HQ/EMEAFind out how we can help your business
The notorious Play ransomware group currently targets security-managed service providers to acquire initial access to security appliances. Based on reports, the group utilise old vulnerabilities in the targeted devices.
Researchers explained that the group’s attacking of firms through their security vendor is a wise strategy. It is challenging for cybersecurity defenders to detect the new campaign since it initially appears to have legitimate admin access. It frequently provides hackers with free control of a targeted network and IT assets.
The ransomware group also employs intermittent encryption to avoid setting off defences that look for whole file modifications. Their most recent campaigns targeted average-sized financial, legal, logistic, and software industries in multiple countries, such as Italy, Australia, the United Kingdom, and the United States.
Play ransomware is the culprit of multiple cybercriminal campaigns that targeted cities in the United States and other countries.
The Play ransomware campaigns have compromised numerous cities in the past months. The latest attack that it executed was against the city of Oakland, the German chain H-Hotels, and the Judiciary of Cordoba.
The researchers also explained that the group’s operations overlap with Hive’s and Nokoyawa’s, implying that there is a potential affiliation.
The group has also deepened its arsenal by including new exploits like OWASSRF, ProxyNotShell, and MS Exchange Server RCE. Furthermore, some researchers found that the group exploits two vulnerabilities, CVE-2018-13379 and CVE20-2020-12812.
Cybersecurity officials across the United States and its Five Eyes intelligence alliances explained in a joint security earlier this month that the threat actors exploited 12 of the most common vulnerabilities last year. Most of the exploited flaws are 5-year-old bugs in outdated and old appliances.
One such flaw is CVE-2018-13379, a path traversal bug in the Fortinet SSL VPN. The researchers claimed that the flaw is an easy-to-exploit bug that emerged in 20218. These attackers abuse such weaknesses whenever they see an opportunity.
Everyone should patch these vulnerabilities to avoid infection since Play ransomware is rampaging across the entire cybersecurity landscape.
