CISA and the FBI Publish Second Alert on the Conti Ransomware Group

  • American cybersecurity agencies warn about Conti attacks being on the rise again.
  • The most commonly exploited flaws by the group are “Zerologon” and “PrintNightmare”.
  • Patching software and following standard security practices should be enough to thwart the threat.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) were forced to publish their second alert about the Conti ransomware group in less than six months, as the activities of the particular group of actors are on the rise again. As the alert details, the agencies have observed the deployment of Conti’s file encryption malware in more than 400 attacks on U.S. and international organizations, with a significant percentage of those resulting in a success for the hackers.

Image: TechNadu

The alert explains that Conti has various ways to break into target networks, as the RaaS is used by many affiliates who follow different tactics. Here are the most common ones that have been spotted in the wild:

  • Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links – Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
  • Stolen or weak Remote Desktop Protocol (RDP) credentials
  • Phone calls
  • Fake software promoted via search engine optimization
  • Other malware distribution networks (e.g., ZLoader)
  • Common vulnerabilities in external assets.

The vulnerabilities that Conti actors have been exploiting lately are mainly the “Zerologon” flaw (CVE-2020-1472) in Microsoft Active Directory Domain Controller systems, the “PrintNightmare” flaw (CVE-2021-34527) in the Windows Print spooler service, and 2017 Microsoft Windows Server Message Block 1.0 server vulnerabilities. Patching these would shut the door to the actors, but CISA provides additional advice on top of that.

That would include using multi-factor authentication wherever possible, implementing network segmentation and filtering network traffic, scanning for flaws and applying updates as soon as possible, and removing unused user accounts and unnecessary applications. Finally, endpoint detection and response tools are considered a necessity today.

REVIEW OVERVIEW

Latest

How to Watch Moon Knight on Disney Plus: Release Date, Cast, Trailer, Plot

Marvel Studios' Moon Knight series launch date and trailer were announced recently, and everyone is super excited to see it. This is...

My Hero Academia Battle Royale Coming Soon – Check Out The Gameplay

Good news for anime and gaming fans across the world: My Hero Academia is about to get its own Battle Royale game!...

One Punch Man Chapter 157 Release Date, Time and Where to Read Online

One Punch Man Chapter 157 is about to release soon, and we've got all the information you need to catch up! One...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari