Introducing Ransomware via Third Party Risk and Legitimate System Tools

In a world increasingly reliant on digital infrastructure, the specter of ransomware looms large. The FBI’s Private Industry Notification, dated November 7, 2023, serves as a crucial beacon, guiding organizations through the treacherous waters of cyber threats. It’s a friendly reminder that vigilance is not just a choice, but a necessity.

The document outlines a concerning trend: ransomware actors are exploiting third-party services and legitimate system tools to gain unauthorized access. Casinos, often through third-party gaming vendors, have found themselves at the mercy of such attacks, with the personal information of employees and patrons held hostage. The Silent Ransom Group, also known as Luna Moth, has been particularly cunning, luring victims with callback phishing schemes that lead to data theft and extortion.

But fear not, for the FBI is not just the bearer of bad news. They come bearing the gift of knowledge—mitigations that can shield your organization from these digital pirates. They advise a robust liaison with the FBI Field Office, a well-oiled incident response plan, and a suite of technical defenses that fortify your digital domain.

Imagine your organization as a castle. The FBI’s recommendations are the moat, the walls, and the sentries. They suggest maintaining offline, encrypted, and immutable backups—your secret passages and hidden chambers that keep your treasures safe. They urge you to scrutinize the drawbridges to your castle—the third-party connections—and to only allow the trusted knights, the verified applications, through your gates.

Your subjects, the user accounts, must be wise and well-trained. Passwords should be as strong as the stone walls of your fortress, and multifactor authentication should stand guard like the most alert of sentinels. Regular patrols, in the form of audits and access management, ensure that only those with the royal seal can access the crown jewels.

The architecture of your stronghold should be compartmentalized—segmented networks that prevent the enemy from infiltrating the entire kingdom. Monitoring tools are your scouts, always on the lookout for suspicious activity. And like any good fortress, unused ports are sealed, like closing off unused tunnels that could be exploited by invaders.

In the event of a siege, the FBI encourages reporting to the local field office or ic3.gov. The information shared becomes a rallying cry for others to bolster their defenses.

The Joint Ransomware Task Force, a valiant alliance co-chaired by CISA and the FBI, stands as a testament to the power of unity. Together, they combat the ransomware scourge, sharing strategies, conducting joint operations, and offering guidance to those who have fallen victim.

In closing, the FBI’s message is clear: the threat is real, but so is the defense. With the right preparations, the right mindset, and the right allies, your organization can stand resilient against the ransomware onslaught. Stay vigilant, stay informed, and stay secure.

Here is a link the bulletin: bi-tlp-clear-pin-ransomware-actors-continue-to-gain-access-through-third-parties-and-legitimate-system-tools-11-7-23.pdf (aha.org)


Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He writes on cybersecurity and board management for both corporate and nonprofit boards.

Verified by MonsterInsights