Cybereason releases global threat report on ransomware

Cybereason today issued a global threat report warning global organizations about a rise in ransomware attacks using the Bumblebee loader. The new research focuses on the post-exploitation actions and tactics, techniques and procedures used in attacks. Interestingly, the loader became the ‘loader of choice’ for Conti Group, one of the most prolific ransomware gangs in the world.

Bumblebee was discovered in March 2022 by Google’s Threat Analysis Group and Cybereason previously reported on Bumblebee in April 2022. Cybereason is now warning global organizations that attacks involving Bumblebee must be treated as CRITICAL. Based on Cybereason’s global security operations center findings, Bumblebee has risen to become the loader of choice amongst most threat actors.

Additional Key Findings:

· User-Driven Execution: The majority of the infections with Bumblebee we have observed started by end-users executing LNK files which use a system binary to load the malware. Distribution of the malware is done by phishing emails with an attachment or a link to the malicious archive containing Bumblebee.

· Intensive Reconnaissance and Data Exfiltration: Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration.

· Active Directory Compromise: The attackers compromised Active Directory and leveraged confidential data such as users’ logins and passwords for lateral movement. The time it took between initial access and Active Directory compromise was less than two days.

· Under Active Development: Cybereason GSOC has observed threat actors transitioning from BazarLoader, Trickbot, and IcedID to Bumblebee, which seems to be in active development and generally the loader of choice for many threat actors.

· Critical Severity: Attacks involving Bumblebee must be treated as critical. Based on GSOC findings, the next step for the threat actors is ransomware deployment, and this loader is known for ransomware delivery.

Ransomware attacks can be stopped. Cybereason offers these recommendations to Defenders to reduce their risks:

· Practicing good security hygiene like implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched.

· Assuring key players can be reached at any time of day as critical response actions can be delayed during off peak hours, holidays and weekends, when attacks occur during off hours and on weekends and holidays.

· Conducting periodic table-top exercises and drills and including those beyond the security team like Legal, Human Resources, IT Support and all the way up to the Executive Suite is also key to running a smooth incident response.

· Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended.

· Evaluating lock-down of critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.

· Deploying EDR on all endpoints. The quickest remedy to the ransomware scourge for public and private sector businesses is deploying EDR on endpoints according to Gartner’s Peter Firstbrook. Yet Firstbrook says that only 40% of endpoints have EDR.

For more news updates, check out our latest issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top