Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Firm. Show all posts
ransomware attacks
Cyber Attacks Data Security Breach Financial Firm Fog Ransomware Linux MFA ransomware attacks

Protecting Against Fog Ransomware: Key Strategies and Insights

 

In August 2024, a mid-sized financial firm was targeted by a ransomware attack using compromised VPN credentials to deploy a variant called “Fog” on both Windows and Linux systems. Fortunately, the attack was detected and neutralized by Adlumin’s innovative technology, which uses decoy files as sensors to detect ransomware activity. Fog, a variant of the STOP/DJVU ransomware family first observed in 2021, exploits compromised VPN credentials to breach networks and often targets sectors like education and recreation. 

Once inside, the ransomware uses techniques such as pass-the-hash attacks to escalate privileges, disable security mechanisms, encrypt critical files like Virtual Machine Disks (VMDKs), and delete backup data. Victims are usually directed to a negotiation platform on the Tor network through a ransom note. The lack of direct ties to known threat groups suggests that Fog may originate from a new, highly skilled actor. The attackers initiated their operation by pinging endpoints and using tools like “Advanced Port Scanner” for network reconnaissance. 

They then moved laterally through the network using compromised service accounts, mapped network drives, and harvested credentials. For execution, they used the open-source tool ‘Rclone’ to transfer data and deployed ‘locker.exe’ to encrypt files. Additionally, they deleted system backups to prevent victims from restoring their data. Adlumin’s Ransomware Prevention feature played a critical role in neutralizing the attack. This technology, launched in April 2024, uses decoy files that lie dormant until ransomware activity is detected, triggering the automatic isolation of affected machines and blocking further data theft. 

The feature alerts security teams for a deeper investigation, representing a significant advancement in the fight against ransomware. After isolating compromised systems, security engineers conducted a thorough analysis to identify vulnerabilities and restore the affected systems. In the aftermath of the attack, several key measures were recommended to prevent future incidents: ensuring all VPN connections require Multi-Factor Authentication (MFA), keeping VPN software up to date, monitoring VPN access for unusual activity, and deploying automated isolation procedures when ransomware is detected. 

It is also important to protect endpoints with comprehensive security platforms capable of real-time threat monitoring and response, limit administrative privileges, conduct regular security audits, and establish effective incident response plans. Additionally, organizations should regularly back up critical data in secure environments and monitor network traffic for signs of unusual or malicious activity. These proactive steps help organizations prepare for and mitigate the impact of sophisticated ransomware threats like Fog.
Read more »
User Privacy
Data Breach Data Leak Financial Firm SEC filing User Privacy

Prudential Financial Notifies 36,000 Victims of Data Leak

 

Last Friday, Prudential Financial began informing over 36,000 people of a data incident that occurred in early February 2024. 

The breach, first disclosed in a regulatory filing with the SEC in February, occurred on February 4 and was purportedly discovered the next day. 

Prudential reported at the time that the attackers had gained access to systems including business administrative and user data, as well as employee and contractor accounts. 

A week later, the ransomware gang Alphv/BlackCat claimed credit for the attack and added Prudential to their Tor-based leak site. This organisation was also responsible for a large outage in the US health system last month, hitting Change Healthcare systems and services. 

As per a March 29 complaint with the Maine Attorney General's Office, Prudential has verified that the hackers have gained access to the personal data of 36,545 people. 

We discovered through the investigation that on February 4, 2024, an unauthorised third party gained access to our network and removed a small percentage of personal information from our systems, the report reads. 

“Companies are always likely to remain wary of really rapid disclosure, given the financial impact these things can have on them, and use all the ‘tricks’ they can to delay,” commented Nick France, chief technology officer at Sectigo. 

“Ultimately, I believe that the new SEC regulations should make these processes work faster; however, given the wording of the regulation and the fact that it only came into effect at the very end of 2023, it may take some time before we see disclosures happening at the 4-day pace.” 

Individuals impacted by the Prudential breach are being notified of the issue by written notice. Names and other personal identifiers, as well as driver's licence numbers or non-driver identity card numbers, were among the compromised data.
Read more »
Subscribe to: Posts (Atom)