Sifting through the spines: identifying (potential) Cactus ransomware victims

Sifting through the spines: identifying (potential) Cactus ransomware victims

Cybersecurity strategy

Information

The effectiveness of the public-private partnership called Melissa [2] is increasingly evident. The Melissa partnership, which includes Fox-IT, has identified overlap in a specific ransomware tactic. Multiple partners, sharing information from incident response engagements for their clients, found that the Cactus ransomware group uses a particular method for initial access.Following that discovery, NCC Group’s Fox-IT developed a fingerprinting technique to identify which systems around the world are vulnerable to this method of initial access or, even more critically, are already compromised. Qlik Sense vulnerabilities Qlik Sense, a popular data visualisation and business intelligence tool, has recently become a focal point in cybersecurity discussions. This tool, designed to aid businesses in data analysis, has been identified as a key entry point for cyberattacks by the Cactus ransomware group. The Cactus ransomware campaign Since November 2023, the Cactus ransomware group has been actively targeting vulnerable Qlik Sense servers. These attacks are not just about exploiting software vulnerabilities; they also involve a psychological component where Cactus misleads its victims with fabricated stories about the breach. This likely is part of their strategy to obscure their actual method of entry, thus complicating mitigation and response efforts for the affected organizations. For those looking for in-depth coverage of these exploits, the Arctic Wolf blog [3] provides detailed insights into the specific vulnerabilities being exploited, notably CVE-2023-41266, CVE-2023-41265 also known as ZeroQlik, and potentially CVE-2023-48365 also known as DoubleQlik. Read more at https://blog.fox-it.com/2024/04/25/sifting-through-the-spines-identifying-potential-cactus-ransomware-victims/
Fox-IT05.B071Fox-IT (part of NCC Group) prevents, solves and mitigates the most serious cyber threats with smart solutions for government, defense, law enforcement, critical infrastructure, banking, and multinational corporations worldwide. It is Fox-IT’s mission to make technical and innovative solutions that ensure a more secure society. We accomplish that by offering advanced cyber security solutions and services that are trusted by government bodies and major enterprises worldwide. We have a strong focus on innovation and a tireless dedication to our clients, our values and our integrity. As advancements in internet technology expand opportunities for misuse by increasingly sophisticated cyber criminals, state actors and terrorists, Fox-IT is continuously at the forefront of protecting our customers against these threats. Our products and services improve prevention, detection and response capabilities by continuously monitoring network and endpoints of our customers with our own innovative products and specialist staff. We harden the security of critical IT networks and systems and train employees in various areas of cyber security. Intelligence is key throughout the services we deliver and with our highly experienced security specialists gathering and analyzing threat intelligence on a 24/7 basis we have one of the most advanced Security Operation Centers worldwide.

Join the event!