Conti Ransomware as predicted accurately from our previous blog post is growing to be a much larger threat. Enterprises, Oil & Gas entities, and manufacturing segments of the industry are facing the brunt of attacks and are predicted to rise in the coming weeks. Highly specialized reengineered malwares and spyware are seen infiltrating known vulnerabilities as a part of their reconnaissance attacks without being detected. We urge all to conduct frequent scans for anomalies in the network and compare them with scans conducted in the past as an added layer of precaution.
In our previous update on May 4th, 2022, campaigns promoting ransomware across multiple channels through multi-phased spear-phishing were seen and intercepted in some cases. Threat actors were seen primarily targeting government websites across the globe, which was followed by several data dumps on the dark web containing highly classified information from entities that denied the payment of ransom. This also indicates that the threat actors are unwilling to negotiate and have effectively reduced their payment windows.
Attacks from APT groups from East Asia continue to rise at an alarming rate targeting financial institutions. Few threat actors hit manufacturing entities as the average ransom payout is much higher and more likely compared to other verticals as a halt in operations could mean significant losses.
Like the previous week, we urge Financial services firms, as well as manufacturers, should be on their guard and watch out for anomalies in their networks.
Weekly advisory
Segments under this list must be on high alert in the coming weeks:
- Oil and gas
- Financial Services
- Manufacturing
- Critical Infrastructure
- Supply chains
- Energy Sector
- Water and wastewater treatment facilities
- Utility entities
- Maritime agencies
- Healthcare
- Government Agencies