FBI and CISA Issue Conti Warning

An alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) over Conti ransomware.

In the warning, posted on September 22, the agencies observed the increased use of Conti in more than 400 attacks against organizations in the United States and internationally. 

The alert said that Conti actors often get network access via spearphishing campaigns, stolen or weak remote desktop protocol (RDP) credentials, phone calls, fake software promoted via search engine optimization, common vulnerabilities in external assets and other malware distribution networks. 

In the execution phase, the actors run a getuid payload, then use a more aggressive payload to lower the risk of triggering antivirus engines. 

Cobalt CISO Andrew Obadiaru ascribed the increase in Conti ransomware attacks to “our new remote work ecosystem.”

“To protect yourself from becoming the next victim of a Conti attack, I recommend business leaders deploy the following security safeguards: (1) invest in email filtering and phishing detection capabilities, (2) protect and properly secure your remote desktop platform connectivity, (3) perform regular backup testing, and (4) ensure your backups are offline,” Obadiaru told Infosecurity Magazine.

On the same day the alert was issued, security specialist Positive Technologies published a report that found that ransomware attacks have reached “stratospheric” levels, accounting for 69% of all attacks involving malware in the second quarter of 2021. This represents an increase of 30% compared with the same period last year. 

James Turgal, former executive assistant director for the FBI’s Information and Technology branch (CIO) and current Optiv Security VP of Cyber Risk, Strategy and Transformation, told Infosecurity Magazine that ransomware attackers are increasingly using need-to-know tactics, compartmentalizing the attack among internal actors and smaller groups that are sometimes affiliated.  

"The use of affiliates and smaller groups to carry out certain aspects of the attack helps to increase the number of subjects and IP addresses to investigate and, in my opinion, creates a false sense of security for the main threat actors that use of such affiliates allows for some level of shielding from law enforcement.”

Other key findings in Cybersecurity Threatscape: Q2 2021 are that the percentage of attacks aimed at compromising computers, servers, and network equipment increased from 71% in Q1 this year to 87% in Q2. 

While the volume of attacks on governmental institutions soared from 12% in Q1 to 20% in Q2, there was a minor rise (0.3%) in attacks from Q1 to Q2. 

“This slowdown was to be expected as companies took greater measures to secure the network perimeter and remote access systems during a global pandemic and the growth of a dispersed workforce,” said Positive Technologies. “However, the rise in ransomware attacks in particular – a 45% jump in the month of April alone – should cause grave concern.”

What’s Hot on Infosecurity Magazine?