fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI Shares Lockbit Ransomware Technical Details, Defense Tips

FBI Shares Lockbit Ransomware Technical Details, Defense Tips

The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this Friday.

It also provided information to help organizations block this adversary’s attempts to breach their networks and asked victims to urgently report such incidents to their local FBI Cyber Squad.

The LockBit ransomware gang has been very active since September 2019 when it launched as a ransomware-as-a-service (RaaS), with gang representatives promoting the operation, providing support on Russian-language hacking forums, and recruiting threat actors to breach and encrypt networks.

Two years later, in June 2021, LockBit announced the LockBit 2.0 RaaS on their data leak site after ransomware actors were banned from posting on cybercrime forums [12].

Also Read: PDPC Data Intermediary: Guidelines for businesses to know

With the relaunch, the ransomware gang redesigned Tor sites and overhauled the malware, adding more advanced features, including the automatic encryption of devices across Windows domains via Active Directory group policies.

The gang is now also trying to remove the intermediaries by recruiting insiders to provide them with access to corporate networks via Virtual Private Network (VPN) and Remote Desktop Protocol (RDP).

In January, it was discovered that LockBit also added a Linux encryptor targeting VMware ESXi servers to its toolkit.

Among the technical details on how LockBit ransomware works, the FBI also revealed that the malware comes with a hidden debug window that can be activated during the infection process using the SHIFT + F1 keyboard shortcut.

Once it shows up, it can be used to view real-time information on the encryption process and trach the status of user data destruction.

LockBit ransomware status window
LockBit ransomware status window (FBI)

This week’s advisory follows an alert issued by the Australian cybersecurity agency in August 2021 warning of quickly escalating LockBit ransomware attacks.

Days later, Accenture, a Fortune 500 company and one of the world’s largest IT services and consulting firms, confirmed to BleepingComputer that it was breached after LockBit threatened to leak data stolen from its network and asked for a $50 million ransom.

Two months later, Accenture also disclosed a data breach in October SEC filings after “extraction of proprietary information” during the August attack.

Companies asked to report LockBit ransomware attacks

While the FBI didn’t say what prompted this flash alert, it did ask admins and cybersecurity professionals to share information on LockBit attacks targeting their companies’ networks.

Also Read: 10 Biggest cybersecurity trends in 2022 that businesses should know

“The FBI is seeking any information that can be shared, [including] boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with the threat actors, Bitcoin wallet information, the decryptor file, and/or a benign sample of an encrypted file,” the federal agency said.

“The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office.

“By reporting any related information to FBI Cyber Squads, you are assisting in sharing information that allows the FBI to track malicious actors and coordinate with private industry and the United States Government to prevent future intrusions and attacks.”

How to defend your network

The FBI also provides mitigations that would help defenders guard their networks against LockBit ransomware attack attempts:

  • Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords
  • Require multi-factor authentication for all services to the extent possible
  • Keep all operating systems and software up to date
  • Remove unnecessary access to administrative shares
  • Use a host-based firewall to only allow connections to administrative shares via server message block (SMB) from a limited set of administrator machines
  • Enable protected files in the Windows Operating System to prevent unauthorized changes to critical files.

Admins can also hinder ransomware operators’ network discovery efforts by taking these measures:

  • Segment networks to prevent the spread of ransomware
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool
  • Implement time-based access for accounts set at the admin level and higher
  • Disable command-line and scripting activities and permissions
  • Maintain offline backups of data, and regularly maintain backup and restoration
  • Ensure all backup data is encrypted, immutable, and covers the entire organization’s data infrastructure

Paying ransoms is frowned upon, but …

The FBI also added that it does not encourage paying ransoms and advises companies against it since it’s not guaranteed that paying will protect them from future attacks or data leaks.

Moreover, giving into ransomware gangs’ demands further finances their operations and motivates them to target more victims. It also incentivizes other cybercrime groups to join them in conducting illegal activities.

Despite this, the FBI acknowledged that a ransomware attack’s fallout might force companies to consider paying ransoms to protect shareholders, customers, or employees. The law enforcement agency strongly recommends reporting such incidents to a local FBI field office.

Even after paying a ransom, the FBI still urges to promptly report ransomware incidents as it will provide critical info that would allow law enforcement to prevent future attacks by tracking ransomware attackers and holding them accountable for their actions.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us