Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

FBI issues warning on ransomware trends using third-party tools

Picture of Kirsten Peremore Kirsten Peremore November 09, 2023

Email cybersecurity
FBI issues warning on ransomware trends using third-party tools

The FBI issued a detailed industry notification highlighting trends in ransomware attacks. 

 

What happened 

The notification outlined cybercriminals' use of sophisticated techniques to exploit vulnerabilities in third-party tools and system management software, leading to unauthorized access and data compromise.

These tactics were observed in recent incidents between 2022 and 2023, including the exploitation of vendor-controlled remote access to casino servers and the victimization of companies through system management tools. 

The report detailed the operations of the Silent Ransom Group, also known as Luna Moth, which orchestrated callback-phishing data theft and extortion attacks. They could compromise local files, extract victim data, and extort companies by manipulating system management tools. These tactics were observed in recent incidents, including: 

  • Ransomware actors exploited vulnerabilities in remote access systems managed by vendors, gaining unauthorized access to casino servers and compromising networks.
  • Cybercriminals used legitimate system management tools to elevate network permissions and compromise victim systems.
  • The Silent Ransom Group (SRG), also known as Luna Moth, conducted callback-phishing attacks, where victims were sent a phone number in a phishing attempt.

What they're saying

The American Hospital Association national advisor for cybersecurity and risk offered a statement on the FBI notification, “Although health care is not specifically mentioned in this advisory, it serves as a good reminder that third-party tools, technology, and services continue to be a major contributing factor in some of the largest data breaches and ransomware attacks impacting hospitals and health systems. The advisory points out that our cyber adversaries combine social engineering and legitimate third-party technology tools for maximum effect and provide clearly defined defensive measures applicable to health care." 

The AHA recommends organizations establish a multidisciplinary risk management governance committee to help identify and manage cyber risk related to embedded third-party technology.

 

Why it matters

Although not explicitly mentioned in the advisory, the healthcare sector is highly susceptible to such attacks due to its reliance on numerous third-party tools and technologies. The potential impact of data breaches and ransomware attacks on hospitals and health systems cannot be overstated, as they compromise sensitive patient information and disrupt healthcare services. 

Recent cases like the HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center cyberattack show how these cases can impact operations within the organization. 

See also: Cyberattack shuts down New York hospitals

 

What's next

Implementing the defensive strategies outlined in the advisory, such as maintaining strong liaison relationships with the FBI field offices and conducting reviews of third-party vendor security postures, are methods of avoiding cybersecurity risks. 

See also: HIPAA Compliant Email: The Definitive Guide

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.