Tag Archive for: Remote

Rising ransomware attacks exploit remote access software, warns WatchGuard report

/in


New research from WatchGuard Technologies, a global player in unified cybersecurity, has revealed a significant spike in endpoint ransomware attacks as well as an alarming trend of cyber attackers exploiting remote access software.

The Internet Security Report provides insights into the latest malware trends and endpoint security threats, shedding light on the increasingly sophisticated tactics adopted by cybercriminals.

The research revealed an 89% rise in endpoint ransomware attacks and a decrease in malware delivered through encrypted connections. WatchGuard also observed an increase in abuse of remote access software, an exploitation strategy actively embraced by cyber adversaries.

Cyber criminals are also exploiting password-stealers and info-stealers to pilfer priceless credentials, and are increasingly pivoting from scripting to other living-off-the-land techniques to instigate endpoint attacks.

Discussing the consequeces, Corey Nachreiner, Chief Security Officer at WatchGuard, stated, “Threat actors continuously evolve their tools and methods in attack campaigns, making it crucial for organisations to stay updated on the latest tactics to bolster their security strategy.”

He added that end users often represent the last defence line against sophisticated attacks that employ social engineering tactics. Nachreiner emphasised that it was paramount for organisations to deliver social engineering education and adopt a unified security approach that provides multiple layers of defence.

Among the key findings, the report detailed how cyber attackers are increasingly leveraging remote management tools to dodge anti-malware detection, confirmed by both the FBI and CISA.

Notably, there was a surge in the Medusa ransomware variant in Q3, driving endpoint ransomware attacks up by 89%. The report also highlighted a noticeable decline in attacks employing scripted methods, with script-based attacks dropping by 11% in Q3 and by 41% in Q2.

However, in spite of the reduction, script-based attacks still represent the largest attack vector, making up 56% of total attacks. Cyber attackers are also resorting to Windows living-off-the-land binaries more frequently, as these…

Source…

WatchGuard reveals rise in remote access software exploits

/in


WatchGuard Technologies, a leading provider of unified cybersecurity, has released their latest Internet Security Report that reveals a rise in cyber actors exploiting remote access software, increases in the use of password-stealers and info-stealers, and an 89% expansion in endpoint ransomware attacks.

The report, compiled by WatchGuard Threat Lab researchers, also found a decline in malware arriving over encrypted connections. Additionally, the study shows that cyber threat actors are pivoting from script-based methods to other ‘living-off-the-land’ techniques to launch endpoint attacks.

According to Corey Nachreiner, the Chief Security Officer at WatchGuard, the continued evolution of attack methods necessitates heightened attention to recent tactics for businesses to reinforce their security strategies. He emphasised the importance of social engineering education in conjunction with a unified security approach incorporating layered defence strategies, all of which can be effectively managed by service providers.

The Internet Security Report for Q3 2023 highlighted several notable key points. For instance, cyber attackers increasingly use remote management tools and software to circumvent anti-malware detection. An example provided by the report notes a tech support scam resulting in the user downloading an unauthorised version of TeamViewer, allowing the attacker full remote access to the computer.

Q3 of 2023 also saw the variant ‘Medusa’ surge, driving a quarter-to-quarter increase of 89% in endpoint ransomware attacks. In response to heightened protections around PowerShell and other scripting, threat actors instead pivoted to utilising different ‘living-off-the-land’ techniques. Malware arrival via encrypted connections declined to 48%, yet total malware detections rose by 14%.

The report also reveals the increase of ‘commoditised malware’. A new malware family, Lazy.360502, emerged in the top ten list, proving to be a dual threat as it delivers an adware variant (2345explorer) as well as the Vidar password stealer. The increased use of this malware, supplied by a Chinese website, indicates a growing trend towards ‘password-stealer-as-a-service’.

Overall, the…

Source…

Remote ATM hacking possible with Iagona ScrutisWeb bugs

/in


ATMs impacted by four Iagona ScrutisWeb ATM fleet monitoring system flaws, which have been remediated last month, could be subjected to remote hacking attacks, reports SecurityWeek.

Attackers could leverage the vulnerabilities, tracked as CVE-2023-33871, CVE-2023-38257, CVE-2023-35763, and CVE-2023-35189, to facilitate server data acquisition, arbitrary command execution, and encrypted admin password procurement and decryption, which could then be used to monitor connected ATMs and execute various malicious activities, according to a report from Synack Red Team members who discovered the security bugs.

“Additional exploitation from this foothold in the client’s infrastructure could occur, making this an internet-facing pivot point for a malicious actor,” said researcher Neil Graves, who added that further study is needed to determine the possibility of a custom software upload to allow the exfiltration of cards and redirection of Swift transfers.

Organizations have already been warned by the Cybersecurity and Infrastructure Security Agency regarding the flaws last month.

Source…

CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation

/in


A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.

RMM software is typically used by the IT departments of most large organizations around the world as a way to get remote access to a computer to help with software installations or other services needed by employees.

In recent years hackers have increasingly exploited these tools – particularly in government networks – as an easy way to circumvent security systems and establish longstanding access to victim networks. In January, for example, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency said at least two federal civilian agencies were exploited by cybercriminals as part of a refund scam campaign perpetrated through the use of RMM software.

In an announcement Wednesday, CISA said it worked with industry partners as part of the Joint Cyber Defense Collaborative (JCDC) to create a “clear roadmap to advance security and resilience of the RMM ecosystem.”

Eric Goldstein, CISA executive assistant director for cybersecurity, said the organization worked with other U.S. agencies as well as RMM companies to develop a plan focusing on four main tasks: vulnerability information sharing, industry coordination, end-user education and advisory amplification.

“The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem,” Goldstein said in a statement. “As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

RMM software allows hackers to establish local user access without the need for higher administrative privileges, “effectively bypassing common software controls and risk management assumptions,” CISA and the NSA said in their January announcement.

The agencies warned that threat actors could sell access to an exploited victim to government-backed hacking groups – noting that both cybercriminals and nation-states use RMM…

Source…