All Articles

 Welcome to the forefront of cybersecurity defense, where vigilance and proactive measures are paramount in safeguarding against ransomware attacks. In today's discussion, we delve into the intricate strategies employed by ransomware actors to exploit vulnerabilities and infiltrate organizational networks. Join us as we explore the evolving threat landscape, dissect prominent attack vectors, and elucidate actionable mitigation strategies. Led by Jendra Chan, Head of Research at Fire Compass, this webinar promises insights that empower CISOs to fortify their defenses and mitigate the risk of ransomware attacks by identifying and addressing critical vulnerabilities.

Here is the verbatim discussion:

uh then then you know of course the most prominent one is the fishing where uh you know attackers usually send a fishing email on a mass scale or a you know spear fishing and with malicious attachment link and allow users and various other you know techniques which including even social media uh wishing uh which allow user to ultimately give access to this uh du to the malwares and ransomwares on their uh on their systems and from there you know the attack starts right uh apart from that uh 60% of the cases are because of Shadow it which means the assets which are not probably are there are not there in the asset inventory but are left open for the attackers on the on the public internet uh so just give you a number in terms of cves we have seen 49 cves being added to the cisa you know database from the last few months which have been targeted by ransomwares in just 2023 and 366 CVS were added in 2022 which were you know Target vir and somewes and uh and and this trend will continue of course with the end of 2023 lot of other CVS would probably also make it into cisa you know knowledge base of vulnerabilities uh in Shadow it I think one of the most prominent Vector is stolen using stolen credentials in desktop sharing software such as RDP VPN any connect now with the Advent of remote working when the workforce is all around the glob uh the incidents of using stolen credentials uh and get access to your to the you know network and to some of the systems has increased drastically uh this is because you know the collaboration is now right now not limited to within the parameter of the network uh so as a result you know using the stolen kid initials now where are the stolen credentials coming from the these are coming from you know various uh attack and breach databases which were you know published for the last uh maybe you know five 5 to 10 years uh where billions and billions of you know credentials are available on dark web and many of them are being reused by employees you know intentionally non-intentionally uh on other you know systems which probably work works in the Enterprise now let me uh you know talk about some of the cves and you know which ransomwares and are targeting them now ransomwares runs on gas Global attack surface yeah that's a catchphrase uh and then so as I mentioned before uh ransomwares go and Target various uh in scale you know run run scan on internet wide and you know find potential Target so one of the cve you know which we studied is CV 2023 which is in fora go anywhere command injection and uh this CV is being targeted by you know increasingly being targeted by clock R clock ransomware which is uh you know Russian origin ransomware targeting worldwide you know uh organizations and although it uses various attack vectors such as you know fishing you know but then uh in this case recently they have also utilized this uh cve to Target organizations and get initial foothold now why this CV has been targeted by this ransomware the reason being that it has a global attack surface presence uh I mean just doing a search on on few Sudan or other internet search engines you can get a you know exposure of of this cve uh on the like in us the exposure of the CVS like at least 897 targets are right now available with a strict search queries I mean right with after filtering out uh even the uh honey pots you know U and other you know noise uh we figured out that at least 897 uh for go anywhere uh software is being exposed outside just in United States U and uh and as these are exposed outside as you can see that um it is and if there are and this is a latest CV by the way and and as the CV is released if those softwares are not patched within few days as I said then they have a risk of being exploited by uh clo ransomwares now just talking about bit about this vulnerability what now if you just look at this vulnerability it's a command injection vulnerability which means it is remotely exploitable uh and using a HTTP payload so what attacker need to do is craft HTP based you know exploit uh not like RDP you know buffer overflow you know very simple easy probably is one of the you know easier.

Highlights:

Exploiting Human Vulnerabilities:

• Ransomware attackers capitalize on human vulnerabilities through phishing campaigns, leveraging malicious email attachments and links to infiltrate systems.
• Social engineering tactics and mass-scale phishing campaigns serve as effective entry points for ransomware actors seeking to gain initial access.

Shadow IT and Stolen Credentials:

• Shadow IT, characterized by unmanaged assets and overlooked vulnerabilities, accounts for a significant portion of ransomware incidents.
• The proliferation of remote working has amplified the risk of stolen credentials, sourced from breach databases and exploited to access organizational networks.

Targeting Vulnerabilities for Exploitation:

• Ransomware attackers prioritize vulnerabilities with a global attack surface presence, exploiting weaknesses in widely-used software and systems.
• Recent trends indicate a surge in targeting vulnerabilities such as CVE-2023, which enables remote command injection and has become a favored entry point for ransomware attacks.

Mitigation Strategies:

• Proactive vulnerability management is key to reducing the risk of ransomware attacks, requiring organizations to prioritize patching and remediation efforts.
• Swift remediation of critical vulnerabilities, coupled with robust security awareness training, can significantly mitigate the risk posed by ransomware actors.

As ransomware threats continue to evolve and proliferate, the onus falls on organizations to adopt a proactive stance towards cybersecurity. By understanding the tactics employed by ransomware actors, organizations can implement targeted mitigation strategies to fortify their defenses and mitigate the risk of attacks. Through collaboration, education, and vigilance, we can collectively navigate the complex threat landscape of ransomware and emerge stronger in our cybersecurity resilience. Let us unite in our commitment to securing digital assets and preserving the integrity of organizational networks against the pervasive threat of ransomware.

Speaker:

Jitendra Chauhan has over 16+ years of experience in the Information Security Industry in key areas such as Building and Managing Highly Scalable Platforms, Red Teaming, Penetration Testing, and SIEM. He holds multiple patents in Information Security. He loves to visualize problems, solutions and ideas. He is very strong with modelling and inductive learning (he can mentally make math models based on a few examples). He is very passionate about machine learning and its applications, Cyber Security and Micro Services.

https://www.linkedin.com/in/jitendrachauhan/
https://x.com/jitendrachauhan