InfoSec News Nuggets 10/14/2021

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Security researchers have discovered a new threat actor that carries out lightning-fast hacks, typically under 30 minutes, steals a company’s files, and then extorts the victim with threats to leak the data online or to media outlets unless a ransom payment is made within a few days. Discovered by Dutch security firm Fox-IT, the company named the group SnapMC because of its short-lived intrusions and the use of a tool called mc.exe for data exfiltration. Fox-IT researchers said the group typically breaches company networks via vulnerabilities in web-facing software, with several intrusions linked to the exploitation of CVE-2019-18935, a vulnerability in a UI component for the Telerik ASP.NET framework. Once inside, the group moves fast to collect data from local systems and typically doesn’t spend more than 30 minutes on a hacked network. Following a successful exfiltration, SnapMC operators send emails to the hacked company with a list of the stolen files as evidence. Companies are usually given 24 hours to respond to the email and another 72 hours to

Read the article