InfoSecBulletin Cybersecurity for mankind
The LockBit ransomware gang has been active since at least January 2020, and has launched roughly 1,700 attacks in the United States, resulting in approximately $91 million in ransom payments. The gang operates under the Ransomware-as-a-Service (RaaS) model, which allows affiliates to use the malware and its infrastructure to target organizations in a variety of sectors, including critical infrastructure, education, energy, government and emergency response, financial services, food and agriculture, healthcare, manufacturing, and transportation.
Last year, LockBit accounted for roughly one-fifth of all ransomware attacks observed in Australia, Canada, New Zealand, and the US. The gang has been observed using dozens of freeware and open-source tools in attacks, for reconnaissance, tunneling, remote access, credential dumping, and data exfiltration. They also use PowerShell and batch scripts and penetration-testing tools such as Metasploit and Cobalt Strike.
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
ALSO READ:
Microsoft Warns of AitM Phishing Attacks Against Financial Organizations
The attackers have also been seen exploiting numerous vulnerabilities, such as the recent Fortra GoAnyhwere remote code execution (RCE) and PaperCut MF/NG improper access control flaws, as well as older bugs in Apache Log4j2, F5 BIG-IP, NetLogon, Microsoft remote desktop services, Fortinet FortiOS, and F5 iControl.
In addition to encrypting data, LockBit hackers have also been observed attempting secondary extortion after compromising a company responsible for managing other organizations’ networks. The attackers attempted to extort the victim organization’s customers by locking down their services or by threatening to publish sensitive information.
A joint advisory from Australian, Canadian, French, German, New Zealand, and US government agencies provides information on the tactics, techniques, and procedures (TTPs) used by LockBit affiliates, as well as mitigation recommendations for initial access, privilege escalation, persistence, code execution, lateral movement, credential access, and data exfiltration.
