The Cybersecurity and Infrastructure Security Agency, FBI, and MS-ISAC issued an advisory about Ghost (Cring) ransomware, detailing its attack strategies focusing on outdated software. The advisory includes indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods observed in FBI investigations. Threat actors exploit vulnerabilities in internet-facing devices using publicly available code. Tim Mackey from Black Duck emphasized the need for organizations to maintain long-term operational plans for their cyber-physical devices, while Darren Guccione of Keeper Security noted that adversaries exploit known vulnerabilities quicker than organizations can patch them.
The Ghost ransomware campaign highlights the persistent reality that adversaries exploit known vulnerabilities faster than many organizations can patch their systems.
Tim Mackey stressed that attackers know best practices evolve, making even the most secure devices vulnerable to modern attacks.
Collection
[
|
...
]