of anti-debugging and multi-threading techniques to prevent parsing. In addition, LockBit 3.0 checks the interface language of the victim’s computer to avoid compromising systems related to the countries of the former USSR.

The findings come after LockBit programs became the most active ransomware-as-a-service (RaaS) groups in 2022. The latest attack on the RaaS model was carried out on the Italian tax office. According to the Palo Alto Networks 2022 Unit 42 report, out of 600 incidents between May 2021 and April 2022, the ransomware family accounted for 14% of intrusions, second only to Conti at 22%.

The development also highlights the continued success of the RaaS business model, lowering the barrier to entry for hackers and expanding the opportunitiesm of ransomware.

According to the Check Point Cyberattack Trends Report Q2 2022, on average, 1 in 40 organizations are attacked weekly, up 59% from 2021. Latin America saw the largest increase in attacks, with 1 in 23 organizations attacked each week, up 43% from 2021. Asia also saw growth of 33% (1 in 17 organizations).

The post Experts Find Similarities Between LockBit and BlackMatter appeared first on Gridinsoft Blog.

Bleeping Computer recalls that LockBit appeared in 2019 and has since become one of the most active threats, accounting for about 40% of all ransomware attacks in May 2022.

You might also be interested in: Conti vs. LockBit 2.0 – a Trend Micro Research in Brief.

Journalists say that over the weekend, the group released an updated version of its RaaS malware (LockBit 3.0), which hackers have been beta testing for the past few months. At the same time, it is noted that the new version of the malware has already been used in attacks.

Also, along with the release of a new version of the ransomware, the hackers also introduced their own bug bounty program.

It is easy to guess how exactly the hackers intend to use the vulnerabilities acquired in this way. In addition, the group offers rewards not only for bugs, but also for “brilliant ideas” to improve the work of their ransomware, as well as for doxing the head of their own affiliate program. The Hackers website lists the following categories of awards.

1. Site errors: XSS vulnerabilities, MySQL injections, shells and more will be charged based on the severity of the error. The main vector is getting a decoder through bugs on the site, as well as gaining access to the history of correspondence with encrypted companies.
2. Locker Errors: Any encryption errors resulting in file corruption or the ability to decrypt files without a decryptor.
3. Brilliant Ideas: We pay for ideas. Please write how we can improve our website and software, the best ideas will be rewarded. What is interesting about our competitors that we do not have?
4. Doxing: We will pay exactly one million dollars, no more and no less, for doxing the affiliate boss. It doesn’t matter if you are an FBI agent or a very smart hacker who knows how to find anyone, you can write to us on TOX messenger, tell us the name of the boss and get a million dollars in Bitcoin or Monero for it.
5. Messenger TOX: vulnerabilities in the TOX messenger that allow intercepting correspondence, launching malware, determining the IP address of the interlocutor, and other interesting vulnerabilities.
6. Tor network: any vulnerabilities that help get the IP address of the server where the onion site is installed, as well as gain root access to our servers and onion domains, followed by a database dump.

It should be noted that the proposal to dox the head of the LockBit affiliate program, known under the nickname LockBitSupp, as an experiment, appears not for the first time. For example, in April of this year, the group offered a million dollars to anyone on the XSS hacker forum who could recognize at least the first and last name of LockBitSupp.

Journalists also note that now on the site of the hack group, visitors are greeted by a gif with animated icons of the Monero and Bitcoin cryptocurrencies, which were previously accepted for paying ransoms. But now the logo of the Zcash cryptocurrency, which is known for its increased privacy, joined them.

Another innovation: a new ransomware model that will allow attackers to buy data stolen during attacks from LockBit. It has been noticed that one of the JavaScript files on the updated grouping site contains a modal dialog that will allow purchasing stolen data. Apparently, the data will be offered for purchase and download either through a torrent or directly through the site.

Since the LockBit 3.0 website has yet to release the details of the victims, it is not still clear how this innovation will work and whether it will be enabled anytime soon.

The post Hackers Launched LockBit 3.0 and Bug Bounty Ransomware appeared first on Gridinsoft Blog.

In November last year, Google already increased the size of payments: then the company tripled rewards for exploits for previously unknown bugs in the Linux kernel. The idea was that people would be able to discover new ways to exploit the kernel, in particular related to Kubernetes running in the cloud. Then the researchers were asked to compromise the Google kCTF (Kubernetes Capture The Flag) cluster and get a “flag” in the context of the competition.

NOTE: Let me remind you that we wrote that Apple paid $100,000 for macOS camera and microphone hack, and also that Zerodium offers up to $400,000 for exploits for Microsoft Outlook.

