A ransomware group with business ties to Iran is believed to be linked to a series of file-encrypting malware attacks targeting organisations in Israel, the US, Europe and Australia. Cybersecurity firm Secureworks blamed the intrusion on a threat participant it tracked codenamed Cobalt Mirage, which is linked to the Iranian hacking group known as Cobalt Illusion (aka APT35, Charming Kitten, Newscaster or Phosphorus) . The Cobalt Mirage group allegedly carried out two different sets of intrusions, one of which involved opportunistic ransomware attacks for financial gain through the use of legitimate tools such as BitLocker and DiskCryptor. The second group of attacks is more targeted, with the primary goal of securing access and gathering intelligence, while deploying ransomware in specific situations.
Enterprises that are behind on patching policies should catch up as quickly as possible, testing and applying updates for Log4j, ProxyShell, and Microsoft Exchange issues, according to the Secureworks team.
COBALT MIRAGE’s capacity to leverage publicly available encryption tools for ransomware operations and mass scan-and-exploit activity to infect businesses, at the very least, provides a continuous threat, according to the report.
“Organizations should prioritize fixing high-severity and well reported vulnerabilities on internet-facing systems, implementing multi-factor authentication, and monitoring for the tools and file-sharing platforms utilized by COBALT MIRAGE,” according to Secureworks experts.
We advise computer users to be more aware of security precautions, make daily backups (preferably off-site), do not visit websites containing unknown risks or open email attachments of unknown origin, and keep antivirus software real-time monitoring features turned on.
We propose that companies employ available controls to review and restrict access using the indicators listed in Table 1 to mitigate exposure to this infection. It’s worth noting that IP addresses can be reassigned. Consider the dangers before opening the domains and IP addresses in a browser because they may contain dangerous content.
Backup and recovery procurement and implementation are simplified when vmware backup and restore best practices is built into application equipment. The device-based solution pre-integrates the required computing, storage, software, and network interface components, eliminating the need for each part configuration and acquisition and enabling a more plug-and-play installation and configuration experience. Furthermore, because the devices are designed for data processing, they will not disappoint in terms of performance. Dell is one corporation that encourages the usage of device-based data security.
Virtualized devices eliminate the need for actual device packaging, making data backup easier and less expensive. In the operating system that will be used to run the virtual machine’s application, it is feasible to pre-install, pre-configure, and extensively test the application system. By executing a large number of difficult software programs, it attempts to reduce material, installation, configuration, and maintenance costs. Virtual devices are appealing for application deployment because they boost resource utilization and provide greater flexibility in terms of high availability, load balancing, and business continuity setup than real hardware.
It’s time to make a change…
Vinchin Backup & Recovery is always on hand to make hybrid cloud backup as straightforward as possible. With support for the majority of virtual platforms, including VMware, Hyper-V, XenServer, and a range of other KVM-based hypervisors, you can easily establish a comprehensive backup strategy from a single pane of glass.
Learn more about Vinchin Backup & Recovery’s 60-day full-featured free trial, and take advantage of the solution’s intelligent, secure, and efficient data protection.
Make backing up your data a habit!