Cring ransomware continues assault on industrial organizations with aging applications, VPNs

The Cring ransomware group continues to make a name for itself through attacks on aging ColdFusion servers and VPNs after emerging earlier this year. 

Experts like Digital Shadows Sean Nikkel told ZDNet that what makes Cring interesting is that so far, they appear to specialize in using older vulnerabilities in their attacks. 

“In a previous incident, Cring operators exploited a two-year-old FortiGate VPN vulnerability to target end-of-life Microsoft and Adobe applications. This should be a wake-up call for system owners everywhere who are using end-of-life or otherwise unsupported systems that are exposed to the internet at large,” Nikkel said. 

“While Cring has operators that have used Mimikatz on systems to gain credentials, there’s also evidence of native Windows process usage, which potentially blends in with otherwise legitimate activity. This can often make it more tricky for network hunters and defenders to see anything malicious until it’s too late. This and previous attacks also showcase the continued adoption and use of Cobalt Strike beacons by various threat actors, which often make the post-exploit phase easier for attackers to manage.”

Sophos released a report in September highlighting one specific incident where Cring operators exploited a vulnerability in an 11-year-old installation of Adobe ColdFusion 9 to

Read More: https://www.zdnet.com/article/cring-ransomware-continues-assault-on-coldfusion-servers-vpns/#ftag=RSSbaffb68