Microsoft has found a brand new model of the BlackCat ransomware that features instruments like Impacket and RemCom to help lateral motion and distant code execution. The Impacket software has modules for credential dumping and distant service execution that can be utilized to deploy the ransomware in goal environments. The RemCom hacktool permits for distant code execution and accommodates compromised goal credentials for additional motion and ransomware deployment. IBM Security X-Force beforehand disclosed particulars of the up to date model of BlackCat referred to as Sphynx, which emerged in February 2023 with improved encryption velocity and stealth. The cybercrime group has been continuously evolving and not too long ago launched an information leak API to spice up the visibility of its assaults.
The Cuba ransomware risk group has additionally been noticed utilizing a complete assault toolset that features BUGHATCH, BURNTCIGAR, Wedgecut, Metasploit, and Cobalt Strike frameworks. Attacks mounted by the group in early June 2023 utilized exploits for CVE-2020-1472 (Zerologon) and CVE-2023-27532, together with a vulnerability in Veeam Backup & Replication software program. BlackBerry famous that this marks the group’s first noticed use of an exploit for the Veeam vulnerability. Ransomware continues to be a serious supply of revenue for financially motivated risk actors, rising in sophistication and amount within the first half of 2023.
Some ransomware teams are shifting away from encryption to pure exfiltration and ransom, or resorting to triple extortion, the place assaults transcend information encryption and theft to blackmail victims’ staff or prospects and perform DDoS assaults. Another tactic is concentrating on managed service suppliers (MSPs) as entry factors to breach downstream company networks. The assaults abuse Remote Monitoring and Management (RMM) software program used by service suppliers to achieve direct entry to a buyer’s atmosphere, bypassing their defenses. The U.S. authorities has launched a Cyber Defense Plan to mitigate threats to the RMM ecosystem, as risk actors could cause cascading impacts for small and medium-sized organizations which might be MSP/MSSP prospects.
Source hyperlink