May 14, 2024 at 07:15AM
Cybersecurity researchers have discovered an ongoing social engineering campaign targeting enterprises with spam emails to gain initial access and exploit their systems. The threat actors overwhelm users with junk emails and phone calls, trick them into installing remote desktop software, and leverage remote access for further malicious activities. Additionally, there are insights into LockBit Black ransomware campaign and Mallox Ransomware Group’s activities. These developments are significant in the evolving landscape of cybersecurity threats.
Key Takeaways from the meeting notes:
1. Cybersecurity researchers uncovered an ongoing social engineering campaign targeting enterprises, where threat actors bombard users with spam emails and phone calls to obtain initial access to their systems.
2. The campaign primarily involves tricking impacted users into downloading remote monitoring and management software, establishing a remote connection, and then leveraging remote access to download additional payloads for credential harvesting and maintaining persistence.
3. The attack chain overlaps with the Black Basta ransomware operators’ attack indicators, although there is no evidence of ransomware execution in this campaign.
4. The campaign has been observed distributing remote monitoring and management tools like ConnectWise ScreenConnect and a remote access trojan called NetSupport RAT, associated with FIN7 actors.
5. The LockBit Black ransomware campaign, leveraging the Phorpiex botnet, began on April 24, 2024, and involves delivering email messages containing the ransomware payload, amplifying the scale of threat campaigns and increasing chances of successful ransomware attacks.
6. Mallox, a ransomware group, is observed brute-forcing Microsoft SQL servers to deploy malware, and has transitioned to a ransomware-as-a-service (RaaS) model with a double extortion strategy, impacting organizations in various verticals.
These takeaways highlight the evolving tactics and strategies employed by threat actors in recent cyberattacks, emphasizing the importance of proactive measures to mitigate such vulnerabilities and protect organizational assets.