Researchers with Redacted have issued their findings on the BianLian ransomware gang, citing observations of the threat actor deploying custom malware written in the Go programming language. BianLian has achieved initial access via exploitation of the ProxyShell Microsoft Exchange server flaws, leveraging it to drop a web shell of an ngrok payload for follow-on activities. Additionally, the BianLian actors exhibit dwell times of up to six weeks from the point of initial access to the encryption date, well above the median dwell time of 15 days reported in 2021.
This is highly concerning and Dr. Darren Williams who is the CEO and Founder of BlackFog agrees:
“It is no surprise that threat actors continue to find new mechanisms and practices of infiltration, as we have seen countless times. The specific cause for concern here, however, is the dwell time that this group is sitting within systems. By the time BianLian performs encryption, thus making the genuine users aware, they have already sat within the network for far too long, observing and collecting countless streams of information. The very nature of this scenario should alert organizations to take a more consistent, proactive approach to monitoring their systems and taking a preventative approach to preventing data exfiltration.”
I would be reading the Redacted report as that will give you a guide as to how to not become the next victim of BianLian.
Like this:
Like Loading...
Related
This entry was posted on September 1, 2022 at 1:02 pm and is filed under Commentary with tags Redacted. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Redacted Publish Their Findings On The BianLian Ransomware Gang
Researchers with Redacted have issued their findings on the BianLian ransomware gang, citing observations of the threat actor deploying custom malware written in the Go programming language. BianLian has achieved initial access via exploitation of the ProxyShell Microsoft Exchange server flaws, leveraging it to drop a web shell of an ngrok payload for follow-on activities. Additionally, the BianLian actors exhibit dwell times of up to six weeks from the point of initial access to the encryption date, well above the median dwell time of 15 days reported in 2021.
This is highly concerning and Dr. Darren Williams who is the CEO and Founder of BlackFog agrees:
“It is no surprise that threat actors continue to find new mechanisms and practices of infiltration, as we have seen countless times. The specific cause for concern here, however, is the dwell time that this group is sitting within systems. By the time BianLian performs encryption, thus making the genuine users aware, they have already sat within the network for far too long, observing and collecting countless streams of information. The very nature of this scenario should alert organizations to take a more consistent, proactive approach to monitoring their systems and taking a preventative approach to preventing data exfiltration.”
I would be reading the Redacted report as that will give you a guide as to how to not become the next victim of BianLian.
Share this:
Like this:
Related
This entry was posted on September 1, 2022 at 1:02 pm and is filed under Commentary with tags Redacted. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.