During the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity executives, senior security researcher Sergei Frankoff and senior intelligence analyst Eric Loui, gave details of a major emerging ransomware player they call Sprite Spider. Like many other ransomware attackers, the gang behind the Sprite Spiders attacks has grown rapidly in sophistication and damage capacity since 2015.
Today, Sprite Spider is poised to become one of the biggest players in the ransomware threat of 2021 and has a threat profile comparable to the advanced persistent threat players five or ten years ago. The rise of Sprite Spider as a sophisticated threat is not surprising given that it, like many other organized ransomware gangs, is filled with hackers who are often employed for profit by security actors. threat of the nation-state.
Evolution of Sprite Spider
Sprite Spider started using a banking Trojan called Shifu in 2015, adding a malware loader called Vatet around 2017. In 2018, the gang deployed a remote access Trojan called PyXie. In 2019, the group evolved to the point of deploying a ransomware called DEFRAY777.
At this point, CrowdStrike researchers have linked Shifu, Vatet, and PyXie to the DEFRAY777 ransomware attacks. They realized that all of the activity of these components was tied to a single threat actor, which was flying under the radar.
How Sprite Spider ransomware works
The gang can often escape detection mainly because their code appears harmless, hiding in open source projects such as Notepad ++. The only thing Sprite Spider writes to disk is Vatet, which makes it even more difficult for analysts to follow them during incident response.
Despite its stealth and multiple components, Sprite Spider displays mundane characteristics. DEFRAY777 isn’t sophisticated ransomware, but it gets the job done. Sprite Spider was also a little behind the game dedicated to the leak site, waiting until the end of November 2020 to launch its own victim communication site, months after other ransomware players started launching these. Site (s.
Sprite Spider’s real threat escalated in July 2020 when it started targeting ESXi hosts, which are typically deployed by large organizations that use bare hypervisor technology developed by VMware to manage multiple virtual machines. DEFRAY777 deployed to ESXi hosts uses stolen credentials to authenticate with vCenter, which is the web interface for managing multiple ESXi devices and websites hosted on those devices.
After that, the attackers log in, enable SSH, change SSH keys or root passwords, kill running processes and start other tasks that lead to the execution of the binary in the TMP directory, encrypting all the virtual machines and their hosts. Shortly after Sprite Spider started targeting ESXi hosts, another group of threats called Carbon Spider began to independently target ESXi machines as well.
By targeting EXSi machines, Sprite Spider does not have to deploy ransomware throughout the organizational environment, they only have to target a few servers to encrypt a large band of virtualized IT infrastructure. This is emblematic of a larger trend in the Enforcement Ecosystem, where some of Enforcement’s biggest adversaries have largely shifted their operations from bank fraud to these targeted ransomware operations, CrowdStrikes Loui said.
Basic malware infections are precursors of ransomware attacks
Malware originally used as banking Trojans has evolved into initial access tools. Wizard Spider uses TrickBot as an initial access tool to deploy Ryuk and Conti ransomware. Indrik Spider uses Dridex for BitPaymer or WastedLocker, and Carbon Spider uses Sekur / Anunak for REvil or Darkside, Loui said. I would like to point out for those of you who interact directly with RSSIs or C-suite, that infections by so-called basic tools or Trojans or downloaders can lead to major ransomware attacks. If you have a problem with Emotet, you are probably going to have a problem with Trickbot. If you have a problem with Trickbot, you are going to have a Ryuk or Conti problem.
Time is running out after the detection of basic tools. If you can’t detect, respond, and remedy within an hour, there’s no way you can catch up, Loui said. You must therefore treat these potentially serious infections, even if they are so-called basic tools.
Sprite Spider’s chain of destruction comparable to that of nation states ten years ago
The chain of destruction for Sprite Spider and some of the other large emerging ransomware groups is very similar to the early days of the behavior of nation state actors. It’s actually almost identical to the same chain of destruction threat that we were dealing with ten years ago with advanced persistent threat groups, Frankoff said. They are the same steps, but the goal at the end is different.
I think we’ve seen a number of nation states engage in these kinds of attacks to generate revenue, particularly North Korea, Adam Myers, CrowdStrikes senior vice president of intelligence, told the CSO. . He says Iran and China are also getting into the ransomware game. It is not necessarily the nation-state leading the attack, but [the cybercriminals] use acquired skills [by working for nation-state attackers] to earn some more money on the side. Individuals hired by the nation-state carry out ransomware attacks on moonlight shift.
Growing sophistication of ransomware requires strong defenses
Either way, ransomware attackers are getting more sophisticated and powerful. “By 2020, it was clear that the sophistication and targeted use of ransomware on certain verticals was common practice among threat actors,” Mark Ostrowski, director of Engineering East for Check Point Software, told CSO . In 2021, we can expect this to continue, and based on early reports, groups like Sprite Spider and others can specifically target the interests with the greatest return.
CrowdStrikes Myers has five recommendations on how organizations can best defend themselves against increasingly destructive ransomware. First of all, you need to prepare to defend. You have to do basic things on the table stakes, things like fixes, he says.
Second, follow the one seventy rule. You should be able to identify things in about a minute, review it in about ten minutes, and respond to them in about an hour. If you can do this, you may be able to prevent these players from moving around your business.
Third, to deal with the evolving nature of ransomware, use next-generation protection as antivirus software does not protect against these kinds of new threats. Next-generation protection uses what’s called machine learning or artificial intelligence. Machine learning really allows you to determine malware or files without ever seeing it before, Myers says.
Fourth, practice is essential. I always train boards and executives to go through routine tabletop exercise rhythms.
Finally, know who the opponents are. If you understand who your threat actors are, how they operate, then you are in a better position to defend yourself against them in the future.
Mark Weatherford, director of strategy at the National Cybersecurity Center and former DHS cybersecurity chief in the Obama administration, believes it will take an international effort to tackle the growing scourge of ransomware. Until there is more international political discussion, I think we were going to see these things develop, he told CSO. “What we need is a combined international effort from nations around the world to say this is no longer acceptable. Multinational cooperation last week that destroyed the Emotet infrastructure used to deliver ransomware suggests this is happening now.
Copyright © 2021 IDG Communications, Inc.
What Are The Main Benefits Of Comparing Car Insurance Quotes Online
LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos
to request, modification Contact us at Here or [email protected]
- President Joko Widodo will have an office at IKN from July 2024
- Bollywood villain Ajit slept in the gutters during wrestling days and didn't get a job after Dilip Kumar's Naya Daur: Shehzad Khan
- A new drug has been approved in Australia to treat endometriosis.Here's what we know about it
- Prince Harry granted permission to use key evidence in phone hacking case against Daily Mail publisher | Culture & Leisure
- Ogle county sheriff launches Handle with Care, all 10 participating school districts | Community Calendar
- REI's 22 best sellers in 2024
- Trump has one week to pay E. Jean Carroll $83.3 million and she expresses very serious concerns
- The disaster we could see from space: how a podcast turned into an ecological disaster | Podcasts
- Indian Elections: Can Rahul Gandhi Challenge Prime Minister Narendra Modi? | BBC News
- Tom Cruise: the last great Hollywood artist?
- Men's hockey wins Series Opener at Ohio State 5-2
- Dress to Impress Codes March 2024