FBI Warns of Emerging Ransomware Initial Access Techniques

The FBI has warned that ransomware attackers are targeting third party vendors and services to compromise businesses. The US security agency highlighted two emerging initial access techniques being utilized by threat actors to infect targets with ransomware as of July 2023:

Exploitation of Vulnerabilities in Third Party Vendors

The FBI observed a rise in ransomware attacks targeting casinos through third-party gaming vendors between 2022 and 2023. These frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.

Targeting of Legitimate System Management Tools

The agency also said that attackers are targeting such tools to elevate their network permissions in the target organization. In one campaign cited, the Silent Ransom Group, also known as Luna Moth, began by sending phishing messages to victims containing a phone number, which usually related to pending charges on the victims’ accounts. Once the target called the phone number, the malicious actors directed them to join a legitimate system management tool via a link provided in a follow-up email. The attackers then used the tool to install other system management tools, which they repurposed for malicious activities. This allowed them to compromise local files and network shared drives, exfiltrate victim data and extort the companies.

Infosecurity Magazine 11/08/2023