Kaspersky may be a company that is under some degree of pressure at the moment. But that hasn’t stopped them from uncovering new threats. Kaspersky threat researchers today published a blog detailing the BlackCat ransomware group and their efforts to target industrial companies. In addition, Kaspersky has found links between the teams of BlackCat, ALPHV, Noberus and BlackMatter. These teams have used a data exfiltration cool called Fendr and ExMatter to target oil, gas, mining, construction and industrial sites.
Just lovely.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
“Threat actor groups are now sharing methods and colluding to target organizations, in this case, industrial and critical infrastructure for stealing design information, but also information on controls, presumably to find those systems and cause potential damage or encrypt key files as part of a subsequent ransomware campaign. This shows that attackers are implementing different tactics and techniques, even when using known tools like Fendr for malicious purposes. Current XDR and SIEM solutions, primarily using rule-based ML/AI, will be hard pressed to detect these attacks out of the gate, leaving too many systems widely exposed to threat actors. Organizations must be enabled to ingest more telemetry from even proprietary industrial machines and apply advanced analytics with self-trained machine learning models to stay ahead of ever-changing variants and attack methods that evade defenses and current security operations tools easily. Threat actors partnering in their efforts makes it critical that organizations push the envelope in moving past most vendor claims to evaluate solutions that are best of breed in their capabilities and customizable as IT and security needs evolve.”
There seems to be a never ending stream of these groups going after the targets of their choice. That means that you need to be on point with your security strategy along with your incident response should it come to that.
Like this:
Like Loading...
Related
This entry was posted on April 7, 2022 at 1:30 pm and is filed under Commentary with tags Kaspersky. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
Kaspersky Serves Up Details On The BlackCat Ransomware Group
Kaspersky may be a company that is under some degree of pressure at the moment. But that hasn’t stopped them from uncovering new threats. Kaspersky threat researchers today published a blog detailing the BlackCat ransomware group and their efforts to target industrial companies. In addition, Kaspersky has found links between the teams of BlackCat, ALPHV, Noberus and BlackMatter. These teams have used a data exfiltration cool called Fendr and ExMatter to target oil, gas, mining, construction and industrial sites.
Just lovely.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
“Threat actor groups are now sharing methods and colluding to target organizations, in this case, industrial and critical infrastructure for stealing design information, but also information on controls, presumably to find those systems and cause potential damage or encrypt key files as part of a subsequent ransomware campaign. This shows that attackers are implementing different tactics and techniques, even when using known tools like Fendr for malicious purposes. Current XDR and SIEM solutions, primarily using rule-based ML/AI, will be hard pressed to detect these attacks out of the gate, leaving too many systems widely exposed to threat actors. Organizations must be enabled to ingest more telemetry from even proprietary industrial machines and apply advanced analytics with self-trained machine learning models to stay ahead of ever-changing variants and attack methods that evade defenses and current security operations tools easily. Threat actors partnering in their efforts makes it critical that organizations push the envelope in moving past most vendor claims to evaluate solutions that are best of breed in their capabilities and customizable as IT and security needs evolve.”
There seems to be a never ending stream of these groups going after the targets of their choice. That means that you need to be on point with your security strategy along with your incident response should it come to that.
Share this:
Like this:
Related
This entry was posted on April 7, 2022 at 1:30 pm and is filed under Commentary with tags Kaspersky. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.