Finland is currently facing an alarming situation as organisations face a rapid surge in ransomware attacks, causing widespread alarm. In response to the rise in threat, Finland’s National Cyber Security Centre (NCSC-FI) issued a warning.
The Akira ransomware notably caused the recent rise, responsible for six out of seven reported attacks in December. The problem got worse considerably because of this attack.
The precise time of these attacks, three of which came up around the Christmas season, adds to the issue. Organisations seem to be less careful at this time, which increases their vulnerability to these kinds of attacks.
Erasing backups increases the attack’s effect by removing the option of data restoration without paying the ransom. According to the Finnish agency (NCSC-FI), the Akira ransomware attack affected even smaller organisations that relied on network-attached storage (NAS) systems.
According to reports, the Akira ransomware differs from normal hacking attempts in that it goes beyond simple data encryption. It attacks with unparalleled fury Network Attached Storage (NAS) and tape backup systems.
This a notable change from common cyber threats, as the attackers target tape backup machines, which are often used as secondary systems for storing digital data copies. This change in cybercriminal techniques presents a significant issue for organisations that rely significantly on these storage solutions.
According to a statement from NCSC-FI:
In all cases, efforts have been made to meticulously destroy backups, and the attacker indeed goes to great lengths for this. Network-Attached Storage (NAS) devices often used for backups have been broken into and emptied, as well as automatic tape backup devices, and in almost all cases we know of, all backups were lost.
The Finland cybersecurity agency highlights Akira’s malicious expertise, including its ability to erase data from network area storage (NAS) and tape backup devices. There will be serious consequences for both persons and corporations. Akira’s main objective, which goes beyond financial benefit, appears to be completely removing important data kept on these platforms.
Systematic Attacks Using Cisco VPNs to Target Network Devices
The Akira ransomware has targeted network equipment, including the Cisco Adaptive Security Appliance and Cisco Firepower Threat Defence devices.
This malicious activity exploits a zero-day vulnerability known as CVE-2023-20269. This issue enables brute-force attacks, allowing attackers to get unauthorised access to the company’s systems.
Cisco identified CVE-2023-20269 as a zero-day in September 2023 and published updates the following month. However, security experts had already noted in August 2023 that the Akira ransomware was using it to gain unauthorised access.
Neural network mapping is one of the identified post-compromise activities, with particular focus on backup and significant servers. Additionally, passwords and usernames from Windows servers are stolen, important information are encrypted, and virtual machine disks—with a focus on servers running VMware products—are encrypted.
Finland was quick to recognise the seriousness of the Akira threat and put in place an urgent response strategy. To implement effective defences against these skilled attackers, the government is presently collaborating closely with enterprises, law enforcement organisations, and cybersecurity experts.
Recommendations
The NCSC-FI highlights how important Multi-Factor Authentication (MFA) is for protecting login credentials. It also suggests updating Cisco equipment to the most recent patched versions to improve security.
It is strongly recommended that organisations upgrade to at least Cisco FTD 6.6.7 and Cisco ASA 9.16.2.11 or later to improve protection against potential attacks targeting this issue.
The Finnish agency recommends that businesses switch to offline backups. It is preferable to distribute these copies across many places to prevent unauthorised physical access.
The focus of cyberattacks has shifted to Finland, making it the current centre. However, the global community must be aware. Like other malicious malware, the Akira ransomware ignores limits and legal nations worldwide. Because it presents a worldwide threat, governments and organisations must take swift action on an organised approach.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.
