Overview
The notorious ransomware group, Black Basta, has intensified its use of social engineering techniques to infiltrate organizations, leveraging Microsoft Teams and malicious QR codes to gain unauthorized access. The campaign, recently uncovered by ReliaQuest, demonstrates a sophisticated and evolving threat targeting various sectors.
Details
Black Basta is known for adapting its strategies to bypass traditional security measures. In their latest campaign, the attackers:
Recent investigations suggest that many of these malicious activities are conducted from Russia, with a noticeable pattern involving Moscow’s time zone.
In one observed case, a user received up to 1,000 phishing emails within 50 minutes, showcasing the group’s ability to overwhelm victims. These tactics ultimately aim to install Cobalt Strike and Impacket tools, enabling lateral movement within networks, leading to ransomware deployment..
Impacted Systems
Organizations using Microsoft Teams and lacking adequate controls on external communications are particularly at risk. The campaign targets multiple sectors, highlighting the need for widespread vigilance.
Mitigation Recommendations
To counter the threat posed by Black Basta, consider implementing the following security measures:
As Black Basta continues to refine its methods, maintaining a proactive cybersecurity stance is critical. Staying up-to-date on emerging threats, implementing robust security protocols, and fostering a culture of cybersecurity awareness can significantly mitigate the risk posed by sophisticated ransomware campaigns.
References
https://cybersecuritynews.com/black-basta-microsoft-teams/
Contact Us
If you have any questions or require further information on any other cybersecurity matters, please don’t hesitate to contact our dedicated team at [email protected].
If you want to see more about the SOC service we offer, please follow this link https://maidar.io/
We use cookies to improve your experience, personalise content and ads, to provide social media features and to analyse our traffic.By accepting this notice, you agree to our use of cookies.
These cookies are essential for the website to function properly. They help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. They usually set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, or filling in forms.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may be set through our site by our advertising partners. They do not store directly personal information, but are based on uniquely identifying your browser and internet device.
Helps analyze site usage to improve user experience. Assists us to understand how visitors interact with the website by collecting and reporting information anonymously. These may be set by us or by third party providers whose services we have added to our pages.
Used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.