Home Security IceFire Ransomware Exploits IBM Aspera Faspex to Assault Linux-Powered Enterprise Networks

IceFire Ransomware Exploits IBM Aspera Faspex to Assault Linux-Powered Enterprise Networks

by crpt os


Mar 09, 2023Ravie LakshmananLinux / Endpoint Security

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world.

The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to cybersecurity company SentinelOne.

“This strategic shift is a significant move that aligns them with other ransomware groups that also target Linux systems,” Alex Delamotte, senior threat researcher at SentinelOne, said in a report shared with The Hacker News.

A majority of the attacks observed by SentinelOne have been directed against companies located in Turkey, Iran, Pakistan, and the U.A.E., countries that are not typically targeted by organized ransomware crews.

IceFire was first detected in March 2022 by the MalwareHunterTeam, but it wasn’t until August 2022 that victims were publicized via its dark web leak site, according to GuidePoint Security, Malwarebytes, and NCC Group.

IceFire Ransomware

The ransomware binary targeting Linux is a 2.18 MB 64-bit ELF file that’s installed on CentOS hosts running a vulnerable version of IBM Aspera Faspex file server software.

It’s also capable of avoiding encrypting certain paths so that the infected machine continues to be operational.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

“In comparison to Windows, Linux is more difficult to deploy ransomware against–particularly at scale,” Delamotte said. “Many Linux systems are servers: typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities.”

The development comes as Fortinet FortiGuard Labs disclosed a new LockBit ransomware campaign employing “evasive tradecraft” to avoid detection through .IMG containers that bypass Mark of The Web (MotW) protections.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex