Monday, May 12, 2025
HomeRansomwareRansomware Actors Exploiting Legitimate System Tools to Gain Access - FBI

Ransomware Actors Exploiting Legitimate System Tools to Gain Access – FBI

Published on

SIEM as a Service

Follow Us on Google News

Ransomware attacks are on the rise, causing organizations to lose millions of dollars, restricting them from accessing their data, and possibly disclosing personal information.

According to the FBI Private Industry Notification, ransomware attackers have recently been taking advantage of flaws in vendor-controlled remote access to casino servers. These attackers have hurt businesses by using legal system management tools to gain more access to the network.

In response to these new activity trends, the FBI advises organizations to take action to strengthen their security posture.

- Advertisement - Google News

The FBI keeps track of reports of third-party vendors and services being used as a point of attack for ransomware attacks. In particular, between 2022 and 2023, they also noticed ransomware attacks that affected casinos through third-party gaming vendors.

Small and tribal casinos were regularly the target of the attacks, which encrypted servers and the personally identifying information (PII) of employees and patrons.

As of June 2023, the Luna Moth, known as the Silent Ransom Group (SRG), was conducting callbackphishing data theft, and extortion attacks. 

Typically, the phishing effort would involve the victim receiving a phone number related to pending charges on their account. 

After the victims dialed the number provided, the malicious actors sent them a follow-up email with a link to join a legitimate system management tool. 

The threat actors then utilized the management tools to install other legitimate system management tools that can be reused for malicious activity. Once the network shared drives and local files were compromised, the actors stole victim data and extorted the companies.

Document
FREE Webinar

Webinar on Cyber Resilience for Financial Sector

Ensure your Cyber Resiliance with the recent wave of cyber-attacks targeting the financial services sector. Almost 60% respondents not confident to recover fully from a cyber attack.

Recommendations from the FBI

Identity and Access Management:

  • Require all accounts with password logins.
  • Phishing-resistant multifactor authentication.
  • Review domain controllers, servers, workstations, and active directories
  • Audit user accounts
  • Implement time-based access for accounts set at the admin level and higher.

Protective Controls and Architecture:

  • Segment networks to prevent the spread of ransomware.
  • Using a networking monitoring tool, locate, identify, and look at unusual behavior and possible malware traversal.
  • Install, regularly update, and enable real time detection for antivirus software.
  • Secure and closely monitor remote desktop protocol (RDP) use.

Vulnerability and Configuration Management:

  • Keep all operating systems, software, and firmware up to date.
  • Disable unused ports. 
  • Adding an email banner to emails received from outside your organization
  • Disable ports and protocols that are unused.
  • Restrict Server Message Block (SMB) Protocol within the network.

The FBI tells network defenders to take the necessary steps to lower the risk of ransomware attacks and to limit the use of common system and network discovery techniques that could be used for bad purposes.

Patch Manager Plus: Automatically Patch over 850 third-party applications quickly – Try Free Trial.

https://gbhackers.com/hackers-using-beta-testing-apps

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VMware Tools Vulnerability Allows Attackers to Modify Files and Launch Malicious Operations

Broadcom-owned VMware has released security patches addressing a moderate severity insecure file handling vulnerability...

Cybercriminals Hide Undetectable Ransomware Inside JPG Images

A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image...

Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands

A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP...