BTC $60655.4951
ETH $3360.7632
BNB $571.3121
SOL $134.9947
stETH $3357.3374
XRP $0.4760
TON $7.5547
DOGE $0.1221
ADA $0.3892
wstETH $3933.4365
TRX $0.1208
WETH $3361.5880
AVAX $25.1197
WBTC $60819.9962
LINK $13.8833
DOT $5.8026
UNI $9.4317
BCH $371.6624
MATIC $0.5684
weETH $3496.2608
DAI $1.0015
LTC $70.5618
PEPE $0.0000
FET $1.6798
RNDR $7.6967
BSC-USD $0.9984
ICP $8.0973
CAKE $2.1400
KAS $0.1543
USDE $1.0004
ezETH $3394.4397
ETC $23.3487
NEAR $5.5289
APT $6.9055
IMX $1.5454
XMR $162.9883
HBAR $0.0783
FDUSD $1.0005
FIL $4.3895
OKB $41.2630
MNT $0.7568
ONDO $1.1969
STX $1.5913
ENS $22.9679
ATOM $6.9650
INJ $23.1544
LDO $2.4218
BTC $60655.4951
ETH $3360.7632
BNB $571.3121
SOL $134.9947
stETH $3357.3374
XRP $0.4760
TON $7.5547
DOGE $0.1221
ADA $0.3892
wstETH $3933.4365
TRX $0.1208
WETH $3361.5880
AVAX $25.1197
WBTC $60819.9962
LINK $13.8833
DOT $5.8026
UNI $9.4317
BCH $371.6624
MATIC $0.5684
weETH $3496.2608
DAI $1.0015
LTC $70.5618
PEPE $0.0000
FET $1.6798
RNDR $7.6967
BSC-USD $0.9984
ICP $8.0973
CAKE $2.1400
KAS $0.1543
USDE $1.0004
ezETH $3394.4397
ETC $23.3487
NEAR $5.5289
APT $6.9055
IMX $1.5454
XMR $162.9883
HBAR $0.0783
FDUSD $1.0005
FIL $4.3895
OKB $41.2630
MNT $0.7568
ONDO $1.1969
STX $1.5913
ENS $22.9679
ATOM $6.9650
INJ $23.1544
LDO $2.4218
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The FBI and CISA have issued recommendations for countering the AvosLocker ransomware

    A tried-and-true attack plan was discovered by experts and disseminated to all organizations.

    The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint statement that added new details about the tools that attackers using the AvosLocker ransomware, about which the FBI previously reported, were using.

    Affiliates of AvosLocker are known to remotely administer systems and steal data from business networks using open source code and reputable software.

    In order to navigate the network, increase privileges, and disable security systems, the FBI documented the use of custom PowerShell, web shells, and batch scripts.

    The following are some of the resources in the departments' updated message:

    1. Splashtop Streamer, Tactical RMM, PuTTy, AnyDesk, PDQ Deploy, and Atera Agent are examples of remote administration software.
    2. tools for a network that uses open source to tunnel: chisel, ligo;
    3. Cobalt Strike and Sliver are two frameworks for simulating attackers;
    4. tools for data collection: LaZagne and Mimikatz;
    5. FileZilla and Rclone are tools for data exfiltration.

    The hackers' toolkit also included Notepad++, RDP Scanner, 7-zip, and built-in Windows programs like PsExec and Nltest.

    Attacks frequently include malware called "NetMonitor.exe." Attackers can connect to a compromised network using this component, which acts as a reverse proxy and pretends to be a legitimate process. Even a unique YARA rule was developed by FBI specialists to find NetMonitor on the network.

    The FBI and CISA claimed that organizations in various critical infrastructure sectors in the United States had been compromised by AvosLocker affiliates, affecting Windows, Linux, and VMware ESXi environments.

    The agencies advise businesses to implement sophisticated application controls, such as whitelists, and forbid the use of portable versions of illegal utilities.

    Best practices for threat protection also call for limiting Remote Desktop Protocol (RDP) usage, implementing MFA, and following the least privilege principle. For users who do not need command line and PowerShell scripting support to complete their tasks, organizations should disable it.

    Security experts continue to recommend network segmentation, long passwords, storing them in a hashed format, and routine software and code updates.

    The latest AvosLocker manual supplements the one that was previously made available by the FBI in March of last year. It was mentioned that some AvosLocker ransomware assaults took advantage of flaws in nearby Microsoft Exchange servers.

    Author reign3d
    How do you search in the TOR network?
    New level of transparency: CISA discloses ransomware data in its notifications

    Comments 0

    Add comment