In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team — no ransomware required. Rather than disrupting business operations by locking down a target’s data and systems, SnapMC just focuses on straight-up extortion. However, this low-tech, ransomware-free approach to extortion on a compressed timeline relies on known vulnerabilities with patches readily available. “In the extortion emails we have seen from SnapMC have given victims 24 hours to get in contact and 72 hours to negotiate,” the report said. “These deadlines are rarely abided by, since we have seen the attacker to start increasing the pressure well before countdown hits zero.” The researchers weren’t able to link the group to any known threat actors and gave it the name for it’s speed (“Snap”) and its mc.exe exfiltration tool of choice. As evidence the group has the data, SnapMC provides victims with a list of the exfiltrated data. If they fail to engage in negotiations within the timeframe, the attackers threaten to publish the data and report the breach to customers and the media. Analysts said they’ve observed SnapMC successfully breaching unpatched and vulnerable VPNs using the CVE-2019-18935 remote code execution bug in Telerik UI for ASPX.NET, and webserver apps using SQL injections. VPN…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-10-13 07:22:002021-10-13 07:22:0030 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org