US authorities [1] [2] [5] [6], including the Cybersecurity Infrastructure and Security Agency (CISA) and FBI [1] [2] [3] [6], have issued a joint Cybersecurity Advisory warning about potential cyberattacks on critical infrastructure sectors in the United States. This advisory highlights the AvosLocker ransomware gang’s involvement in recent attacks on multiple critical industries.
Description
AvosLocker operates as a ransomware-as-a-service model and gains access to networks by using legitimate software and open-source remote system administration tools [6]. Once inside, they employ data extortion tactics [3] [5], threatening to leak or publish stolen data [3] [5] [6]. AvosLocker is known for disabling antivirus protection and affects Windows [3], Linux [3] [5], and VMware ESXi environments [3] [5]. To avoid detection and attribution [3], the gang relies on open-source tools and living-off-the-land tactics [3]. They use various tools for data exfiltration [3], tunneling [3], command-and-control [3], credential theft [3], lateral movement [3], privilege escalation [3], and disarming security software [3]. AvosLocker affiliates also upload custom web shells and use an executable named NetMonitor.exe as a reverse proxy [3].
To combat these attacks, the FBI and CISA recommend implementing mitigations such as application controls [3], limiting remote desktop services [3], restricting PowerShell use [3] [4], using multi-factor authentication [3], segmenting networks [3], keeping systems up-to-date [3], and maintaining offline backups [3].
Conclusion
This advisory comes amidst a significant increase in ransomware attacks [1], with a nearly 80% rise compared to last year and a more than 5% increase in September alone [1], according to a report by cyber-insurance company Corvus [1]. It is crucial for organizations to take immediate action to protect their critical infrastructure from potential cyberattacks. By implementing the recommended mitigations, organizations can enhance their security posture and reduce the risk of falling victim to ransomware attacks. Continued vigilance and proactive measures are essential to safeguarding critical infrastructure sectors in the United States and ensuring the resilience of the nation’s cybersecurity defenses.
References
[1] https://www.darkreading.com/ics-ot/feds-beware-avoslocker-ransomware-attacks-critical-infrastructure
[2] https://flyytech.com/2023/10/14/beware-avoslocker-ransomware-attacks-on-critical-infrastructure/
[3] https://mrhacker.co/cyber-attack/fbi-cisa-warn-of-rising-avoslocker-ransomware-attacks-against-critical-infrastructure
[4] https://executivegov.com/2023/10/fbi-cisa-update-cybersecurity-advisory-against-avoslocker-ransomware/
[5] https://www.waterisac.org/portal/fbi-and-cisa-release-update-avoslocker-advisory
[6] https://www.jdsupra.com/legalnews/cisa-fbi-issue-joint-advisory-on-2743565/