At a recent cyber threat intelligence summit details about the Sprite Spider were disclosed by two researchers. The threat actor who commenced their journey of malice in 2015 with a banking Trojan has since reached great heights of sophistication and capabilities. Dots between Shifu, Wyatt, and Pixi were connected by the researchers to the DEFRAY777 ransomware attacks and found that all these activities were connected to a single group.
Evading being exposed
- As the malicious code is obfuscated in open-source projects, evading detection becomes particularly easy.
- Since the group only writes “Valet” to the disk and hence, it makes it incredibly challenging for researchers to find it during an attack.
- It targets EXSi machines, implying that the group will deploy ransomware only to target a few servers instead of deploying it across the entire network.
Other Threats
- A new module was introduced to Trickbot called Masrv, to scan local network systems with open ports for quick lateral movement.
- Android got its own malware that abuses accessibility services in Android devices to steal user credentials and media content, called Oscorp.
- As its latest victim, Babuk Locker has claimed Serco after being a real menace. It has also followed into the footsteps of other ransomware families and is leveraging double extortion.
2020 was a great year for ransomware gangs as they had a lot of time to upgrade their techniques, tactics, and procedures. Sprite Spider is one such group that is slowly rising into infamy and due to its threat profile being on par with APT groups, it is anticipated to be the next big ransomware family.
To read more, please check eScan Blog