Google reports that the bug-finding program has been a success, receiving nine reports in three months and disbursing more than $175,000 to researchers. During this time, five 0-day vulnerabilities and two exploits for fresh 1-day bugs were discovered. According to Google, thanks to the bug bounty, three of these issues have already been fixed and detailed, including CVE-2021-4154, CVE-2021-22600 (patch), and CVE-2022-0185 (report).

As a result, the program will be extended until at least the end of 2022, and will also undergo a number of changes. Whereas in November it was decided that experts would receive a reward of up to $50,337 for critical vulnerabilities (depending on the severity of the problem), the maximum reward has now been increased to $91,337.

The sum of payments depends on several factors: whether the problem found is a 0-day vulnerability, whether it requires unprivileged user namespaces, whether it uses some new methods of exploitation. Each of these points comes with a bonus of $20,000, which ultimately raises the payout for a working exploit to $91,337.

The post Google Offers up to $91,000 for Linux Kernel Vulnerabilities appeared first on Gridinsoft Blog.

The vulnerability is already being exploited in attacks by highly skilled hacker groups.

The exploit was published by Privacy Piiano founder and CEO Gil Dabah, who discovered the vulnerability two years ago.

Daba said he chose not to report his discovery to Microsoft because it was very difficult to get money through its vulnerability bounty program.

The vulnerability, identified as CVE-2022-21882, could allow aт attacker to elevate his privileges on the local system.

Microsoft mentioned RyeLv as the researcher who discovered the vulnerability. The researcher submitted his description of the input type mismatch vulnerability in Win32k.sys on January 13, 2022.

Investment in the program was also the top recommendation of RyeLv’s technical analysis for Microsoft. He told how to “kill the bug class”:

Let me remind you that we also wrote that Zerodium offers up to $400,000 for exploits for Microsoft Outlook, and also that Google recruits a team of experts to find bugs in Android applications.

The post 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues appeared first on Gridinsoft Blog.

It turned out that during this time, researchers from 62 countries of the world discovered 662 vulnerabilities in Google products.

The majority of payments cybersecurity experts received for errors that were found within the Chrome VRP (Vulnerabilities Rewards Program) program: more than $2,100,000 for 300 vulnerabilities found in the Google browser. This is 83% more than in 2019.

Another important part of the company’s program is the bug bounty initiative for Android. The researchers earned about $1,740,000 from vulnerabilities in the code of the mobile operating system, and another $270,000 brought to them errors in popular and widely used applications from the Google Play Store.

The company’s report also lists the following interesting figures for 2020:

• The Android 11 preview bonus was over $50,000 and was applied to 11 reports. This allowed Google to fix a number of issues prior to the official release of Android 11.
• Qihoo 360’s 360 Alpha Lab research team owns a record eight exploits (30% of the total) for a variety of vulnerabilities. Alpha Lab recently demonstrated a one-click remote root access exploit targeting the latest Android devices. Researchers are still in the lead as they received a record $161,337 payout for their 2019 exploit (plus another $40,000 in Chrome VRP).
• Another unnamed researcher presented two exploits in 2020 and is now also fighting for the first place, as the total amount of rewards he earned is approaching $400,000.

Under the Google research grants program, cybersecurity researchers received about $400,000. For example, more than 180 experts received grants and eventually sent 200 bug reports, which resulted in the discovery of 100 confirmed bugs in Google products and the open-source ecosystem.

As I said, Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches.

The post In 2020, Google paid cybersecurity experts $6.7 million appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/google-paid-cybersecurity-experts-7-million/feed/ 0 5076 https://gridinsoft.com/blogs/researcher-earned-more-than-2000000-on-hackerone/ https://gridinsoft.com/blogs/researcher-earned-more-than-2000000-on-hackerone/#respond Mon, 28 Dec 2020 21:57:04 +0000 https://blog.gridinsoft.com/?p=4893 HackerOne representatives said that Romanian cybersecurity specialist Cosmin Iordach (@inhibitor181) became the first researcher in the history of the project, who earned more than $ 2000000 from bug bounty. He is also the seventh researcher to earn over a million dollars in just two years, a milestone he reached, receiving over $300,000 in just 90… Continue reading Researcher Earned More than $ 2000000 on HackerOne

The post Researcher Earned More than $ 2000000 on HackerOne appeared first on Gridinsoft Blog.

]]> HackerOne representatives said that Romanian cybersecurity specialist Cosmin Iordach (@inhibitor181) became the first researcher in the history of the project, who earned more than $ 2000000 from bug bounty.

He is also the seventh researcher to earn over a million dollars in just two years, a milestone he reached, receiving over $300,000 in just 90 days.

334 days ago, we announced Cosmin as the 7th hacker to reach $1 million dollars in earnings. Today we celebrate his achievement to be the FIRST to reach $2 million! Please join us in congratulating @inhibitor181!.the administration of HackerOne told on Twitter.

