Can confirm this phase just started
https://twitter.com/caseyjohnellis/status/1469476148618805249
Ransomware groups have started posting successful exploits on a number forums and chats
While they are doing recon they are literally tossing up cryptominers so they maximizing profits.
While they are doing recon they are literally tossing up cryptominers so they maximizing profits.
Many of them are also not deploying RCE as a vector.
Many of them are grabbing server variables in order to maximize effectiveness and efficiency against targets.
Customized exploitation and info stealing are abound.
Many of them are grabbing server variables in order to maximize effectiveness and efficiency against targets.
Customized exploitation and info stealing are abound.
Very important: just watched attackers attempt to manually 'patch' an exploited box once they were in: smart move.
This ensures that no one else compromises the box post exploit (ie code red vs code blue days) and for admins to overlook VA scan results as false negatives.
Yikes
This ensures that no one else compromises the box post exploit (ie code red vs code blue days) and for admins to overlook VA scan results as false negatives.
Yikes
I've seen some what appears to be Mirai payloads across the wires, seems like some group of attackers have found some vulnerable IoT devices and are wget/curling those targets.
Expect some DDoS services to spring up and be very prevalent in the next couple of weeks
Expect some DDoS services to spring up and be very prevalent in the next couple of weeks
One of the groups is targeting a network packet inspecting appliances that uses elastic & logstash.
Literally the devices attempting to monitor and find vulns & security issues *in your own network* are now being compromised by sprewing traffic in subnets with log4j sploit spam
Literally the devices attempting to monitor and find vulns & security issues *in your own network* are now being compromised by sprewing traffic in subnets with log4j sploit spam
Also bypasses for WAFs are flying around too:
Seem some similar to this as well as other variants:
Stay vigilant
Seem some similar to this as well as other variants:
Stay vigilant
https://twitter.com/stereotype32/status/1469313856229228544?t=tyNvFYyvOt8jeLJcBWaVEQ&s=19
And @DanielGallagher just reminded me:
Medical devices will definitely be affected.
Those of you protecting medical devices and healthcare facilities, I wish you the best above all others.
This could be extremely bad in full capacity hospitals during this winter
Medical devices will definitely be affected.
Those of you protecting medical devices and healthcare facilities, I wish you the best above all others.
This could be extremely bad in full capacity hospitals during this winter
• • •
Missing some Tweet in this thread? You can try to
force a refresh
