Databreach BazarBackdoor Cybercrime
What’s Worse than Hackers Making Millions? Your Firm Contributing to It!
Besides being calculated and stealthy, hackers are becoming gutsier and wealthy! Hacker team RYUK “one” Group leads the pack utilizing covert BazarLoader/BazarBackdoor as their tool of choice for enterprise targets; This trojan deploys hard-to-detect malware that, as researchers at Advanced Intel explain, relies upon “minimal functionality while on the host producing high-value long-term infections due to its simplicity and external operation dependency to exploit more information later.”
The larger the giant, the harder he falls. That’s why RYUK “one” Group dare ask for a sizable payload in exchange for the encryption key they give an enterprise they’ve targeted. The costs of interrupted operations and seized data can be as or larger than the fee for new keys to the kingdom. When viewed that way, a multi-million dollar ransom is a small price to pay when compared to what a giant stands to lose in revenue, reputation, and workforce loyalty.
Data breach statistics show that Black Hat hackers have spent most of their 2020 energy on modulating malware so that anti-virus protection fails and even your backups become infected! In that same timeframe, Data-Guard 365’s Sentinel One platform, together with others in the cyber-fight industry, have and continue to spend their time analyzing and learning how to defeat the trojans that hackers design…to penetrate, plant, and to detonate-upon-command, ransomware like RYUK.
Take this hide-and-seek trojan, BazarBackdoor, together with RYUK “one” Group’s carefully planned detonation within an enterprise-sized network, and it’s easier to see why bad actors are brazen in demands of million dollar ransoms (like one recently acquired, single-hit totaling $34 million!). It’s not a pretty picture and one you should avoid by leveraging the kryptonite that weakens any hacker’s game: Artificial Intelligence Tools and the experts who use them, available in vendor partners like Data-Guard 365.
Vitali Kremez’s research delineates the attack anatomy. He writes that these criminals favor Cobalt Strike beacon as an immediate post-exploitation payload of choice. The additional open-source toolkits they rely on are Mimikatz, PowerShell PowerSploit, LaZagne, AdFind, Bloodhound, and PsExec, and Kremez goes on to share that …”RYUK “one” Group’s anatomy of the attack reveals a mature, prolific, targeted cybercrime operation relying on usage of pentester toolkits.” (For Kremez’s work detail, search Anatomy of Attack: Inside Bazar Backdoor to RYUK Ransomware “one” Group via Cobalt Strike.)
What to watch for to avoid being caught up in their stealth? Spear-phishing campaigns are how these damaging BazarBackdoor compromises begin, intended to lure you and your employees to open/click/forward/respond.
They appear to be common communication transmissions (such as notifications, payroll, customer complaints, or service reports), or event news and holiday-invitations. Considering your personnel are either your first line of defense, or the ones who inadvertently open wide the gate to thieves, you’re best served to engage cyber-specialists to train your people, protect your internal IT security efforts, and monitor activity 24/7.
Cybercriminals are not those with whom you need share the spoils of your hard earned work this Thanksgiving season! A meager, budgeted sum for a cybersecurity partner who spares you breach and disaster recovery – versus an unpredictable ransom – is exactly how you’ll keep unwanted stealth away from your wealth!
Discover Data Guard 365
Data-Guard 365 is a MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide invincible cyber security for a price point that pays for itself. www.Data-Guard365.com / (317) 967-6767 / info@data-guard365.com
Back to Articles/Blog