Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Linux Sever. Show all posts

3CX Cyberattack: Cryptocurrency Firms at Risk

Cryptocurrency companies were among the targets of the recent 3CX supply chain attack, according to security researchers. The attack began with the compromise of 3CX, a VoIP provider used by businesses for communication services. Cyber attackers then installed a backdoor to gain access to victims’ networks.

According to reports, the Lazarus Group, a North Korean threat actor, is suspected to be behind the attack. Researchers discovered a second-stage backdoor installed in the compromised systems, which allowed attackers to gain persistent access to victims’ networks. The attack has impacted various industries, including finance, healthcare, and government.

Security experts have warned that supply chain attacks, like the one seen in the 3CX incident, are becoming increasingly common. Cryptocurrency companies, in particular, have become attractive targets due to the digital nature of their assets. Michael Hamilton, former CISO of the City of Seattle, stated, “Cryptocurrency is the perfect target for ransomware and supply chain attacks.”

Businesses can take steps to protect themselves against supply chain attacks by vetting their vendors and implementing strict security protocols. They should also have a plan in place in case of a breach, including regular backups of critical data.

As cyber attackers continue to evolve their tactics, it is essential for businesses to stay vigilant and proactive in their cyber defense measures. As noted by cybersecurity expert Bruce Schneier, “Security is a process, not a product.” By continuously assessing their security posture and implementing best practices, businesses can mitigate the risk of a supply chain attack and other cyber threats.

The 3CX breach highlights the growing threat of supply chain attacks and the need for organizations to implement stronger cybersecurity measures to protect themselves and their customers. The incident also serves as a reminder for cryptocurrency companies to be particularly vigilant, as they are often prime targets for cybercriminals. By staying up to date with the latest security trends and investing in robust security solutions, organizations can better defend against these types of attacks and ensure the safety of their sensitive data.

LockBit Ransomware Variant is Now Targeting VMware ESXI Servers

 

LockBit ransomware has always been a key weapon for malicious actors targeting Windows, but cybersecurity researchers at Trend Micro spotted LockBit Linux-ESXi Locker version 1.0 being advertised on an underground platform, meaning the sneaky ransomware is now targeting VMware ESXi virtual machines.

According to Trend Micro, the LockBit operators are advertising a new Linux version since October 2021. The move focuses on expanding the audience of potential targets, including all the organizations that are shifting to virtualization environments. Additionally, the ransomware can encrypt a wide range of servers and files – and drive up the pressure for a victim to give in and pay a ransom for the decryption key.

"The release of this variant is in line with how modern ransomware groups have been shifting their efforts to target and encrypt Linux hosts such as ESXi servers," stated Junestherry Dela Cruz, threats analyst at Trend Micro. "An ESXi server typically hosts multiple VMs, which in turn hold important data or services for an organization. The successful encryption by ransomware of ESXi servers could therefore have a large impact on targeted companies." 

According to the researchers, Linux encryptors are nothing new as similar encryptors have been discovered in the past from HelloKitty, BlackMatter, REvil, AvosLocker, and the Hive ransomware operations. Like other Linux encryptors, LockBit offers a command-line interface allowing affiliates to enable and disable various features to tailor their attacks.

However, what makes the LockBit Linux encryptor stand out is the wide use of both VMware ESXi and VMware vCenter command-line utilities to check what virtual machines are running and to shut them down so they are not compromised while being encrypted.

To mitigate the risks, Trend Micro advised organizations to keep systems up to date with the latest security patches to prevent intrusions, especially as LockBit is known to exploit vulnerable servers to help it spread. Those behind LockBit attacks have also been known to exploit stolen usernames and passwords, so if it's known that a password has been part of a data breach, it should be changed.

Additionally, multi-factor authentication can be applied across the entire ecosystem in order to provide an additional layer of defense against cyber assaults.