After the pandemic, there have been new cyber breaches across the globe. Given the sensitivity of data that is being used daily, it is a must for every business to keep adapting to cybersecurity.
Find the latest cyber news for this week below
The Evolving Ransomware-as-a-Service Threat
What is RaaS?
Ransomware as a Service (RaaS) is a business model. It is used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service.
- With RaaS, threat actors with limited skills can benefit from the ransomware economy.
- The rise in popularity of the RaaS model indicates that attackers can perform remote, highly targeted attacks. This has the potential to impact national security and the security of critical infrastructure as well.
- In addition to the above, the RaaS model is not just a cost-effective strategy, but also provides an extra layer of security to threat actors.
RaaS wants negotiators
With RaaS evolving into a corporate structure, gangs are looking for negotiators. The role of negotiators is to extort victims into paying the ransom. This has become a trend in the ransomware ecosystem as threat actors expert at the art of negotiation emerge. Apart from negotiating, they manage the pressuring aspect by making calls, conducting DDoS attacks, and threatening to leak sensitive information.
Some infamous RaaS gangs
- AvosLocker is a RaaS that surfaced first in June and has been observed looking to recruit new affiliates.
- LockBit 2.0 RaaS has been operating for three years and has conducted multiple high-profile attacks. The gang’s leak site contains the names of 52 victims from the U.S., the U.K, Austria, Romania, Brazil, and Switzerland, among others.
Source Credit: cyware.com
New 0-day Backdoor Allow Hackers to Gain Remote Root Shell Access on Teradek IP Video Devices
A new report has been published recently which claims that a 0-day backdoor gives remote root shell access on Teradek IP video devices. The Teradek IP video devices are live streaming devices that generally encode video inputs to different streaming formats that are quite competent in Ethernet transport.
The firmware that is being attacked in this 0-day backdoor are mentioned below:-
- Teradek VidiU Go 3.1.12 (released on 08–06-2020)
- Teradek VidiU Go 3.1.13 (released on 05–10–2021, latest at the time of writing)
- Teradek firmware for other devices (saw the same code with the same hardcoded hashes in other firmware, but testing is required).
Till now the security researchers are trying their best to find a proper patch for this attack, however, they have not yet found a proper fix.
But, till now there is no proper way to disable the backdoor and/or change hardcoded keys/passwords. That’s why there is only one way to mitigate it is to add an extra layer of protection to the web interface, as it restricts access to the web interface.
Even the security experts affirmed that they should try out the mitigation, as it will help them to keep themselves safe from this kind of backdoor.
Source Credit: cybersecuritynews.com
Brute Force Attacks Witness Tremendous Rise
Emails are still an effective attack vector as attackers are upgrading their phishing techniques. A report released by Abnormal Security highlights the abnormal rise in brute force attacks as threat actors attempt to gain unauthorized access to email accounts.
Some stats your way
- In June, the rate of brute force attacks rose by 671%, and 32.5% of organizations were targeted.
- In Q3 2021, small- and mid-sized organizations had a 43% chance of experiencing at least one successful account takeover.
- However, organizations with around 5,000 employees have a 60% chance of successful account takeover.
- This quarter, 61% of companies underwent a vendor email compromise attack.
Why this matters
Attackers are shifting from the traditional spray and pray technique to more targeted attacks. Successful brute force attacks enable threat actors to gain access to passwords, usernames, and passphrases. Once accessed, jeopardized accounts can be abused for extra attacks on partners, coworkers, and vendors to infiltrate other domains of an organization.
Impersonation is all the rage
- Attackers are impersonating both renowned brands and internal automated systems to trick targets into giving up their credentials or sending money.
- The past two quarters observed a rise of 46% in impersonation of internal systems.
- The rise in highly targeted impersonation attacks indicates that threat actors are willing to go to any lengths and change their tactics for greater success rates.
The bottom line
Advanced email threats are expected to continue for a long time in the future because of their success rates. As these attacks don’t possess conventional indicators of compromise, they fly easily under the radar. As threat actors are amping up their techniques, tactics, and procedures, it is time for organizations to move to proactive cybersecurity defense.
Source Credit: cyware.com