Analysts at the cybersecurity firm warn that so far there are more than 100 vulnerable local instances that could be exploited by attackers
Lumu Technologies, the cybersecurity company that created the Continuous Compromise Assessment™ model, which allows organizations to measure security compromises in real time, today announced the detection of an imminent threat from a wave of cyberattacks promoted by the Copode 1.0 group in Brazil. According to the company’s analysts, 116 vulnerable instances have been detected so far in the country, which positions it as the most vulnerable in the world, ahead of France, with 61, and the United States, with 58, in second and third place respectively.
According to Lumu, it is urgent that Brazilian organizations make sure they are among those affected, since “this group of cybercriminals stands out for having a high capacity to compromise organizations, infect computers on the network and camouflage themselves to remain inside without being noticed”, warns German Patiño, vice president of sales for Lumu Technologies for Latin America.
Added to this is the fact that other ransomware and cybercriminal groups can take advantage of the same code as Lockbit 3.0, a variation of the LockBit Black code leaks, originally leaked in September 2022. And this increases the potential for the attack to circulate, as attackers have a great ability to move laterally and have advanced techniques for acting.
Among the security recommendations listed by the company’s experts are updating systems (patching), identifying whether the network has already been compromised and validating whether the organization’s assets are already in contact with the indicators of compromise (IoCs).
Similar to many ransomware variants, the current threat focuses primarily on identifying vulnerable services in the attack surface of potential victims, exploiting factors such as system obsolescence, unpatched vulnerabilities, misconfigurations or even zero-day exploits. “By meticulously examining these weak points, it seeks to find entry doors that can be scoured to gain unauthorized access and launch its ransomware attacks,” Patiño points out.
“The emergence of Copode 1.0 underscores the need for effective security practices, including patching vulnerabilities, shrinking the attack surface and monitoring the network for suspicious activity. As the threat landscape adapts, cybersecurity practices must evolve to remain vigilant and effectively combat these increasingly sophisticated threats,” concludes German Patiño.