Category: Cyber Security

Inside Conti: The Worlds Most Feared Ransomware Gang

Inside Conti leaks: The Panama Papers of ransomware – The Record by Recorded Future

The leaking of more than a hundred thousand internal chats at the world’s biggest ransomware gang has offered explosive insights into how it attacks its victims which include Australian companies.

On February 25 Conti announced “Full support of the Russian government” in the war against Ukraine. It took only two days for internal chat sessions to be leaked onto the internet, with the likely source being a Ukrainian supporter within the Conti cybercriminal group.

Reports of more than 160,000 internal messages, along with source code for the Conti ransomware encryptor, decryptor and builder have found their way online.

Conti has reportedly compromised at least 500 orgnainsations globally.

The cybercriminal gang is renowned for its two-stage attack, using a ‘double extortion’ technique where it steals company data and threatens to sell it to extort a payment. It then encrypts data on victims’ systems and demands a ransom.

Cybersecurity insurance firms are engaging negotiators to reduce the amount of ransom to be paid, reach a resolution between companies and ransomware vendors, and identify digital evidence for law enforcement.

Protect your organisation from the threat of ransomware and cyber attack with Acurus. Contact us today.

Contact



    Russian cyber attacks could inadvertently hit Australia, warns government cyber agency

    Australia’s lead cyber agency has issued a warning to Australian organisations that a wave of cyber attacks on Ukraine  and NATO countries could spill over in coming months. The Australian Cyber Security Centre (ACSC) is urging businesses not to be complacent as Russian attacks escalate. 2022-02: Australian organisations should urgently adopt an enhanced cyber security posture | Cyber.gov.au

    As reported by the ABC News Russian cyber attacks could inadvertently hit Australia, warns government cyber agency – ABC News, Russian linked criminal gangs might be encouraged to target all sorts of Western targets, prompting  a possible surge in ransomware and other attacks across the globe. Home Affairs Minister Karen Andrews warned Russia may hit Australian critical infrastructure through cyber-attacks.

    Both governments and businesses must prepare for the likelihood that cyber attacks will increase further if the situation in Ukraine continues to escalate.

    We encourage you to pass this communication to your employees and remind them to focus their awareness of cyber security related risks such as:

    If you are an Acurus SOC customer please be informed that Acurus will be performing proactive threat hunting focusing on areas as advised by the ACSC starting this weekend, and continuing until further notice. As per ACSC guidelines Acurus SOC will be performing additional review and focus on:

    • AD configuration changes.
    • Abuse of delegated privileges and service principles in Azure.
    • Active Directory Federation Services (ADFS) changes.
    • Consider conditional access policies to prevent login events from unusual locations, including TOR.

    We will provide an additional update on our forward position early next week as more government advice is provided.

    If you are concerned about your organisations cyber security posture please contact us for a discussion.

    Contact



      Threat actor target Ubiquiti network appliances using Log4Shell exploits

      Threat actor target Ubiquiti network appliances using Log4Shell exploits – The Record by Recorded Future

      Threat actors are using a customised public exploit for the Log4Shell vulnerability to attack and take over Ubiquiti network appliances running the UniFi software, security firm Morphisec said in a report last week.

      The attackers used a proof-of-concept exploit previously shared on GitHub. Developed the Sprocket Security, the PoC adapts the Log4Shell exploit in the Log4j Java library to work on Ubiquiti`s UniFi devices, complete with post-exploitation steps.

      The attackers took over UniFi devices and ran malicious PowerShell code that later downloaded and installed a version of the Cobalt Strike Beacon backdoor.

      There was no universal exploit code that worked everywhere out-of-the-box and granted attackers the ability to take over systems indiscriminately.

      Reports of Log4Shell exploitation have been limited only to a handful of devices, such as VMWare Horizon, VMWare vCenter, ZyXEL routers, and SolarWinds Serv-U servers, as attackers relied on public exploits shared online.

      As the Log4Shell vulnerability continues to plague the digital world, Acurus are dedicated to finding and fixing vulnerabilities in our customers networks. This includes researching the latest hacks, closing loopholes and possible target vectors, and keeping systems up to date with the security updates and patches.

      Contact us today to ensure your organisation is protected from the latest cyber attacks.

      Contact



        Deadbolt Ransomware Hits More Than 3,600 QNAP NAS Devices

        Deadbolt ransomware hits more than 3,600 QNAP NAS devices – The Record by Recorded Future

        More than 3,600 network-attached storage (NAS) devices from Taiwanese company QNAP have been infected and had their data encrypted by a new strain of ransomware named Deadbolt.

        According to a copy of the ransom note, device owners are told to pay up to 50 Bitcoin ($18.6 million) to release a master decryption key that unlock all of the victims’ files.

        Although at least 3,600 QNAP NAS devices have been hit so far by the attackers, QNAP was quick to formally acknowledge the attacks, after hundreds of users flocked to its support forum to report their files being encrypted.

        While it is unclear if QNAP has been in contact with the attackers or if it had paid any ransom demand, the company has silently force-installed several firmware updates for some of its customers, according to one of its support agents` comments on Reddit.

        Deadbolt and other ransomware attacks are still continuing to take place. The Australian Cyber Security Centre (ACSC) receive average of 164 cybercrime reports per day, or one report every 10 minutes.

        Protect your business from the threat of a cyber attack today. Contact Acurus for a free assessment on your organisations cyber security below.

        Contact



          Do You Know and Trust Your Pentesters?

          Hacking Gang Creates Fake Firm To Hire Pentesters For Ransomware Attacks

          Hacking gang creates fake firm to hire pentesters for ransomware attacks (bleepingcomputer.com)

          Hacking groups are now attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.

          As ransomware has become a profitable field for cybercriminals, they are creating fake front companies like “Combi Security” to lure legitimate IT specialists.

          Researchers believe that the hacking group was looking to hire pentesters, as system administrators that would also have the ability to map compromised corporate systems, perform network reconnaissance, and locate backup servers and files.

          The veil of legitimacy around these corporate entity was lifted by researchers at Gemini Advisory, who found out that the website for a fake cybersecurity company known as Bastion Security comprised of stolen and re-compiled content from other websites.

          For over ten years, Acurus has been trusted by Australia’s largest household brands, including Energy Australia, Officeworks, Bakers Delight, Red Energy, Reece Plumbing etc.

          If you need cyber security assistance, post incident or need to bolster your cyber security position to avoid detrimental attacks Contact – Acurus today.

          China’s Cyber Hacking Flex

          IOS 15, Windows 10, Google Chrome Hacked During Huge Cyber Onslaught

          Last month Chinese hackers went on something of a rampage, exploiting all but three of the 15 target products breached during the onslaught that was the Tianfu Cup.

          The zero-day vulnerabilities, exploited by the Kunlun Lab and Team Pangu, saw a remote code execution attack and the first iOS 15 jailbreak to occur in a matter of seconds.

          The competition victims also included Microsoft, with five successful exploits involving the Windows 10 operating system, one impacting Microsoft Exchange, and Google, leaving Chrome to succumb twice.

          “Researchers do often retain vulnerabilities they’ve discovered in order to use them in competitions like these,” he says, adding, “But it’s important to consider the reason they stockpile vulnerabilities for competitions rather than disclosing them immediately to impacted vendors.” Simply put, the competitions pay, while vendors typically do not, according to Williams.

          If you still think your company can deal with a cyber security issue if it happens, rather when it happens it is time to change your mindset.

          Contact us today for free cyber security gap assessment so you can be prepared for when it happens to you. Work from Anywhere Securely – Acurus