Cyber criminals never run out of ideas to find chinks in the PC armour, break into it before turning it into a slave and demanding ransom to release data.

Cyber security solutions company Sophos has found a new technique employed by cyber criminals to bypass security layers. The attackers are gaining entry through insecure IT remote access services, such as (but not limited to) Remote Desktop Protocol (RDP).

“They are using malware to reboot the personal computers into Safe Mode to bypass protection and evading defence. The Snatch cyber criminals are now also exfiltrating data before the ransomware attack begins,” Sophos said in a report.

The US-based cyber security solutions firm said that businesses needing to comply with GDPR (General Data Protection Regulation of the EU), the upcoming California Consumer Privacy Act and other regulatory laws may need to notify data protection regulators if they are victims of Snatch.

“Snatch is an example of an automated, active attack. Once attackers gain access by abusing remote access services, they use hand-to-keyboard hacking to move laterally and do damage,” the report said.

Hackers are recruiting potential collaborators who are skilled in compromising remote access services in dark web forums. They are calling for applications from volunteers to join them.

Precautions

Sophos asked the system administrators to identify and shut down remote access services that are exposed to the public internet. “Users logged into remote access services should have limited privileges for the rest of the corporate network,” it said.

“If remote access is required, use a VPN (virtual private network) with multi-factor authentication, password audits, besides closely monitoring remote access of the network,” it said.

Related Topics