Tag: Organizations | Page 4

Organizations urged to patch critical ransomware vulnerability

June 16, 2023/in Internet Security

The Cybersecurity and Infrastructure Security Agency June 15 urged organizations to apply Progress Software updates to the MOVEit Transfer web application to prevent ransomware attackers from exploiting a critical vulnerability used to steal data. The FBI and CISA alerted (https://www.aha.org/news/headline/2023-06-09-agencies-take-steps-protect-against-latest-clop-ransomware-tactics) organizations to the vulnerability last week.

“The notorious Russia-linked ransomware gang CLOP is exploiting previously unknown software flaws in MOVEit Transfer to target hospitals, health systems, corporations and government agencies, resulting in a serious ransomware threat against critical infrastructure,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Due to the scope and scale of organizations targeted, this strategic cyberthreat may be related to ongoing geopolitical tensions with Russia. The fact that the Russian security services do not cooperate with the U.S. and allied law enforcement agencies, provides a permissive environment for these Russia-based groups to operate from, with or without the explicit approval of the Russian government. It is strongly recommended that any instance of the MOVEit application be identified and that it be immediately disconnected from all networks and the internet until this threat is fully resolved. This is also a good opportunity to review all file transfer systems within your environments for necessity, security and patching.”

For more information, see AHA’s Cybersecurity Advisory or contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Source…

Can Organizations Combat Malicious Password-Protected File Attacks?

May 31, 2023/in Computer Security

Password-protected files are an intelligent way in which attackers are working to evade enterprise security defenses and infect endpoints.

Not long ago, phishing attacks were nearly always delivered via email. However, today’s threat actors are increasingly targeting other channels – be it SMS, social media direct messaging and even collaboration tools – to evade common anti-malware engines, content filters and signature-based detection tools.

Across these varied platforms, password-protected files remain a common attack vector. Here, malicious payloads are hidden within seemingly benign, safe, and accepted file formats. Because the files are encrypted, security tools can’t read and analyze them. When this is done using commonly used file extensions, organizations often allow malicious files to pass through security sandboxes or automated analysis tools.

As a result, password-protected files containing malware are all too often able to evade network or gateway security defenses and endpoint detection solutions, reaching the threat actor’s target destination. Once this has been achieved, individuals are exposed to increasingly sophisticated and convincing social engineering and spear phishing tactics used by attackers to trick their targets into clicking on attachments and entering the required password, leading to infection of the endpoint.

To reiterate, this no longer happens exclusively over email. Indeed, threat actors are increasingly directing potential victims to web browsers and external storage applications, such as Dropbox and Google Drive, to the same effect.

Three Malicious Password-Protect File Attacks

Password-protected files have resulted in widespread breaches and made headlines recently – one example stemming from the North Korean Lazarus group.

Here, threat actors delivered malicious Office documents hidden in ZIP files as they targeted Russian organizations. When its intended victims clicked on these ZIP files, they would find themselves presented with what looks like a legitimate and indeed safe Word document.

However, this was used to launch macros and infect the target endpoint. Once this had been achieved, the…

Source…

83% of Ransomware Infected Organizations Paid Over $900,000 Each / Digital Information World

April 16, 2023/in Internet Security

The average number of ransomware attacks being experienced by companies grew from four to five in 2022, and that’s just one of the many signs pointing to a worsening state of cybersecurity. Law enforcement agencies usually tell organizations to never pay ransoms because of the fact that this is the sort of thing that could potentially end up making the malicious actors target them repeatedly.

However, ExtraHop’s latest Global Cyber Confidence Inde x revealed that 83% of organizations that fell pretty to a ransomware attack ended up paying the ransom. The fear of data loss and operational disruption likely led to them biting the bullet, and it is estimated that the companies that paid the ransom had to pay an average of over $925,000 apiece.

With all of that having been said and now out of the way, it is important to note that malicious actors often use the double extortion method when companies pay up. Paying a ransom once makes it more likely that you will pay it again than might have been the case otherwise, so there is a clear correlation between failing to follow post-ransomware instructions and having to go through the ordeal all over again.

77% of experts who are working in the field of IT said that obsolete cybersecurity infrastructure was leading to an increased number of attacks with all things having been considered and taken into account. Spending nearly a million dollars to upgrade this infrastructure might be a far more useful strategy for companies to consider since it can prevent ransomware from making its way onto their systems in the first place.

In spite of the fact that this is the case, most companies tend to have a reactive strategy than a proactive one. Creating backups and keeping cybersecurity tech up to date is both more affordable as well as more efficient, yet most companies are failing to meet this very basic requirement. Until major companies start to take cybersecurity more seriously, the number of these attacks will only grow ever greater. It will be interesting to see if these findings have any sort of impact on how ransomware is dealt with.

Source…