Major Firms Targeted by Emerging Cybercrime Campaign
Experts are sounding the alarm on the growing threat posed by poor cybersecurity practices among large organizations, which fail to properly secure their infrastructure. Key weaknesses such as exposed environment variable files (.ENV), long-lived credentials, and lack of least privilege architectures have made multiple companies susceptible to ransom attacks.
Cyber Extortion Strategy
According to a report by cybersecurity researchers Unit 42, an unidentified threat actor has orchestrated a formidable extortion scheme by exploiting exposed environment variable files that contain vital information like login credentials. The attackers established their operational base within AWS environments of targeted firms and proceeded to scan over 230 million unique targets to harvest sensitive information. This campaign impacted over 110,000 domains and exposed more than 90,000 unique variables.
Impact and Methodology
Among these variables, 7,000 pertained to cloud services, though this figure is not indicative of the number of affected organizations, as single enterprises may own several variables. Nonetheless, attackers obtained at least 1,500 variables from social media accounts, suggesting a significant number of victims. Additionally, the cybercriminals utilized multiple source networks for executing this operation.
Shift Away from Encryption
Interestingly, the attackers opted not to encrypt their victims’ IT infrastructures. This shift highlights a broader trend where cybercriminals are moving away from cumbersome encryption malware towards straightforward data ransom schemes. As researchers noted, managing encryptors is costly and complicated, whereas simply holding data for ransom appears equally effective.
"The campaign involved attackers successfully ransoming data hosted within cloud storage containers," Unit 42 elaborated. "Instead of encrypting the data for ransom, they exfiltrated it and left a ransom note in the compromised cloud storage container."
The researchers concluded that the attackers did not exploit any system vulnerabilities but instead leveraged human error and carelessness as entry points.
Earlier, SSP wrote that Huawei’s triple-screen folding phone leaked again.