FBI and CISA Issue Conti Warning
An alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) over Conti ransomware.
In the warning, which was posted on September 22, the agencies observed the increased use of Conti in more than 400 attacks against organizations in the United States and internationally.
The alert said that Conti actors often get network access via spearphishing campaigns, stolen or weak Remote Desktop Protocol (RDP) credentials, phone calls, fake software promoted via search engine optimization, common vulnerabilities in external assets, and other malware distribution networks.
In the execution phase, the actors run a getuid payload, then use a more aggressive payload to lower the risk of triggering antivirus engines.
Cobalt CIO Andrew Obadiaru ascribed the increase in Conti ransomware attack to “our new remote work ecosystem.”
“To protect yourself from becoming the next victim of a Conti attack, I recommend business leaders deploy the following security safeguards: (1) invest in email filtering and phishing detection capabilities, (2) protect and properly secure your remote desktop platform connectivity, (3) perform regular backup testing, and (4) ensure your backups are offline,” Obadiaru told Infosecurity Magazine.
On the same day on which the alert was issued, security specialist Positive Technologies published a report that found that ransomware attacks have reached “stratospheric” levels, accounting for 69% of all attacks involving malware in the second quarter of 2021. This represents an increase of 30% compared with the same period last year.
Other key findings in Cybersecurity Threatscape: Q2 2021 are that the percentage of attacks aimed at compromising computers, servers, and network equipment increased from 71% in Q1 this year to 87% in Q2.
While the volume of attacks on governmental institutions soared from 12% in Q1 to 20% in Q2, there was only a minor rise (0.3%) in overall attacks from Q1 to Q2.
“This slowdown was to be expected as companies took greater measures to secure the network perimeter and remote access systems during a global pandemic and the growth of a dispersed workforce,” said Positive Technologies. “However, the rise in ransomware attacks in particular – a 45% jump in the month of April alone – should cause grave concern.”