Iordach told HackerOne that he lived in Germany for the past six years with his wife and two dogs. His interest in hacking and vulnerabilities rised after the HackAttack workshop in Hamburg in mid-2016. Then the expert was still studying at the university, but at the end of 2017 he was already seriously engaged in hunting for bugs, continuing to work as a full-stack developer.

Soon, the researcher received the highest rank of The Assassin at the Singapore hacking event h1-65, and in 2019 he defended his title in London, during h1-4420.

Kosmin Iordach’s overall discovered 468 vulnerabilities, including those found in Verizon Media, PayPal, Dropbox, Facebook, Spotify, AT&T, TikTok, Twitter, Uber and GitHub, as well as a number of bugs in US Department of Defence systems.told on HackerOne.

Let me remind you that there are currently only nine bug hunters on HackerOne who have earned over $ 1,000,000. The first two millionaires appeared on HackerOne last spring. The first record holder was Santiago Lopez (@try_to_hack) from Argentina. He was self-taught when he signed up for HackerOne in 2015, at the age of sixteen. Over the years, he has found over 1,600 vulnerabilities, including in solutions from Twitter and Verizon Media.

HackerOne’s second millionaire is Briton Mark Lichfield (@mlitchfield). He has already helped to fix over 900 bugs in products from companies such as Dropbox, Yelp, Venmo, Starbucks, Shopify, and Rockstar Games.

According to the head of HackerOne, during the entire existence of the project, researchers have already discovered about 170,000 vulnerabilities, and the platform is now used by more than 700,000 ethical hackers.

Let me remind you that bughunter stole a Monero exploit from another cybersecurity specialist and received a reward for it in HackerOne.

The post Researcher Earned More than $ 2000000 on HackerOne appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/researcher-earned-more-than-2000000-on-hackerone/feed/ 0 4893 https://gridinsoft.com/blogs/bughunter-stole-a-monero-exploit-from-another-cybersecurity-specialist-and-received-a-reward-for-it/ https://gridinsoft.com/blogs/bughunter-stole-a-monero-exploit-from-another-cybersecurity-specialist-and-received-a-reward-for-it/#respond Tue, 20 Oct 2020 16:48:53 +0000 https://blog.gridinsoft.com/?p=4446 Bleeping Computer reporters drew attention to an interesting case that occurred as part of the bug bounty of the Monero program on HackerOne. Bughunter stole a Monero vulnerability exploit discovered by another person and received a reward. The publication notes that bug hunting is not just a good cause that benefits the community, but also… Continue reading Bughunter stole a Monero exploit from another cybersecurity specialist and received a reward for it

The post Bughunter stole a Monero exploit from another cybersecurity specialist and received a reward for it appeared first on Gridinsoft Blog.

]]> Bleeping Computer reporters drew attention to an interesting case that occurred as part of the bug bounty of the Monero program on HackerOne. Bughunter stole a Monero vulnerability exploit discovered by another person and received a reward.

The publication notes that bug hunting is not just a good cause that benefits the community, but also a multimillion dollar industry. As a result, some may try to abuse platforms such as HackerOne and Bugcrowd, designed to foster ethics, trust and accountability among information security professionals, for their own financial gain.

Last weekend, cybersecurity specialist Guido Vranken discovered that an Everton Melo had used a copy of an exploit he had created to report a vulnerability in the Monero bug bounty program on HackerOne. The vulnerability Vranken found in the libzmq 4.1 series back in 2019 was a critical clipboard overflow bug (CVE-2019-6250). The researcher notified the developers about it in January 2019.

“Lol someone literally copied and pasted my libzmq + analysis exploit in the [HackerOne] bug bounty and took the money”, — Vranken wrote on Twitter.

Although HackerOne engineers have previously detected and closed plagiarized reports, there is always the possibility of accidental employee error. Currently, the Monero developers have already reported that they cannot return the amount already paid to the plagiarist:

“This report was stolen (!!) from the original Guido Vranken vulnerability report without any mention of his merits. We overlooked the fact that the report was redrawn from there, as we focused on reproducing the problem and fixing it. This is incredible meanness. Please don’t do this. We contacted Guido to pay him a fee, and unfortunately we cannot withdraw the fee from Everton Melo.”



Interestingly, upon closer examination of the report, the developers determined that the 4.1 series, apparently, is not affected by the CVE-2019-6250 problem, but it is definitely vulnerable to the CVE-2019-13132 issue, and therefore it was decided that Melo still has the right for a reward. For the same reason, the title of the report on HackerOne was changed to CVE-2019-13132 instead of CVE-2019-6250.

Let me remind you that Google recruits a team of experts to find bugs in Android applications.

The post Bughunter stole a Monero exploit from another cybersecurity specialist and received a reward for it appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/bughunter-stole-a-monero-exploit-from-another-cybersecurity-specialist-and-received-a-reward-for-it/feed/ 0 4446