A kernel driver derived from a 2023 BlackCat ransomware exploit is believed by Trend Micro researchers to be an updated version of a similar driver. The driver leverages a unique user client to control, halt, and eliminate processes in various endpoints. In response, industry experts reiterated the necessity for securing code-signing certificates and implementing secure processes. They also stressed the importance of collaboration and monitoring in the face of escalating cyber threats.
Authentication failure blamed for Change Healthcare ransomware attack
Inadequate remote access authentication likely led to Change Healthcare’s ransomware attack. Cybercriminals apparently used compromised credentials to access the company’s systems and ultimately steal data