When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Threat actors target healthcare industries to steal patients' names, financial records, social security numbers, and other personal information.
Threat actors target enterprises to steal sensitive data, encrypt network files, and demand ransoms.
Phobos ransomware group teamed up with an Initial Access Broker (IAB) threat actor known as Zebra2014 helping the group break into networks of multiple firms in Australia and Turkey.
Phobos ransomware group developed the “Fair” variant to bypass detection technologies through several approaches.
The EKING variant of Phobos ransomware infected Microsoft Windows using a Microsoft Word document with a malicious Macro designed to spread the variant.
.Phobos
Phobos ransomware targets remote desktops on port 3389, which is a legitimate protocol system administrators use to access servers remotely. The problem is internet-facing servers including cloud servers or demilitarized zone (DMZ) infrastructure are not secured. Cloud service providers can enable RDP to any public IP address on the internet allowing users to access any public computer if they know the username and password. Issues arise when system administrators or users use weak and guessable passwords that are easily hacked and vulnerable to brute force attacks. Threat actors can scan and access the ports using weak or illegally obtained login information. Threat actors obtain information about the exposed RDP server ports by querying extensive IP ranges using botnets. The threat actors configure the botnets to search for systems with port 3389 open and conduct a brute force attack on the RDP session guessing the password once they identify the port. Once the threat actors have access to the compromised servers, they copy and execute the ransomware payload with administrator privileges. Threat actors would download and implement hacking tools to disable, terminate, and unregister antivirus programs. According to SpearTip’s investigation, two variants of Phobos, EKING and Makop, are used to infect the victim’s systems through a Mircosoft Word document with a malicious Marco, encrypt the files and demand a ransom to decrypt the files.
SpearTip’s ShadowSpear platform defends your environment with unparalleled resources preventing cybersecurity threats and attacks from affecting your business. ShadowSpear integrates with cloud, network and endpoint devices providing security. ShadowSpear prevents ransomware from exploiting memory, stopping the threat before the full attack cycle. The ShadowSpear Platform is backed by the engineers in our 24/7 Security Operations Centers, ready to assist partners with security issues immediately.
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.