fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Translated Conti Ransomware Playbook Gives Insight Into Attacks

Translated Conti Ransomware Playbook Gives Insight Into Attacks

Almost a month after a disgruntled Conti affiliate leaked the gang’s attack playbook, security researchers shared a translated variant that clarifies any misinterpretation caused by automated translation.

Apart from providing information about the gang’s attack methods and the thoroughness of the instructions, which allow for less-skilled actors to become Conti ransomware affiliates and hit valuable targets.

Leaked Conti training materials

Little skill required

Linguists working with Cisco Talos researchers went through the leaked material to provide an intelligible English version that accurately describes the gang’s techniques and tools.

The attack scenarios described in the documents were so thorough that “even amateur adversaries [could] carry out destructive ransomware attacks,” the researchers say.

“This lower barrier to entry also may have led to the leak by a disgruntled member who was viewed as less technical (aka “a script kiddie”) and less important”

Among the “tips” provided in the manuals is how to get administrator access after breaching a victim’s network by using commands and tools to list users, particularly those with Active Directory access.

Simple reconnaissance like checking LinkedIn and other social media platforms to identify employees with privileged access is also detailed, with a note that the techniques work better for companies in the U.S. and Europe.

Tools and techniques

The top tool described in the leaked material is the Cobalt Strike red-teaming framework, accompanied by a cracked 4.3 version of the software.

Usage instructions also referred to exploiting the ZeroLogon vulnerability (CVE-2020-1472). Other critical bugs mentioned in Conti ransomware’s playbook are PrintNightmare (CVE-2021-1675, CVE-2021-34527) and EternalBlue (CVE-2017-0143/0148).

Also Read: A Look At The Risk Assessment Form Singapore Requires

Some of the tools detailed by the adversary are not what Cisco researchers typically see during incident response engagements:

  • Armitage ​- Java-based GUI front-end for the Metasploit penetration testing platform
  • SharpView – a .NET port of the PowerView tool from the PowerShell-based PowerSploit offensive toolkit
  • SharpChrome – for decrypting logins and cookies in Chrome
  • SeatBelt – collects system data like OS version, UAC policy, user folders

Among other tools and command-line utilities described in the leaked documents include the following:

  • ADFind – Active Directory query tool
  • PowerShell framework – to disable Windows Defender
  • GMER – an alternative for identifying security solutions and disabling them
  • SMBAutoBrute – for brute–forcing accounts on current domain
  • Kerberoasting – a technique for using brute force to crack the hash of a Kerberos password
  • Mimikatz – for dumping passwords from memory
  • RouterScan – a tool for discovering devices on the network and for extracting passwords through an exploit or brute force.
  • AnyDesk – remote desktop application, for persistence
  • Atera – another remote access software

Before moving to the exploitation part, the affiliates are instructed to learn about their victim’s revenue by looking for open source info.

The leak from the angry Conti affiliate also includes video tutorials, mostly in Russian, that explain how to use PowerShell for pen-testing, attacking the Active Directory, or how to use leverage SQL Server in a Windows domain.

Much of the video tutorials (Metasploit, PowerShell, WMI attacks and defense, network pen-testing) for affiliates is from various offensive security resources readily available online.

Cisco Talos researchers believe that the translated version of the leaked Conti documentation will help other researchers better understand the tactics, techniques, and procedures of this threat actor as well as others that may be inspired by documentation.

Also Read: CCTV Law Singapore Edition: Know Your Rights and Responsibilities

“This is an opportunity for defenders to make sure they have logic in place to detect these types of behaviors or compensating controls to help mitigate the risk. This translation should be viewed as an opportunity for defenders to get a better handle on how these groups operate and the tools they tend to leverage in these attacks” – Cisco Talos

The researchers provide translated individual texts in a ZIP archive as well as a PDF file. A summary of the materials is also available from Fortinet.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us