October 13, 2023 at 04:59PM
US authorities, including the Cybersecurity Infrastructure and Security Agency (CISA) and FBI, have issued a warning about the AvosLocker ransomware-as-a-service (RaaS) operation that poses a threat to critical infrastructure. AvosLocker has targeted multiple industries in the US, using various tactics such as double extortion and trusted software. Ransomware attacks have been on the rise, with a nearly 80% increase compared to last year. To protect against AvosLocker and similar threats, organizations should follow cybersecurity best practices and implement measures like network segmentation, multifactor authentication, and recovery plans. It is expected that ransomware attacks will continue to increase in the coming months.
Key takeaways from the meeting notes:
1. The US authorities, including CISA and FBI, issued a warning about potential cyberattacks on critical infrastructure by the ransomware-as-a-service (RaaS) group called AvosLocker. AvosLocker has targeted multiple industries in the US, using various tactics including double extortion and the use of trusted software.
2. AvosLocker is known for targeting Windows, Linux, and VMWare ESXi environments in organizations. It utilizes a range of legitimate and open-source tools like AnyDesk, Chisel, Cobalt Strike, and Mimikatz to compromise victims.
3. The group employs living-off-the-land (LotL) tactics, utilizing native Windows tools like Notepad++, PsExec, and Nltest. They also use custom web shells, PowerShell, and bash scripts for lateral movement and evasion.
4. AvosLocker locks up and exfiltrates files to enable follow-on extortion if victims do not cooperate.
5. CISA recommends critical infrastructure providers to implement cybersecurity best practices like network segmentation, multifactor authentication, and recovery plans. They also suggest specific restrictions on remote desktop services, file sharing, and command-line activities.
6. Ransomware groups, including AvosLocker, are expected to increase their attacks in the coming months. Although there was a temporary decrease, September saw a significant increase (5.12%) in ransomware attacks.
7. Organizations should take immediate action to protect themselves, as ransomware attacks tend to peak in the fourth quarter of the year.
Please let me know if you need further clarification on any of the points mentioned above.