Thursday, October 3, 2024
HomeRansomwareCryptXXX ransomware spread through legitimate websites - Be Aware

CryptXXX ransomware spread through legitimate websites – Be Aware

Published on

The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites.

A number of legitimate websites were hit by a botnet, which redirects visitors to a malicious site where the ransomware CryptXXX is downloaded. CryptXXX’s exploit kit has the ability to evade security software and virtual machines.

Having a web presence is critical to running a modern business. Many people may not be able to find a business without a web presence or they may go to a competitor with a better website. Unfortunately, it requires some resources to have a web presence and even more so for businesses that decide to self-host their websites.

- Advertisement - EHA

Many businesses will hire an IT contractor or web developer to set up their website and will use WordPress because it’s relatively easy to post content with it.

The downside is that running a self-hosted WordPress website requires maintaining the security of the system, including all the WordPress components.

Many businesses using self-hosted WordPress websites have had them compromised by the SoakSoak botnet, which scans for WordPress systems with vulnerable plug-ins.

The botnet scans for vulnerable plug-ins by checking known default URLs for the plug-ins. Once a vulnerable system is identified, it’s compromised to redirect to a website hosting the Neutrino exploit kit that is then used to compromise vulnerable endpoints with the CryptXXX ransomware.

Enterprises can follow standard antimalware guidance for endpoint security and use network security controls to prevent the CryptXXX ransomware from being installed on their endpoints by drive-by downloads. Regardless of the other security controls used, backups of critical data are necessary.

WordPress has security guidance for users, including automatic updating that should be used when setting up and maintaining a self-hosted WordPress system.

Users with limited IT resources should carefully evaluate how they host their WordPress site to ensure it is properly maintained, and to avoid creating an IT public health nuisance used to infect other people on the internet with CryptXXX.

Using a hosted WordPress site may be slightly more expensive, but requires significantly less work to maintain.

Five ways to prevent a ransomware infection through network security

The ransomware threat is no different than any other threat; there’s a vulnerability and the criminals want to exploit it for ill-gotten gains. The method and underlying technologies evolve, but the threat itself needs to be handled in the same manner as any other threat. Here’s how enterprises can approach this security challenge:

1. Acknowledge that you don’t know what you don’t know

The sign of a truly wise security professional is admitting that many things on the network are unknown.

Systems, applications, users, information and the like all make up a group of assets that are often unaccounted for and, therefore, undersecured and currently at risk to ransomware.Another key indicator of a smart security pro is the presence of a plan to make things better.

2. Acquire support from management and users

Before anything can get off the ground in security, management needs to politically and financially back it, and they needs to do so on an ongoing basis.

Assuming the security team is able to get management on board with their plan for fighting ransomware, they’ll also need to get the users on board with policies, ramifications of bad choices and the overall setting of expectations on “this is how things work here.”

3. Deploy the proper technologies or tweak your existing setup

The heart of a strong malware defense is well-designed and properly-implemented technologies. If a network is to stand up against a modern day ransomware infection, it needs the following:

  • First and foremost, patching needs to be under control. Many businesses struggle with this, especially with third-party patches for Java and Adobe products, and hackers love this. Until software updates are deployed in a timely fashion, the organization is a sitting duck. A network is just one click away from compromise.
  • Effective malware protection is also a necessity. Steer away from the traditional and look more toward advanced malware tools including non-signature/cloud-based antivirus, whitelisting and network traffic monitoring/blocking technologies.
  • Data backups are critical. Organizations’ systems — especially the servers that are at risk to ransomware infections — are only as good as their last backup. Discussions around backups are boring, but they need to be well-thought-out to minimize the impact of the ransomware that does get through and encrypts critical assets.
  • Network segmentation is another important part of ransomware protection, but it’s only sometimes deployed properly. Just keep in mind that VLANs — the most common segmentation technique — aren’t secure if an internal user can guess the IP addressing scheme that’s likely a mere digit increment or decrement away.

4. Monitor and respond


Security teams can’t secure — or respond to — the things it doesn’t acknowledge. Most enterprises have a half-baked monitoring, alerting and incident response program.

Security teams need to do what needs to be done: monitor servers, workstations and network for anomalies, take quick action, and do what’s necessary to respond to the current event and prevent it from reoccurring.

5. Fine-tune to get better


Many people — both in management as well as IT and security — view security as a one-time deal. You invest, you deploy, you assess and everything else will take care of itself, but this is hardly the case.

IT and security teams are pressed for time because they’re constantly having more projects layered on top of what is still left undone. Figure out a way to fix that. It may be in terms of time management, different processes or hiring new FTEs. Whatever it is, fix it.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Tor Browser 13.5.6 Released – What’s New!

The Tor Project has announced the release of Tor Browser 13.5.6, which is now...

Mario Duarte, Former Snowflake Cybersecurity Leader, Joins Aembit as CISO to Tackle Non-Human Identities

Aembit, the non-human IAM company, today announced the appointment of Mario Duarte as chief...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the...

New Mallox Ransomware Linux Variant Attacking Enterprise Linux Servers

Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract...

TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data

The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations....