Skip to main content

I’ve been following this which is has been in the news a lot recently.

Rather than try and breach into organisations this group tends to recruit insiders to provide an easy way in.

One of the reasons why it’s so important to have immutable backups.

https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

Krebs on Security
 

And hope it is not the backup admin they are recruiting who can delete the immutable backups or the servers they are residing on.

Some VCC with insider protection would make sense to avoid this...


And hope it is not the backup admin they are recruiting who can delete the immutable backups or the servers they are residing on.

Some VCC with insider protection would make sense to avoid this...

Agree!


Thank you very much for sharing @dips. A bit lengthy, but I will recommend everyone to read this piece as it is highlights on core-security principles. 

  • One of their approaches they said is paying employees to grant MFA approval etc. This is why insider threat (disgruntled employees) are often regarded very dangerous. 

    They are able to damage the organisations immensely since sensitive information is reachable easier compared to external attacks

The positive here is SIM-jacking isn't as easy to achieve in Germany compared to other countries! Yet, great attention needs to be paid in this regard over the globe.

> Remind employees that enterprise or workplace credentials should not be stored in browsers or password vaults secured with personal credentials

- I wish everyone could adhere to this. You can play with your personal credentials but not with your workplace cred!


And hope it is not the backup admin they are recruiting who can delete the immutable backups or the servers they are residing on.

Some VCC with insider protection would make sense to avoid this...

When caught, there will always be consequences. With the concept of Zero Trust, some of these issues can be mitigated. Want to learn more about this, see below

 

“Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust and continuously validating every stage of a digital interaction. In short, a Zero Trust approach trusts no one”


They have been nabbed @dips:

https://www.bbc.com/news/technology-60864283

 


They have been nabbed @dips:

https://www.bbc.com/news/technology-60864283

 

Sounds like they caught of them. It’ll be interesting how many others are located and arrested as well. 


Thanks for posting this @dips and also thank you @Iams3le for your additons. Really scarry to see what the bad guys are trying in order to get a foot in your environment.


They have been nabbed @dips:

https://www.bbc.com/news/technology-60864283

 

Sounds like they caught of them. It’ll be interesting how many others are located and arrested as well. 

That should be caught one* of them.


Thanks for posting this @dips and also thank you @Iams3le for your additons. Really scarry to see what the bad guys are trying in order to get a foot in your environment.

It’s quite interesting how they come up with so many different ways to get into an organisation.


Thanks for posting this @dips and also thank you @Iams3le for your additons. Really scarry to see what the bad guys are trying in order to get a foot in your environment.

It’s quite interesting how they come up with so many different ways to get into an organisation.

They leveraged on insiders as well amongst many other things. You will agree with me that, disgruntled insiders are harder to detect than external threats because they know that they must hide their tracks and steal or harm data without being caught.


They can found so many ways to access infrastructure.

Like this one, a really simple example that can leverage from a veeam backup to a domain admins without restore: https://www.whiteoaksecurity.com/blog/2020-4-14-from-veeam-to-domain-administrator/

While navigatin I came up to many more ways to “use” veeam for lateral movement


They can found so many ways to access infrastructure.

Like this one, a really simple example that can leverage from a veeam backup to a domain admins without restore: https://www.whiteoaksecurity.com/blog/2020-4-14-from-veeam-to-domain-administrator/

While navigatin I came up to many more ways to “use” veeam for lateral movement

This is the reason why you should encrypt your backups EVERYTIME 😎


They can found so many ways to access infrastructure.

Like this one, a really simple example that can leverage from a veeam backup to a domain admins without restore: https://www.whiteoaksecurity.com/blog/2020-4-14-from-veeam-to-domain-administrator/

While navigatin I came up to many more ways to “use” veeam for lateral movement

This is the reason why you should encrypt your backups EVERYTIME 😎

Yes, you’re absolutely right!


They can found so many ways to access infrastructure.

Like this one, a really simple example that can leverage from a veeam backup to a domain admins without restore: https://www.whiteoaksecurity.com/blog/2020-4-14-from-veeam-to-domain-administrator/

While navigatin I came up to many more ways to “use” veeam for lateral movement

This is the reason why you should encrypt your backups EVERYTIME 😎

Most definitely


Comment