Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Vice Society ransomware joins ongoing PrintNightmare attacks

Vice Society ransomware joins ongoing PrintNightmare attacks

The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims’ networks.

PrintNightmare is a set of recently disclosed security flaws (tracked as CVE-2021-1675CVE-2021-34527, and CVE-2021-36958) found to affect the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.

Also Read: A Review of PDPC Undertakings July 2021 Cases

Microsoft has released security updates to address the CVE-2021-1675 and CVE-2021-34527 bugs in JuneJuly, and August, and has also published a security advisory this week with a workaround for CVE-2021-36958 (a zero-day bug allowing privilege escalation).

Attackers can abuse this set of security flaws for local privilege escalation (LPE) or distributing malware as Windows domain admins via remote code execution (RCE) with SYSTEM privileges.

PrintNightmare added to Vice Society’s arsenal

Recently, Cisco Talos researchers observed Vice Society ransomware operators deploying a malicious Dynamic-link library (DLL) to exploit two PrintNightmare flaws (CVE-2021-1675 and CVE-2021-34527).

Vice Society ransomware (likely a HelloKitty spin-off) encrypts both Windows and Linux systems using OpenSSL (AES256 + secp256k1 + ECDSA), as ransomware expert Michael Gillespie found in mid-June when the first samples surfaced.

The Vice Society gang mainly targets small or midsize victims in human-operated double-extortion attacks, with a notable focus on public school districts and other educational institutions.

Cisco Talos also made a list of Vice Society’s favorite tactics, techniques, and procedures (TTPs), including backup deletion to prevent victims from restoring encrypted systems and bypassing Windows protections for credential theft and privilege escalation.

“They are quick to leverage new vulnerabilities for lateral movement and persistence on a victim’s network,” Cisco Talos said.

“They also attempt to be innovative on end-point detection response bypasses” and “operate a data leak site, which they use to publish data exfiltrated from victims who do not choose to pay their extortion demands.”https://platform.twitter.com/embed/Tweet.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1425949130019545091&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fvice-society-ransomware-joins-ongoing-printnightmare-attacks%2F&sessionId=797d595c127bb37df3bbd61248665d45d0febeb0&siteScreenName=BleepinComputer&theme=light&widgetsVersion=1890d59c%3A1627936082797&width=550px

PrintNightmare actively exploited by multiple threat actors

The Conti and Magniber ransomware gangs are also using PrintNightmare exploits to compromise unpatched Windows servers.

Magniber’s attempts to exploit the Windows print spooler vulnerabilities in attacks against South Korean victims were detected by Crowdstrike in mid-June.

In-the-wild PrintNightmare exploitation reports [123] have been slowly trickling in since the vulnerability was first reported and proof-of-concept exploits were leaked.

“Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective,” Cisco Talos added.

“The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks.”

To defend against these ongoing attacks, you should apply any available PrintNightmare patches as soon as possible and implement the workarounds provided by Microsoft for the CVE-2021-36958 zero-day to remove the attack vector.

Also Read: Got A Notice of Data Breach? Don’t Panic!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us