fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Cerber Ransomware Targets Confluence and GitLab Servers

New Cerber Ransomware Targets Confluence and GitLab Servers

Cerber ransomware is back, as a new ransomware family adopts the old name and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities.

As ransomware began picking up pace in 2016, a new Cerber ransomware operation emerged that quickly became one of the most prolific gangs at the time. However, its activity slowly tapered off until it disappeared at the end of 2019.

Starting last month, a ransomware called Cerber once again reared its ugly head, as it began infecting victims worldwide with both a Windows and Linux encryptor

The new version of Cerber is creating ransom notes named __$$RECOVERY_README$$__.html and appending the .locked extension to encrypted files.

From the victims seen by BleepingComputer, the new Cerber ransomware gang is demanding ransoms ranging from $1,000 to $3,000.

Also Read: How PII Data Works In Businesses And Its Advantages

Cerber Tor payment site
Cerber Tor payment site
Source: BleepingComputer

Emsisoft CTO and ransomware expert Fabian Wosar examined the new variant and said it does not match the code of the older family. In particular, the new version uses the Crypto+++ library, while the older variant used Windows CryptoAPI libraries.

These code differences and the fact that the original Cerber did not have a Linux variant lead us to believe that a new threat actor has adopted the name, ransom note, and Tor payment site, and is not the original operation.

Targeting Confluence and GitLab servers

This week, security researchers and vendors have seen the new Cerber ransomware operation hacking servers using remote code execution vulnerabilities in Atlassian Confluence and GitLab.

Tweet from BoanBird

Security researcher BoanBird shared a sample of the new Cerber ransomware with BleepingComputer which shows this new strain specifically targets the Atlassian Confluence folders listed below.

C:\Program Files\Atlassian\Application Data
C:\Program Files\Atlassian\Application Data\Confluence
C:\Program Files\Atlassian\Application Data\Confluence\backups

BoanBird also shared a link to the GitLab forums where admins disclosed that Cerber exploits a recently disclosed vulnerability in GitLab’s ExifTool component.

Also Read: How To Check Data Breach And How Can We Prevent It

Cerber targeting GitLab servers as well
Cerber targeting GitLab servers as well

These vulnerabilities are tracked as CVE-2021-26084 (Confluence) and CVE-2021-22205 (GitLab) and can be exploited remotely without authentication. Additionally, both vulnerabilities have publicly disclosed proof-of-concept (PoC) exploits, allowing attackers to breach servers easily.

A report released this week by researchers at Tencent shows that attacks deploying the new Cerber ransomware are mostly targeting the United States, Germany, and China.

Although the previous version of Cerber excluded targets in the CIS (Commonwealth of Independent States), Tencent’s telemetry data from the recent attacks shows otherwise. Furthermore, BleepingComputer has also independently confirmed multiple victims in Russia, indicating that these threat actors are indiscriminate in who they target.

Victims heatmap on the latest Cerber attacks
Victims heatmap on the latest Cerber attacks
Source: Tencent

At this time, the best approach to protect against Cerber would be to apply the available security updates for Atlassian Confluence and GitLab.

However, as more servers are patched, we should expect the threat actors to target other vulnerabilities to breach servers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us