"FBI and CISA Issue Conti Warning"
An alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) over Conti ransomware. In the warning, posted on September 22, the agencies observed the increased use of Conti in more than 400 attacks against organizations in the United States and internationally. Conti actors often get network access via spearphishing campaigns, stolen or weak remote desktop protocol (RDP) credentials, phone calls, fake software promoted via search engine optimization, common vulnerabilities in external assets, and other malware distribution networks. In the execution phase, the actors run a getuid payload, then use a more aggressive payload to lower the risk of triggering antivirus engines. Cobalt CISO Andrew Obadiaru recommends that business leaders deploy the following security safeguards: invest in email filtering and phishing detection capabilities, protect and properly secure your remote desktop platform connectivity, perform regular backup testing, and ensure your backups are offline.