Rewterz Threat Alert – Chinese APT Group Targets Southeast Asian Government
June 4, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
June 4, 2021Rewterz Threat Alert – Chinese APT Group Targets Southeast Asian Government
June 4, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
June 4, 2021Severity
High
Analysis Summary
A variant to software-as-a-service is the latest trend in cybercrime. Ransomware developers are selling their malware as a subscription service. The terrifying concept is a growing threat for businesses as petty cyber-theft (low-level attacks and ransom demands) become the norm and easily accessible to unsophisticated threat actors.
One such RaaS comes from the hacker group DarkSide. The group is also responsible for the recent attacks on the US pipeline that caused critical issues for the US government. Even though the group first emerged in 2020, it has since risen to prominence with its RaaS model.
“For initial access to networks, actors usually purchased access credentials on underground forums, conducted brute-force attacks, used spam campaigns to spread malware loaders, and/or bought access to popular botnets such as Dridex, TrickBot, and ZLoader,” Researchers said.
The group is financially motivated and considers itself apolitical. The group gains network access and moves laterally within it, deploys ransomware, and exfiltrates sensitive data.
With COVID-19 phishing schemes also on the rise, RaaS isn’t going anywhere. Asian countries have also witnessed a considerable increase in ransomware attacks.
Impact
- File encryption
- Loss of critical data
- Financial loss
- Destruction of operations
- Integrity loss
Remediation
- Security training for employees on valuable assets and cybersecurity vigilance.
- Maintain internet hygiene by updating your anti-virus software and downloading the latest patches.
- A good internet habit is to back up your data. Any damage in case of a successful attack will be mitigated if data is backed up.