Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,483
- Points
- 113
Disabling firewalls and moving sideways across the network are old tricks in the new version.
Cybercriminals use vulnerable Microsoft SQL (MS-SQL) servers to distribute Cobalt Strike and FreeWorld ransomware. This is reported by Securonix researchers, who gave this malicious campaign the conditional name "DB#Jammer".
According to experts, attackers first gain access to the vulnerable server by simply brute-forcing passwords, and then use it to collect information about the victim's network and install malware. Then they disable the firewall and connect to remote resources to download additional tools, such as Cobalt Strike.
After that, hackers perform lateral movement across the network and install the legitimate remote access program AnyDesk and FreeWorld ransomware on compromised hosts. It is also reported that the attackers tried to configure the persistence of remote access using the Ngrok service, but without success.
Experts recommend that organizations take measures to strengthen cybersecurity to minimize the risks of such attacks. In particular, it is necessary to use complex passwords, regularly update the software, make backup copies of data, and train employees in the basics of cyber hygiene.
It is also important to install up-to-date anti-malware tools and install any vulnerability fixes in time. An integrated approach to information security is the key to protecting against ransomware and other cyber threats.
Cybercriminals use vulnerable Microsoft SQL (MS-SQL) servers to distribute Cobalt Strike and FreeWorld ransomware. This is reported by Securonix researchers, who gave this malicious campaign the conditional name "DB#Jammer".
According to experts, attackers first gain access to the vulnerable server by simply brute-forcing passwords, and then use it to collect information about the victim's network and install malware. Then they disable the firewall and connect to remote resources to download additional tools, such as Cobalt Strike.
After that, hackers perform lateral movement across the network and install the legitimate remote access program AnyDesk and FreeWorld ransomware on compromised hosts. It is also reported that the attackers tried to configure the persistence of remote access using the Ngrok service, but without success.
Experts recommend that organizations take measures to strengthen cybersecurity to minimize the risks of such attacks. In particular, it is necessary to use complex passwords, regularly update the software, make backup copies of data, and train employees in the basics of cyber hygiene.
It is also important to install up-to-date anti-malware tools and install any vulnerability fixes in time. An integrated approach to information security is the key to protecting against ransomware and other cyber threats.
