A new alert provides the technical details of ongoing attacks and guidance for organizations to secure systems against Conti.
The FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency today issued a joint alert warning of increased use of Conti ransomware, which has been seen in more than 400 attacks on US and international organizations, officials report.
Conti is considered a ransomware-as-a-service model; however, variation in its structure differentiates it from a typical affiliate model, the alert states. It's likely that Conti's developers pay the attackers who deploy the ransomware a wage rather than a percentage of the proceeds, officials say.
They list multiple means that Conti actors often use to gain initial network access. These include spear-phishing campaigns that use emails containing malicious attachments or links; stolen or weak Remote Desktop Protocol credentials; phone calls; fake software promoted via search engine optimization; common flaws in external assets; or other malware distribution networks.
"CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces," the alert states. Attackers will exploit legitimate remote monitoring and management software, as well as remote desktop software, to persist on target networks.
A recently leaked "playbook" from Conti attackers revealed that they exploit vulnerabilities in unpatched assets to escalate privileges and move laterally across a victim's environment.
Read the full alert for more details.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024