FBI warns organizations to reserve now.
Phishing, social engineering, fraud or whatever labels you like to join in “Click here” so beloved attackers around the world is not the only security threat you need to pay attention to. I mean, this should go without saying, but ignoring other methodologies of the attack is similar to burying your head in the sand while someone steals your bucket and the cow then. The Federal Bureau of Investigation has just published a new security advisory warning of such a non-phishing attack being used in a continuous and particularly dangerous campaign of reward known as Ghost. Here’s what you need to know and what the FBI warns you need to do with the maximum emergency to stay protected.
FBI issues Ransomware Ghost Critical security counseling
A joint security counseling published on February 19 by the FBI and the Cyber Security and Infrastructure Security Agency, AA25-050A, has warned organizations around the world of a dangerous Ransomware group known as Ghost, who is conducting Continuous attacks aimed at multiple industry sectors across more than 70 countries. Threat actors, working outside China, according to the FBI, go with many different names even though Guost seems to be the most common: Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, Hsharada and Rapery, for example. However, what does not change is the methodology of the attack. Instead of using phishing techniques, the method chosen for the vast majority of ransomware attacks these days, Ghost prefers to use publicly available code to exploit popular security weaknesses in software and firmware that their operators have not arranged . They do this to gain access to face -to -face servers and ultimately hit the Ransomware load.
“FBI has noticed ghost actors receiving initial access to networks using public face applications associated with numerous common weaknesses and exhibits and Microsoft Exchange, usually referred to as the chain of proxyshell attack.”
Four steps to take today, according to the FBI
The FBI has advised all organizations to take the following actions, and take them today to alleviate the risks attached to this most dangerous ransomware attack campaigns.
- Maintain regular copy of the system preserved separately from source systems which cannot be changed or coded by potentially
Compromised network equipment. - Patch announced weaknesses by applying timely security updates to operating systems, software and firmware within an informed risk
time limit. - Segment networks to limit side movement from infected initial devices and other equipment in the same organization.
- Require Phishing resistant MFA for access to all privileged accounts and email services accounts.
“Ghost is a dangerous actor of the nation-state threat, which organizations should make efforts to defend against,” Juliette Hudson, the leading technology officer in Cybavers, said, “The group is actively using cve in technology Qu the need for organizations to prioritize the efforts of the patch and adjustment. “
“This advice from FBI and CISA points out that Ghost Ransomware’s operation is using the vulnerability use to gain access to organizations, which is divergence from typical Ransomware attacks that are executed through social engineering,” said Simon Phillips, leading technology official at Secureck ,, “Given that the products of the ghost targets are designed for businesses and CV -The being used are so outdated, this highlights an urgent need reinforcing basic security practices. “