Powered by MOMENTUM MEDIA
cyber security connect logo

Breaking news and updates daily. Subscribe to our Newsletter!

Breaking news and updates daily. Subscribe to our newsletter

Conti emerges as growing cyber threat

by Reporter
06 September 2021 | 1 minute read

The dissolution of notorious cyber actors has paved the way for a new cyber threat, according to Sophos research.

Conti ransomware has emerged as an increasingly active cyber threat following the dissolution of DarkSide, REvil and Avaddon, which operated under a ransomware-as-a-service (RaaS) business model.

A new analysis from cyber security company Sophos suggests Conti is exploiting ProxyShell — a collection of vulnerabilities for Microsoft Exchange servers, which enables an actor to bypass authentication and execute code as a privileged user.

Advertisement
Advertisement

Conti attackers are reportedly gaining access to the target's network and set up a remote web shell in under one minute, and are installing a second, backup web shell just three minutes later.

“Within 30 minutes they had generated a complete list of the network's computers, domain controllers, and domain administrators,” Sophos noted.

“Just four hours later, the Conti attackers had obtained the credentials of domain administrator accounts and began executing commands.”

ISCOVER

Alarmingly, Sophos found that within 48 hours of initial access, attackers exfiltrated approximately one terabyte of data.

“After five days had passed, they deployed the Conti ransomware to every machine on the network, specifically targeting individual network shares on each computer,” the company added.

Conti attackers were reported to have installed seven backdoors on the network — two web shells, Cobalt Strike and four commercial remote access tools (AnyDesk, Atera, Splashtop and Remote Utilities).

“Cobalt Strike and AnyDesk were the primary tools used for the remainder of the attack. It was swift and efficient,” Sophos noted.

“Patching is absolutely essential.”

Sophos urged stakeholders to patch and deploy preventative security measures, including anti-ransomware and behavioural and machine learning technology. 

 

Conti emerges as growing cyber threat
cyber-warfare.jpg
lawyersweekly logo
newsletter
cyber security subscribe
Be the first to hear the latest developments in the cyber security industry.