Russian cybercriminals are having a field day targeting the most diverse yet vulnerable league of people – the remote workforce of America. They have unleashed a series of targeted hacking campaigns on people working away from the safety of official IT infrastructure.

With an unprecedented section of office workers being forced to shift their work at home, hackers have taken full advantage of the insecure remote workforce. The wave of threats will only mount in magnitude while getting even more nefarious in strategy. Not just from bad players at home, workers and enterprises at large have to brace for sinister cyber assaults from nation-states with vested interests.  

The ‘Evil Corp’ at work

Symantec Corporation, a global cybersecurity firm and division of Broadcom, has uncovered vicious directed attacks on as many as 31 organizations located in the US by June, 2020. Meaning that the actual count can be much higher. The majority of the victims include 11 large listed corporations among which 8 are Fortune 500 companies. The attackers managed to breach these networks and were laying the foundation for staging lethal ransomware attacks.  

These offensives were perpetrated by the notorious Russian cybercrime outfit, ‘Evil Corp’. They have also worked time and again for Russian intelligence. ‘WastedLocker’ is the relatively new and deadlier breed of targeted ransomware employed by this agency.

The modus operandi of the attackers involves masquerading as an innocent software update to get access to a victim’s network. A JavaScript-based model known as SocGholish is used in the process. Once inside the network, the ‘Cobalt Strike’ commodity malware initiates credential theft and progressively moves across the compromised network to deploy the targeted WastedLocker ransomware across multiple computers.

The two leaders of this Russian agency were earlier indicted by the US Justice Department. This is their retaliation strategy to cripple numerous largest enterprises and news organizations in the US.

According to Symantec, the attackers are highly experienced and skilled with the capacity of penetrating some of the highest protected networks. The dangerous WastedLocker ransomware can disarm the victim network and create significant operational disruptions that will lead to a costly and inevitable cleanup.

The NSA warns of an increase in targeted Russian attacks on remote workers

In a recent advisory, the National Security Agency (NSA) highlighted that state-sponsored Russian groups have been attacking a particular vulnerability across a number of organizational remote-work platforms created by VMware. The company in the eye of the storm issued an immediate security bulletin detailing workarounds and various patches to do away with the flaws. These are the weaknesses used by Russian threat actors to gain privileged access to sensitive data.

Securing remote accesses has been a tough task for any business. However, newer exposures and different risks have cropped up in the lack of a traditionally secure office network. Hackers were attacking enterprises, including government agencies, through flawed tools like VPN to get access to internal networks.

The Cybersecurity and Infrastructure Security Agency (CISA) issued advisories urging administrators to patch the VMware weakness urgently. An attacker lurking on the web jungle will exploit this flaw to take control of a compromised system.

How does Condition Zebra defend your business?

COVID-19 has resulted in a hurried digital transformation that most businesses were not ready to keep pace with. They have been playing catch up ever since which in turn prompted hackers backed by foreign nation-states to pounce on businesses unaware. Endpoint Security and Secure Remote Access are the vanguards of cyber defence.

At Condition Zebra, we offer end to end IT security solutions to secure your business from prying eyes and deadly threat actors. An array of web, VPN, IoT, and network penetration testing and vulnerability assessment solutions will provide the much-needed safety net for your enterprise and remote workforce. 

Claim your basic Free Pentest, to understand how vulnerable your Network and Web Applications.

Click here to claim your Free Pentest

Also, we cannot afford to overlook training for your IT workforce. We’re offering specialized training, in Network Penetration Testing and Web Application Penetration Testing. Both of this course is high value because there is a practical session as well, so far we have 600+ IT Professionals from various background who have attended the training.

Click here to learn more about the training