The FBI and Cybersecurity and Infrastructure Security Agency have issued a joint advisory warning about the evolving tactics of the Snatch ransomware group. The group has been targeting the Defense Industrial Base and critical infrastructure sectors, using data exfiltration and double extortion techniques. They exploit weaknesses in Remote Desktop Protocol and compromised credentials for initial access, spending months on a victim’s system. Organizations are advised to limit user access, perform regular patching and segmentation, and maintain backups. Paying ransom is strongly discouraged, and incidents should be reported to the FBI and CISA.
A new study by Unit 42 reveals that cloud-based assets and remote access are the most vulnerable threat surfaces. The report highlights that 80% of reported exposures occurred on cloud-based assets, while 85% of organizations had remote access connected to the internet. Attackers scan IPv4 address spaces at machine speed and exploit publicly accessible surfaces within days. Organizations refreshing their cloud-based IT infrastructure contribute to the problem. The study also identifies industry-specific attack surfaces and recommends continuous visibility, vulnerability management, securing remote access, and addressing cloud misconfigurations as solutions.
Why do we care?
How much access is left wide open, even today? It’s staggering. This statistic is a red flag for organizations migrating to or operating in the cloud, signaling the urgent need for better cloud security measures. The Unit 42 report also suggests that different industries have unique vulnerabilities. Tailored approaches may be more effective than one-size-fits-all security solutions… which should be catnip for service organizations.
While investments in cybersecurity are growing, the latest warnings make it clear that we are far from where we need to be.