Rewterz Threat Alert – Remcos RAT – Active IOCs
August 9, 2022Rewterz Threat Advisory – CVE-2022-2590 – Linux Kernel Vulnerability
August 9, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
August 9, 2022Rewterz Threat Advisory – CVE-2022-2590 – Linux Kernel Vulnerability
August 9, 2022Severity
High
Analysis Summary
In response to a massive cyber attack, the Association of German Chambers of Industry and Commerce (DIHK) was forced to take down all of its IT systems and turn off digital services, telephones, and email servers.
With more than three million members, including firms that range from small shops to large corporations, DIHK is an alliance of 79 chambers that represents companies within the German state.
A brief message on the DIHK website explains the shutdown as a precaution and a measure to allow IT personnel time to seek a solution and strengthen defense.
“As a precautionary move for security, the IHK organization has shut down its IT systems due to a potential cyber attack.” We are currently focusing our efforts on developing a solution and a defense. Following testing, the IT systems are gradually restarted so that the services are once again available for companies.
Image source
Also
- Image Source
The chief executive of DIHK, Michael Bergmann described the attack as “severe and large,” adding that the organization couldn’t estimate how long its systems would be offline. No information was disclosed by the CEO regarding the incident but the circumstances indicate that the DIHK website was the target of a ransomware attack.
Furthermore, despite the fact that it would be premature for that, there have been no reports of successfully compromising DIHK on any of the big ransomware extortion sites.
Remediation
- Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Block all threat indicators at your respective controls.
- Search for Indicator of compromise (IOCs) in your environment utilizing your respective security controls
- Passwords – Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
- Admin Access – limit access to administrative accounts and portals to only relevant personnel and make sure they are not publicly accessible.
- WAF – Web defacement must be stopped at the web application level. Therefore, set up a Web Application Firewall with rules to block suspicious and malicious requests.
- Patch – Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Secure Coding – Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- 2FA – Enable two-factor authentication.
- Antivirus – Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets