Lazarus, who are believed to have ties to the North Korean government, are well known in the world of cybersecurity. In 2022, Lazarus were rumored to have stolen a total of $1.7 billion worth of cryptocurrency across the year. So, yes, Lazarus is a force to be reckoned with. As their latest attack targets organizations rich in sensitive data, it’s important to understand their methods and determine the lessons that can be learned.
What Is Lazarus’ Latest Campaign?
At the heart of this new attack by Lazarus is the ManageEngine ServiceDesk. This management suite is used to help organizations manage their entire IT infrastructure. From networks and servers through to mobile devices and applications, ManageEngine helps make life easier for IT teams. It’s a highly popular management suite, with numerous Fortune 100 businesses implementing it. For healthcare organizations, it’s a crucial service which allows them to stay productive and support their IT systems.
However, as with all, applications, ManageEngine is not 100% secure. The CVE-2022-47966 vulnerability, which was discovered in January 2023, was first exploited by threat actors in February of the same year. This vulnerability allowed the deployment of QuiteRAT, a new and complex brand of malware. QuiteRAT let the threat actors steal data relating to the compromised device and, cleverly, allowed QuiteRAT to “sleep” in order to appear dormant and stay off the radars of security professionals.
Another part of the attack also involves a new strain of malware dubbed CollectionRAT, which has the ability to perform typical remote access trojan tasks such as executing commands on a compromised system. As with previous campaigns, this latest strike utilizes many of the trademark Lazarus tactics and innovations. For example, by using open-source tools to create CollectionRAT, the threat actors are able to launch their attacks more quickly and without raising the alarm immediately.
How Do You Protect Your Organization from Lazarus?
Naturally, the most obvious way to protect your IT infrastructure from Lazarus is to be prompt with installing software patches. Lazarus appears to have infiltrated these healthcare organizations due to a known vulnerability, so patching any holes within your IT systems is essential. Luckily, many updates, such as Windows, can be set to automatic and ensures that your applications are as secure as they can be.
Hacking groups, however, don’t rely solely on vulnerabilities to launch their attacks. In fact, they will deploy almost every technique you can think of to launch an attack. The best practices to stay safe from these are:
- Create backups: when confronted with any form of malware, there’s a good chance that your business data will be at risk or being compromised or even permanently erased. Therefore, it’s important that your organization creates regular backups to preserve your data and productivity. One of the most comprehensive methods you should use is the 3-2-1 backup method.
- Educate your staff on phishing: staff awareness of phishing is crucial due to the rising risk of phishing and social engineering attacks. Recognizing the telltale signs of a phishing email prevents the chances of data breaches and compromised credentials. This will result in a securer IT landscape for your organization and protect your networks and data.
For more ways to secure and optimize your business technology, contact your local IT professionals.