The Federal Bureau of Investigation (FBI) issues alert, on ransomware gangs targeting casinos through third-party gaming channels.
In a description by the Bureau, they said that:
“New trends included ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies victimized through legitimate system management tools to elevate network permissions,”
Legitimate system management tools are being exploited by these gangs to bypass the security measures of organizations, elevate their network permissions, and encrypt servers.
In addition, the ransomware gangs, proceed to pilfer the Personal Identifiable Information (PII) of both employees and patrons of their victims. According to the FBI, two specific groups, namely Silent Ransom Group (SRG) and Luna Moth, are the culprits behind these attacks since June 2022.
METHODS USED BY THE RANSOMWARE GANG.
FBI, further described that the ransomware gang actively use phishing methods, including fake subscription renewals, as one of their tactics. They cunningly trick victims into installing malicious software, which enables them to infiltrate the network and steal data.
FBI’s MITIGATION & RECOMMENDATIONS:
FBI urges organizations to adopt diverse strategies against adversaries using standard network discovery techniques to infiltrate their networks. These strategies includes:
- Secure offline backups of all company data (by Keeping them immutable & encrypted).
- Enforce remote access rules and trusted applications only (through policy implementation).
- Improve password rules and apply multifactor authentication (by using strong password policies).
- Manage admin privileges effectively (through continuous auditing and review).
- Implement network segmentation, abnormal activity monitoring, secure RDP usage, and software updates.
- System Admins should close unneeded ports/protocols, add email banners for external emails, and limit scripting activities (by disabling inactive services or services not in use).
We are advising big cooperation’s and organizations, on the importance’s to stay vigilant, apply mitigative steps recommended by the bureau. Also, organizations should be proactive in protecting their organization’s systems and data from ransomware attacks.
Please do let us know in the comment section what are your thoughts about this.