NEWS  Security  November 23, 2023  Reading time: 2 Minute(s)

Max (RS editor)

In a recent advisory, the Federal Bureau of Investigation (FBI) has issued a warning to industries following a surge in cyber threats exploiting vulnerabilities in vendor-controlled remote access to casino servers, third-party vendors, and associated services. The alert sheds light on the rising trend of ransomware initial access, with a particular focus on the targeting of smaller tribal casinos through gaming vendors.

The perpetrators, identified as the Silent Ransom Group (SRG), also known as Luna Moth, have been employing callback phishing attacks as part of their nefarious activities, according to the FBI advisory. This sophisticated tactic involves luring victims into clicking on phishing links cleverly disguised as urgent account notifications.

Upon calling the provided phone number, victims are instructed to download seemingly legitimate system management tools through an email link. The SRG then utilizes these tools to install repurposed applications, compromising local files and network-shared drives. The group subsequently exfiltrates sensitive data and demands a ransom for its safe return.

Security experts have emphasized the intricacies of callback phishing in detailed analyses, describing callback phishing as a cunning form of phishing, where attackers utilize phone numbers instead of conventional URLs to deceive unsuspecting victims, setting it apart from typical phishing scams. Callback phishing messages are delivered as unclickable images, creating a false sense of urgency and providing a phone number. Recipients are urged to call the number, connecting them to overseas call centers or, as highlighted by the FBI, possibly leading to the attacker's call center.

"The ultimate goal of callback phishing, whether perpetrated by ransomware groups or generic scammers, is to persuade the victim to install malicious software"  - Roger Grimes (security expert)

Unlike traditional methods, advanced callback techniques no longer rely on custom backdoors or trojans. Instead, attackers leverage semi-legitimate or entirely legitimate remote access programs commonly used by administrators and users.

The FBI recommends several proactive measures for users and organizations to safeguard against such threats. To shield themselves from the Silent Ransom Group, organizations are encouraged to implement robust security measures, such as keeping offline and encrypted data backups, regularly updating software and operating systems, having a comprehensive plan for responding to ransomware attacks, enforcing strong password policies, and educating employees on how to recognize and avoid callback phishing attacks.

COVER IMAGE BY FREEPIK / mage by Freepik