Experts warned that the attack “Bad rabbit” can be a distraction from the main cyber attacks.
Cyber attacks “Locky1024” and a “BadRabbit” may be as new vectors of hacker attacks and a distraction from the ongoing “core” of cyber attacks. About it reports a press-service of the International group of companies ISSP – expert on security of information systems.
Experts ISSP Labs working on the analysis arrived in laboratory samples Locky1024 and BadRabbit.
“At the moment, it’s safe to say that the sample Locky1024 does not contain a functional rewrite the MBR and does not use Mimikatz to obtain passwords and does not extend beyond a local network, which means that this vector is not the same Forex/NotPetya as hastily reported by some companies and experts on cyber security. This vector can act as a cover for another hidden attack that went unnoticed for the General attention given to the cryptographers (the same possibility exists for the vector BadRabbit).
Also again draw the attention of cybersecurity experts that after Petya/NotPetya in many organizations, there are so-called sleeper agents (Sleeper Agents), so with high probability the attackers continue to reside and have access to the infrastructures of organizations as victims and not formally affected by NotPetya. To respond positively or negatively to the question about the actual presence of the attackers inside infrastructure is possible only in the process of carrying out the corresponding professional examination”, – stated in the published message.
The recommendations of the ISSP:
– Do not open suspicious attachments in emails from unknown sources
– do not click on suspicious links (for example, “update flash player”).
– Block access to the link above (stay tuned indicators of compromise on the ISSP website or contact us for subscription of indicators)
– To install Windows updates that eliminate the vulnerability of DDE in Microsoft Office (CVE-2017-11826).
-Don’t run with administrator rights.
Additional recommendations for large organizations and enterprises of critical infrastructure:
– promptly carry out the examination and on the basis of the obtained results to introduce technologies for constant monitoring of computer infrastructure and user activity with the purpose of identifying and resolving attacks in their early stages.
We will remind that on 24 October in Ukraine was recorded a new cyber attack that struck a number of infrastructure projects, including Odessa airport, banking services of the Kiev metro and others. At the moment it is not yet clear whether the observed vectors of attacks, one of which received the title “Bad Rabbit”, and the second experts ISSP Labs called Locky1024, the new independent vectors, or a distraction from the ongoing “primary attack”, the stage of climax and Stripping which called Forex/NotPetya, was observed on July 27, 2017, and which affected a large number of companies and government agencies.
Previously, “Kaspersky Lab” said that accidentally downloaded classified details of U.S. intelligence. In 2014, analysts said about downloading the data about some of the Equation Group hackers that were listed in secret documents the NSA.
© 2017 – 2019, paradox. All rights reserved.