![]() ![]() CISA, FBI, and ACSC claim the BianLian gang has targeted US critical infrastructure organizations and Australian private companies, including a critical infrastructure organization, for a year. Since June 2022, the gang has used remote desktop protocol (RDP) credentials from initial access brokers or phishing assaults to access victim networks. The FBI, CISA, and ACSC are warning critical infrastructure organizations of BianLian ransomware assaults. Software and firmware updates should be performed routinely, networks should be segmented to increase security, and network activity should be actively monitored.įull bulletins from CISA and the ACSC provide more information on the recommended countermeasures, indicators of compromise (IoCs), command traces, and BianLian approaches.Password policies should be in line with NIST recommendations for security, including in terms of length, storage, reuse, and multi-factor authentication.Create a backup plan that includes numerous, off-site copies of your data.Use the concept of least privilege and conduct regular audits of administrative accounts.Reduce your reliance on PowerShell, get the newest version, and turn on detailed logging.Implement severe security measures and limit access to remote desktop programs like RDP.Make sure all applications and tools used for remote access are being monitored and controlled.Several preventative steps are suggested in the warning to keep the network secure: Restricting the usage of PowerShell on mission-critical systems, prohibiting command-line and scripting activities, and limiting the use of remote desktop protocols are all recommended mitigations. Tamper protection in Sophos security systems is also disabled by manipulating the Windows Registry. The final step is the exfiltration of victim data using a file sharing service like Mega, the Rclone tool, or the File Transfer Protocol (FTP).īianLian uses PowerShell and the Windows Command Shell to stop antivirus-related tasks from executing and dodge detection. Since these instances are effectively data breaches, they also cause the victim’s reputation to suffer, erode the trust of their customers, and open them up to legal issues.Īccording to the CISA advice, BianLian compromises systems with legitimate Remote Desktop Protocol (RDP) credentials that were likely obtained through phishing or were purchased through early access brokers.īianLian then does network reconnaissance using a bespoke Go backdoor, commercial remote access tools, the command line, and scripts. ![]() The goal is to arm defenders with the knowledge they need to defend themselves against BianLian and other malware better.Īfter collecting sensitive information from target networks, BianLian encrypted systems and threatened to release the files as a second form of extortion.Īs a result of Avast’s publication of a decryptor for the ransomware in January 2023, the group has shifted its focus to extortion via data theft without encrypting systems. The #StopRansomware alert is based on findings from the FBI and the Australian Cyber Security Centre as of March 2023 and is part of a larger effort to combat ransomware. Download from confirms BianLian ransomware switch to extortion only attacks – The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) have published a joint advisory to inform … - G & R Computers May 17, 2023 ![]() Can be run from a USB flash drive without installation. Integrates with Nmap for OS discovery, vulnerability tests, and much more. Exports results to HTML, XML, JSON, CSV and TXT. Launches external third party applications. Supports remote SSH, PowerShell and VBScript command execution, Wake-On-LAN, remote shutdown and sending network messages. Scans for listening TCP ports, some UDP and SNMP services. Retrieves any system information via WMI, remote registry, file system and service manager, currently logged-on users, configured user accounts, uptime, etc. Detects hardware MAC-addresses, even across routers, writable and hidden shared folders, internal and external IP addresses. Performs a ping sweep and displays live devices. Fully supports both IPv4 and IPv6 discovery. The software can ping computers, scan ports, discover shared folders and comes with flexible filtering and display options. It is intended for both system administrators and general users interested in computer security. SoftPerfect Network Scanner is a fast universal IPv4/IPv6 scanner for Windows and macOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |