A Cybercriminal gang rampage on July 4th According to cybersecurity firm Huntress, more than 1,500 companies around the world were infected with ransomware over the weekend. But it’s not the number of victims that keeps experts awake at night.

The gang used a level of planning and development that resembled senior government-backed hackers more than a mere criminal operation, they say.

The hackers behind the riot, the Russian-speaking ransomware gang REvil, have adopted two new tactics that have not been previously used by the ransomware gangs that are constantly hacking targets around the world, but most worryingly in the US in particular, they are even a zero-day, cybersecurity term for a security flaw in a program that software developers are not aware of and therefore did not have time to fix.

And they weren’t targeting a single victim, but a company with a small but central role in the internet ecosystem. This gave them access to potentially tens or hundreds of thousands of victims.

“What we are seeing here is the tactics of more sophisticated adversaries like nation states trickling down on these less sophisticated, financially motivated ransomware criminal groups,” said Jack Cable, researcher at Krebs Stamos Group, a cybersecurity consultancy.

REvil, probably best known for Hack JBS, one of the world’s largest international meat suppliers, has been active at least since the beginning of 2019. Like a number of other Russian-speaking ransomware gangs, REvil has made a fortune in recent years by hacking individual organizations, locking their computers, and stealing their files. and ask for payment to fix things and not leak what they stole.

REvil had previously tried to provide its ransomware through a so-called supply chain attack that exploited the networking of Internet services. The group is successful in 2019 chopped TSM Consulting Services, a small managed services provider in Texas that provides web services for businesses that don’t want to do it themselves. Soon 22 of the company’s customers, located in all cities in Texas, were infected with REvil ransomware. The state and federal government stepped in on the case, however, and cities were eventually able to get back online without paying the ransom.

However, over the weekend, REvil took this type of supply chain hack to the next level. Instead of hacking a single organization or even a single managed service provider, they hacked Kaseya, a company that specializes in software updates for hundreds of different providers. That gave them access to a significant number of victims who, according to three cybersecurity experts speaking with NBC News, may be broader than any known criminal hack in history.

So far, REvil doesn’t appear to have had a major impact on American life, despite the fact that it crippled several smaller American businesses, closed a large Swedish grocery store for more than 24 hours, and infected 11 schools in New Zealand. This could be a dodged bullet, however, as cybersecurity experts find hacks in the supply chain particularly worrying as they can quickly give hackers incredibly broad access.

The USA Discovered at the end of 2020 that the Russian secret service SVR hacked the US company SolarWinds, possibly exposing around 18,000 customer organizations to the elite hackers of a foreign secret service. This was quickly recognized as one of the biggest supply chain hacks in history. Even after it became clear that the number of confirmed victims was likely to be much lower, the Biden administration Russia rebuked for the scope of the operation.

While the potential scope of the SolarWinds hack was enormous, there is no evidence that Russia used it for anything other than conventional espionage. The fact that REvil doesn’t appear to be directly motivated by any government chain of command means its supply chain attacks could be even more dangerous, Cable said.

“The difference here is that REvil is financially motivated. They are criminals so they have fewer boundaries in many ways, ”he said. “Ransomware groups don’t obey the same rules, and in some ways we might see this have a bigger impact.”

It’s also extremely worrying that REvil was able to deploy a zero-day vulnerability to hack Kaseya, said Brett Callow, an analyst at cybersecurity firm Emsisoft. While there’s no clear evidence of how the gang was able to acquire it – whether the gang discovered it, stole it from researchers, or bought it from a realtor – it shows that the gang has the ability and intent to elite Acquire and deploy orchestration tools deploy huge hacking campaigns.

“The Kaseya incident is truly a landmark event. It shows that cyber criminals are able to acquire and exploit zero-day vulnerabilities and use them to cause disruption on an absolute level, ”he said.

“As companies continue to pay millions of dollars in ransom, we have cyber criminals more determined and better equipped than ever,” he said. “It creates top predators.”

Source link
#Apex #Predators #Kaseya #ransomware #attack #worries #experts

Leave a Reply