US Authorities Warn of Critical Infrastructure Cyberattacks by AvosLocker Ransomware Group
Cybersecurity Risk in Critical Infrastructure
The Cybersecurity Infrastructure and Security Agency (CISA) and the FBI have jointly issued a security advisory warning about potential cyberattacks targeting critical infrastructure from the ransomware-as-a-service (RaaS) operation called AvosLocker. The advisory indicates that AvosLocker has recently targeted multiple critical industries using a range of tactics, techniques, and procedures (TTPs), including double extortion and the use of trusted native and open source software. This warning comes in the midst of an alarming increase in ransomware attacks across various sectors.
AvosLocker‘s Effective Approach
AvosLocker is known for its ability to compromise Windows, Linux, and VMWare ESXi environments, making it agnostic to operating systems. What sets AvosLocker apart is its utilization of legitimate and open-source tools to carry out its attacks. These include popular remote access tools like AnyDesk, network tunneling tool Chisel, command-and-control framework Cobalt Strike, credential-stealing tool Mimikatz, and file archiving software 7zip, among others. Additionally, the group employs living-off-the-land (LotL) tactics, leveraging native Windows tools like Notepad++, PsExec, and Nltest for various actions on remote hosts.
The FBI reports that AvosLocker affiliates have also been observed using custom web shells to gain network access, as well as PowerShell and bash scripts for lateral movement, privilege escalation, and disabling antivirus software. In recent weeks, the agency warned of hackers employing a double-dipping tactic, simultaneously deploying AvosLocker alongside other ransomware strains to maximize their impact. Post-compromise, AvosLocker both encrypts and exfiltrates files, using this dual approach to facilitate follow-on extortion if victims fail to cooperate.
The Growing Sophistication of Ransomware Groups
According to Ryan Bell, the threat intelligence manager at cyber-insurance company Corvus, the TTPs of AvosLocker and other RaaS groups have remained consistent over the past year. However, he notes that these groups are becoming increasingly efficient and adept at carrying out attacks. Their operational speed and effectiveness continue to improve, posing a significant security threat.
An Oct. 13 report by Corvus revealed an alarming 80% increase in ransomware attacks compared to the previous year, with a 5% month-over-month increase in September alone. Bell asserts that ransomware groups typically show a slight decrease in activity during the summer months, but this year’s increase in September serves as a warning sign. He warns that these attacks will likely intensify throughout the fourth quarter, historically the peak period for such attacks. Therefore, it is crucial for organizations to take immediate action to safeguard their systems.
Protecting Against Ransomware Attacks
Implementing Best Practices
To protect against AvosLocker and other ransomware strains, CISA has advised critical infrastructure providers to implement standard cybersecurity best practices. These include network segmentation, multifactor authentication, and comprehensive recovery plans. Additionally, CISA recommends specific restrictions such as limiting or disabling remote desktop services, file and printer sharing services, and command-line and scripting activities and permissions.
The Urgency to Act
Organizations should not delay in taking necessary precautions, as ransomware groups are expected to increase their attacks in the coming months. Ryan Bell warns that ransomware activity tends to peak during the fourth quarter, and the upward trend observed this year reinforces the need for heightened awareness and preparedness. The attacks witnessed in September serve as an indicator that threats are on the rise across the board and across various sectors.
In Conclusion
The warning from US authorities about potential cyberattacks against critical infrastructure by AvosLocker and the increasing overall ransomware threat landscape underscores the urgent need for proactive cybersecurity measures. Organizations must implement robust security protocols, adhere to best practices, and stay vigilant against emerging threats. As the activity of ransomware groups continues to evolve and intensify, it is paramount for both government agencies and private entities to prioritize cyber defense to safeguard crucial infrastructure, protect sensitive data, and ensure national security.
<< photo by Gianluca Colicchia >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Global Spyware Trade: A Dark Web of European Complicity
- Cybercriminals Push Boundaries with Innovative Certificate Abuse Strategy
- Egyptian Opposition Leader Under Attack: Targeted by Spyware, Researchers Reveal
- Microsoft Takes Big Step in Securing AI Technology with New Bug-Bounty Program
- The Rising Threat: Unleashing the Power of Watering Hole Attacks
- The Vulnerability Scale of WS_FTP Bug Attacks: A Limited Impact
- National Security Agency Launches AI Security Center: Protecting the Digital Frontier
- Is Meta’s End-to-End Encryption a Threat to National Security?
- The Invasion from Within: Unmasking China’s Linux Backdoor Espionage Campaign
- Rising Wave of AvosLocker Ransomware Threatens Critical Infrastructure
- Deploying Cybersecurity Measures: Safeguarding Critical Infrastructure with the Same Vigilance as Classified Networks
- Exploring the Importance of US Government’s Security Guidance for Open Source Software in OT, ICS
Title: Safeguarding Critical Infrastructure: US Government Champions Security Guidance for Open Source Software in OT, ICS
- Unveiling the Hidden Sounds: Unlocking Audio from Static Images and Mute Footage
- The Hidden Threat: How Spyware Creeps Through Online Ads
- Cybersecurity Breaches: From Peril to Impunity
