•   
  •   
  •   

Technology Ransomware crooks are targeting vulnerable VPN devices in their attacks

16:55  08 april  2021
16:55  08 april  2021 Source:   zdnet.com

Google Fi's VPN is coming to the iPhone this spring

  Google Fi's VPN is coming to the iPhone this spring Google Project Fi’s VPN service has only been available to Android users in beta so far, but that’s about to change. “We’re expanding access to the VPN to iPhone, so that it will be available for all users on Fi,” the company announced in a press release. “We plan to roll out the VPN to iPhone users starting this spring.” In addition, the VPN service is officially coming to all Android users, after being in beta for the last couple of years. “After listening to your feedback and making performance improvements, we’re taking the Fi VPN out of beta for Android phone users.

a screen shot of an open laptop computer sitting on top of a keyboard © ZDNet
a close up of a sign © Provided by ZDNet
How a hacker attempted to poison a city's water supply and the cybersecurity lessons learned
Watch Now

Cyber criminals are exploiting security vulnerabilities in VPN servers to encrypt networks with a new form of ransomware, and may have disrupted industrial facilities in the process.

The ransomware is detailed in a report by secuity company Kaspersky, following an investigation into a ransomware attack against an unspecified victim in Europe.

ZDNet Recommends

Best VPN services for 2021: Safe and fast don't come for free © Provided by ZDNet Best VPN services for 2021: Safe and fast don't come for free

Best VPN services for 2021: Safe and fast don't come for free

Ransomware: Sharp rise in attacks against universities as learning goes online

  Ransomware: Sharp rise in attacks against universities as learning goes online Higher education is struggling with ransomware attacks, with gangs seeing an easy target in institutions busy making the switch to remote operations.The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.

Virtual private networks aren't essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online.

Read More

At least one of the attacks targeting these facilities managed to encrypt industrial control servers with ransomware, resulting in the temporary shutdown of operations. Kaspersky did not identified the victim of the successful ransomware attack, or how the incident was recolved, but have detailed the ransomware which encrypted the network and how cyber criminals were able to gain access.

Known as Cring, the ransomware first appeared in January and exploits a vulnerability in Fortigate VPN servers (CVE-2018-13379). Fortinet issued a security patch to fix the vulnerability last year, but cyber criminals can still deploy the exploit against networks which have yet to apply the security update.

These two unusual versions of ransomware tell us a lot about how attacks are evolving

  These two unusual versions of ransomware tell us a lot about how attacks are evolving Researchers detail two new types of ransomware - AlumniLocker and Humble. Both are new and have very different ways of doing things, demonstrating the diversity in a space attackers are keep to get involved in.Two newly discovered forms of ransomware with very different traits show just how diverse the world of ransomware has become as more cyber criminals attempt to join in with cyber extortion.

By exploiting unpatched VPN applications, attackers are able to remotely access the username and password, allowing them to manually login to the network.

From here, the attackers download Mimikatz, an open-source application to view and save authentication credentials, and us this to steal additional usernames and passwords to move laterally around the network and also deploy tools including Cobalt Strike, a legitimate penetration software tool abused by attackers, to gain additional control over infected systems.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Then, with the aid of malicious PowerShell scripts, the attackers are able to encrypt all of the systems which have been compromised across the network with Cring ransomware. At this point, a note by the attackers tells the victim their network has been encrypted with ransomware and that a ransom needs to be paid in Bitcoin to restore the network.

Largest ransomware demand now stands at $30 million as crooks get bolder

  Largest ransomware demand now stands at $30 million as crooks get bolder There's been a big rise in ransom payments over the last year - and some ransomware gangs demanding vast amounts.Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations which fall victim to these attacks has nearly tripled over the last year.

While there's no information on how the incident at the European industrial facility was resolved, researchers note that the failure to apply the security patch to protect against a known vulnerability was the "primary cause" of the incident.

Other factors which allowed the attackers to deploy ransomware on the network include the lack of timely security updates applied to the antivirus software that's supposed to protect the network – and how some components of the antivirus were even turned off, reducing the ability to detect intrusions or malicious activity.

The way this particular network was configured also helped the attackers by allowing them to move between different systems which didn't all need to be on one network.

"There were no restrictions on access to different systems. In other words, all users were allowed to access all systems. Such settings help attackers to distribute malware on the enterprise network much more quickly, since successfully compromising just one user account provides them with access to numerous systems," said Vyacheslav Kopeytsev, senior security researcher at Kasperky.

Ransomware gangs have found another set of new targets: Schools and universities

  Ransomware gangs have found another set of new targets: Schools and universities National Cyber Security Centre issues advice on how to protect networks from cyber criminals after a spike in ransomware attacks causing disruption across the education sector over the last monthThere's been a spike in ransomware attacks targeting schools, colleges and universities, the UK's National Cyber Security Centre (NCSC) has warned.

To help protect networks from Cring ransomware attacks, it's recommended that Fortigate VPN servers are patched with the relevant security updates to prevent the known vulnerability from being exploited.

It's also recommended that VPN access is restricted to those who need it for operational reasons and that ports which don't need to be exposed to the open web are closed.

Researchers also suggest that critical systems are backed up offline, so if the worst happens and the network falls victim to a ransomware attack, it can be restored without the need to pay criminals.

MORE ON CYBERSECURITY

  • This company was hit by ransomware. Here's what they did next, and why they didn't pay up
  • How to protect your organization's remote endpoints against ransomware
  • Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone
  • FBI and European law enforcement shut down VPN used by ransomware groups
  • These four new hacking groups are targeting critical infrastructure, warns security company

Hackers want millions in ransom. American schools are considering the cost. .
Cybercriminals have ramped up attacks against public school districts, underscoring how ransomware has become a daily scourge preying on Americans almost daily.Like most parents, Sanders has been performing a daily juggling act. When she's not teaching special education classes at Buffalo Public Schools, she and her husband are usually making sure their three kids are attending their remote classes.

usr: 0
This is interesting!