karenfoleyphotography
Criminals are exploiting the very tools used by security teams. Sophos researchers have recently observed an increase in attacks in which criminals target tools used by incident responders and penetration testers. These attacks involve very little or no malware, but instead harness the existing components of the operating system or popular software packages.
“We ve been seeing this for years, and it s increasing now,” says Chester Wisniewski, principal research scientist at Sophos. “It makes sense because we ve built a robust set of tools for good guys to hack into our networks.”
Now, however, criminals are stealing those same tools and using them to break into systems and steal data. With these types of “living off the land” attacks, criminals use a system’s native tools to launch an attack. Because the tools are commonly used legitimate programs, the attack is often undetectable.
The U.S. Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued guidance for protecting critical infrastructure from ransomware, shedding some light on the DarkSide attack that crippled the Colonial Pipeline and left much of the East Coast facing an energy shortage.
The agencies didn’t name Colonial in the alert, referring only to a “pipeline company.” The company proactively disconnected operational technology (OT) systems upon discovering the attack, the alert said, noting that “there are no indications that the threat actor moved laterally to OT systems.”
Despite those efforts, the pipeline is expected to remain shuttered for days.
Inside DarkSide: Researchers share intel on break-out cyber gang
Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means
Share this item with your network: By Published: 12 May 2021 14:00
In the wake of the Colonial Pipeline ransomware attack – which continues to disrupt supplies of fuel across the eastern and southern US – threat researchers from across the cyber community have been swapping information on the DarkSide ransomware gang, the up-and-coming cyber criminal group that has suddenly found itself elevated to global infamy.
First bursting onto the scene in August 2020 when it gained a certain measure of note by donating some of its ransom profits to charities, DarkSide is a (likely Russia-based) media-savvy group that understands how the cyber security “game” is played, and makes a virtue out of having an “honourable” reputation, as far a