November 8, 2023 at 06:39AM
The FBI has warned about ransomware operators using third-party vendors and services to gain initial access to victim environments. Threat actors exploit vulnerabilities in vendor-controlled remote access and legitimate system management tools to elevate permissions in victim networks. The FBI urges organizations to take measures such as creating backups, reviewing vendor security, implementing strong user account security, and monitoring for suspicious activity to mitigate the risk of ransomware attacks.
Key Takeaways from the Meeting Notes:
1. The FBI has issued a warning about how ransomware operators are exploiting third-party vendors and services to gain initial access to victim environments.
2. Threat actors are targeting vulnerabilities in vendor-controlled remote access and using legitimate system management tools to elevate permissions in victim organizations’ networks.
3. The FBI has tracked multiple ransomware attacks that used third-party gaming vendors to compromise small and tribal casinos’ servers and encrypt personally identifiable information.
4. The agency has also identified a callback-phishing data theft and extortion attack conducted by the Silent Ransom Group (SRG) or Luna Moth. The attackers use phishing messages to lure victims into calling a specified number and then direct them to join a legitimate system management tool via a link provided in a follow-up email.
5. The attackers deploy additional legitimate remote management tools to compromise local and network shared drives, exfiltrate data, and attempt to extort victim companies.
6. To mitigate the risk of ransomware, the FBI recommends organizations to: create backups, review the security posture of third-party vendors, secure user accounts in compliance with NIST-recommended policies, implement phishing-resistant multi-factor authentication (MFA) and network segmentation, monitor for suspicious activity, disable unused ports and services, and keep all systems and applications updated.