The Fox is Guarding the Henhouse: Microsoft enters the MSSP Space
Microsoft has decided it's time to dip its big toe in the Managed Security Services Provider (MSSP) space with three brand new products, Microsoft...
Telephone
1 (877) 664-9379
Press "1" for Support
Press "2" for Sales
Press "3" for Finance
Headquarters
861 Lafayette Rd
Unit 4
Hampton, NH 03842
The Federal Bureau of Investigation (FBI) has issued a new FLASH alert regarding BlackCat (aka ALPHV, aka Noberus), a ransomware-as-a-service linked with 60 attacks world-wide since first being seen in November of 2021.
The FLASH (published here: https://www.ic3.gov/Media/News/2022/220420.pdf) says BlackCat is the first of it's kind found to be using the super-secure programming language RUST.
How does BlackCat work?
The BlackCat RaaS uses previously compromised credentials to gain initial access to the targeted system. Once it has its foot in the door it compromises the system's Active Directory's user and administrator accounts.
BlackCat then uses Window's Task Scheduler to configure new, malicious Group Policy Objects to deploy its payload. PowerShell scripts are used in conjunction with Cobalt Strike to disable security features it finds.
BlackCat's goal is to steal and extradite a victim's data before execution of the ransomware.
Recommended Mitigations:
The FBI does not encourage paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. However, the FBI understands that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees and customers. Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to promptly report ransomware incidents to your local FBI field office. Doing so provides the FBI with critical information needed to prevent future attacks by identifying and tracking ransomware attackers and holding them accountable under US law.
Microsoft has decided it's time to dip its big toe in the Managed Security Services Provider (MSSP) space with three brand new products, Microsoft...
As if any well-minded cybersecurity professional would be trusting of the little buggers in the first place. Anywho, there's a new malware making the...
Aamir Lakhani, a global security strategist, and researcher at Fortinet's FortiGuard Labs, has shared an article on ThreatPost where he discusses the...