![]() Use a reliable endpoint security solution.Train employees to protect the corporate environment.Use solutions that help identify and stop the attack in the early stages, before cybercriminals reach their ultimate targets.Back up data regularly and ensure that data can be accessed quickly in case of emergency.Focus the defence strategy on detecting lateral movement and exfiltration of data to the Internet, as well as paying special attention to outbound traffic to detect cybercriminal connections.Always keep software updated on all devices to prevent ransomware from exploiting vulnerabilities.Promptly install available patches for commercial VPN solutions that provide access to remote employees and act as gateways into the network.Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary, and always use strong passwords for them.In order for businesses to protect themselves from these ransomware attacks, Kaspersky recommends: This report is aimed at SOC analysts, threat detection teams, cyber threat intelligence analysts, digital forensic specialists and cybersecurity experts who are involved in the incident response process and/or those who want to protect the environment they are responsible for from targeted ransomware attacks. It is intended to serve as a guide for cybersecurity professionals working in all types of organisations, making their work easier," says Nikita Nazarov, Team Lead of Kaspersky's Threat Intelligence team. We have been tracking the activity of several ransomware groups for a long time, and this report represents the results of a huge amount of analysis. Cybersecurity specialists find it challenging and time-consuming to study each ransomware group and track the activities and developments of each, in an attempt to win the race between attackers and defenders. "In recent years, ransomware has become a nightmare for the entire cybersecurity industry, with constant developments and improvements by ransomware operators. The systematisation of the various TTPs used by attackers has led to the formation of a general set of SIGMA rules according to MITRE ATT&CK that help prevent such attacks. Slow installation of updates and patches among victims.While it is possible to detect these techniques, it is much more difficult to do so pre-emptively across all possible threat vectors. Reusing common TTPs makes hacking easier.Reusing old and similar tools makes life easier for attackers and reduces the preparation time for an attack.Those sending the malicious files save themselves 'work' by using template delivery methods or automation tools to gain access. The emergence of a phenomenon called "Ransomware-as-a-Service" (RaaS), where ransomware groups do not deliver the malware themselves, but only provide the data encryption services.The forms of attack turned out to be fairly predictable, with ransomware following a pattern that includes targeting the victim's corporate network or computer, delivering malware, subsequent discovery, accessing credentials, deleting backups, and finally achieving their goals.Īnalysts also explain the similarity between the attacks: Kaspersky's Threat Intelligence team analysed how ransomware groups employed the techniques and tactics described in MITRE ATT&CK and found many similarities between their TTPs along the cyber kill chain. It also includes advice on how to defend against targeted ransomware attacks and SIGMA's detection rules, which can be used to develop preventative measures against attackers. Over 150 pages, the practical guide explains the stages of ransomware deployment, how cybercriminals use their preferred tools or the targets they hope to achieve. These groups have operated primarily in the United States, Britain and Germany, and have targeted more than 500 organisations in sectors focused on manufacturing, software development and small businesses between March 2021 and March 2022. ![]() The analysis focuses on the activity of Conti/Ryuk, Pysa, Clop (TA505), Hive, Lockbit2.0, RagnarLocker, BlackByte and BlackCat. This ransomware study will help to understand how these groups operate and how to defend against their attacks. The research reveals that the different groups share more than half of the so-called 'cyber kill chain' and execute the core stages of attacks identically. Kaspersky's Threat Intelligence team conducts an analysis of the most common tactics, techniques and procedures (TTPs) used by the 8 most active ransomware groups, such as Conti and Lockbit2.0, during their attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |