HQ/EMEAFind out how we can help your business
The LockBit group got a lot of traction in the cybercriminal landscape as its competitors like Hive and Conti are down. Because of this, amateurs and wannabe hackers have taken the opportunity to spoof the actors and execute their cybercriminal operations.
These recent LockBit-impersonation operations have impacted Northern Europe’s small and medium businesses (SMBs) as attackers could only execute small-time campaigns. Researchers explained that the leaked LockBit locker-based extortion tactic had paved the way for numerous actors to extort small-scale businesses.
Belgian SMBs were the first to experience the alleged LockBit group cybercriminal campaign.
Researchers from Belgium reported that the recent attacks against their SMBs were allegedly executed by cybercriminals that used the name of the LockBit group and its malware. According to investigations, the attackers are not related to the legitimate LockBit group but only impersonate the gang using a leaked version of its malware.
Unfortunately, the amateur threat actors have still caused massive damage to its targets despite being unrelated to LockBit. Some research showed that the impostors had encrypted multiple encrypted files from their targets.
The targeted company recovered its networks through backups, and client operations remained uninterrupted by the attempted attack.
These incidents showed that outdated software and systems could cause significant damage if left unaddressed since extortion tactics have become increasingly popular among amateur hackers.
In some cases, the threat actors have taken advantage of unfixed flaws in the FortiGate firewall. Malicious threat actors are abusing several flaws in outdated FortiGate firewalls.
Experts stated that the exploited vulnerability utilized mainly by hackers is the notorious Fortifuck flaw in 2018.
The threat actors exploited these vulnerabilities by exposing a targeted company to an internet gateway. This method allows the attacker to acquire more straightforward entry points since it is often less secure than other gateways.
Therefore, SMBs should start updating their systems to patch vulnerabilities to mitigate the chances of getting breached by threat actors. The LockBit group’s impostors do not carry out the same lethal attack as the actual gang. However, they could still inflict severe damage if they could pick suitable targets.
