The scrupulous approach of intruders is fraught with a threat at the national level.
The National Cyber Security Center of Finland (NCSC-FI) warns about the activation of the Akira cryptographer. According to the center, last December, hackers used this ransomware to conduct six successful attacks out of seven recorded attempts. The victims were several local companies.
A feature of the attacks was the complete destruction of backup copies of data, which deprives victims of any opportunity to restore information without paying a ransom, thereby increasing pressure on victims. Attackers attacked both NAS network storage and tape drives for archiving. According to NCSC-FI experts, " criminals carefully destroyed all backups."
As a security measure, the center recommends using offline backups that store copies in multiple locations at once. "For the most important backups, it would be advisable to follow the 3-2-1 rule. That is, keep at least three backups in two different locations and completely disconnect one of them from the network, " said Olli Hohne of NCSC-FI.
According to NCSC-FI, the hack occurred through the vulnerability CVE-2023-20269 in Cisco products. Thanks to its operation, the attackers were able to conduct a brute-force attack and get the passwords of existing users.
The vulnerability was recognized by Cisco in September 2023, but the first attacks were recorded by researchers since August. Once penetrated, hackers created a detailed network map, identified critical servers and backups, stole credentials from servers, and then encrypted important files and disks of virtual machines, especially on the VMware platform.
To avoid falling victim to the same vulnerability, NCSC-FI experts strongly recommend upgrading Cisco ASA to version 9.16.2.11 and higher, as well as Cisco FTD to version 6.6.7 and higher.
The National Cyber Security Center of Finland (NCSC-FI) warns about the activation of the Akira cryptographer. According to the center, last December, hackers used this ransomware to conduct six successful attacks out of seven recorded attempts. The victims were several local companies.
A feature of the attacks was the complete destruction of backup copies of data, which deprives victims of any opportunity to restore information without paying a ransom, thereby increasing pressure on victims. Attackers attacked both NAS network storage and tape drives for archiving. According to NCSC-FI experts, " criminals carefully destroyed all backups."
As a security measure, the center recommends using offline backups that store copies in multiple locations at once. "For the most important backups, it would be advisable to follow the 3-2-1 rule. That is, keep at least three backups in two different locations and completely disconnect one of them from the network, " said Olli Hohne of NCSC-FI.
According to NCSC-FI, the hack occurred through the vulnerability CVE-2023-20269 in Cisco products. Thanks to its operation, the attackers were able to conduct a brute-force attack and get the passwords of existing users.
The vulnerability was recognized by Cisco in September 2023, but the first attacks were recorded by researchers since August. Once penetrated, hackers created a detailed network map, identified critical servers and backups, stole credentials from servers, and then encrypted important files and disks of virtual machines, especially on the VMware platform.
To avoid falling victim to the same vulnerability, NCSC-FI experts strongly recommend upgrading Cisco ASA to version 9.16.2.11 and higher, as well as Cisco FTD to version 6.6.7 and higher.
