Tag Archive for: pivot

MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks

/in


Move over MOVEit, there’s a new zero-day being exploited to deploy Cl0p ransomware into enterprise networks. This time, the same threat actors were caught leveraging a flaw in on-premises deployments of SysAid IT Support software.

Microsoft announced the flaw, tracked under CVE-2023-47246, on Nov. 8, adding that SysAid has already issued a patch. SysAid CTO Sasha Shapirov explained in a blog post published on the same day that the company was made aware of the vulnerability on Nov. 2, which triggered an immediate investigation and remediation effort.

SysAid offers IT help desk and support service automation for organizations across a variety of data-sensitive sectors, including healthcare, human resources, higher education, and manufacturing. The company did not immediately respond to requests to comment about the number of potential or identified victims of cyberattack.

Microsoft’s Threat Intelligence Team determined that the threat actor behind the exploit was Lace Tempest, also known by the designation DEV-0950, which is known for deploying Cl0p ransomware for their extortion campaigns. The group used the same ransomware strain against the MOVEit zero-day vulnerability in a blitz of attacks that compromised hundreds of organizations.

The investigation identified a previously unknown path traversal vulnerability leading to code execution within the SysAid on-prem software,” Shapirov explained. “The attacker uploaded a WAR archive containing a WebShell and other payloads into the webroot of the SysAid Tomcat Web service.”

The SysAid exec recommended enterprise teams running on-premises versions of SysAid should crack open the incident response playbook and keep patches up-to-date as they become available. The post also provided detailed indicators of compromise (IoCs).

“We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conducts a comprehensive compromise assessment of your network to look for any indicators further discussed below,” Shapirov added. “Should you identify any indicators, take immediate action and follow your incident-response protocols.”

The…

Source…

Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits

/in


The number of organizations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities and one-day flaws to break into target networks.

In many of these attacks, threat actors did not so much as bother to encrypt data belonging to victim organizations. Instead, they focused solely on stealing their sensitive data and extort victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner.

A Surge in Victims

Researchers at Akamai discovered the trends when they recently analyzed data gathered from leak sites belonging to 90 ransomware groups. Leaks sites are locations where ransomware groups typically release details about their attacks, victims, and any data that they might have encrypted or exfiltrated.

Akamai’s analysis showed that several popular notions about ransomware attacks are no longer fully true. One of the most significant, according to the company, is a shift from phishing as an initial access vector to vulnerability exploitation. Akamai found that several major ransomware operators are focused on acquiring zero-day vulnerabilities — either through in-house research or by procuring it from gray-market sources — to use in their attacks.

One notable example is the Cl0P ransomware group, which abused a zero-day SQL-injection vulnerability in Fortra’s GoAnywhere software (CVE-2023-0669) earlier this year to break into numerous high-profile companies. In May, the same threat actor abused another zero-day bug it discovered — this time in Progress Software’s MOVEIt file transfer application (CVE-2023-34362) — to infiltrate dozens of major organizations globally. Akamai found Cl0p’s victim count surged ninefold between the first quarter of 2022 and first quarter of this year after it started exploiting zero-day bugs.

Although leveraging zero-day vulnerabilities is not particularly new, the emerging trend among ransomware actors to use them in large-scale attacks is significant, Akamai said.

“Particularly concerning is the in-house development of zero-day…

Source…

Pivoting In Metasploit – Metasploit Minute [Cyber Security Education]

/in



Ignore the GOP’s sudden pivot, Republicans have long worked to undermine Ukraine

/in


In light of the brutal carnage being perpetrated by the Russian army on Ukraine this week, it’s good to see that most Republicans have found it in themselves to finally condemn the invasion. It obviously wasn’t easy for them. As we’ve just witnessed with the pandemic, they hate to be on the same side as a Democratic president for any reason, no matter how high the body count is. But they have come around, with even the most reluctant Republican now rallying to the side of the Ukrainian people. In fact, some of them have gone so far in the opposite direction that they have become reckless and dangerous:

That may be one of the most irresponsible comments by a sitting U.S. senator in modern memory.  When Graham repeated it on Fox News, even Laura Ingraham was left bewildered.

Of course, many Republicans still blame President Joe Biden for failing to prevent the crisis.

Sen. Ted Cruz of Texas declared that Vladimir Putin didn’t invade while Donald Trump was in office because Trump was so tough on him, which is, of course, laughable. Cruz’s evidence is the sanctions on the Nord Stream 2 pipeline (which Trump didn’t even sign into law until the end of his term.) But former national security adviser John Bolton claimed that Trump actually fought all of the sanctions every step of the way, adding, “the fact is that he barely knew where Ukraine was. He once asked John Kelly, his second chief of staff, if Finland were a part of Russia.”

And in a stunning reversal, after boldly insisting for months that he supported Russia over Ukraine, even extolling the virtues of Vladimir Putin, last night Fox News host Tucker Carlson even admitted he was wrong … sort of.

He claimed that he didn’t think the threat was real because Joe Biden had allegedly sent Vice President Kamala Harris to “fix” it so it couldn’t have been that serious. (The president did not send Harris to fix it.) Nobody does smug, unctuous trolling quite like Tucker Carlson.

Nonetheless, it does appear that Republicans have finally recognized that their admiration for the Russian strongman Vladimir Putin may have been a bit of a bad look. And I’m sure they are hoping that no one will remember the last few years of…

Source…