If you’ve ever groaned when you see a popup on your phone or computer telling you that a security update is available, you’re not alone. These updates can be disruptive and can also take quite a bit of time. However, they are important. In fact, the FBI has issued a warning about a ransomware attack that is targeting mobile devices. This attack relies on systems that have unpatched security vulnerabilities or flaws.
FBI ransomware warning
According to a joint security advisory published on the 19th of February by the FBI and the Cybersecurity and Infrastructure Security Agency, they warn organizations around the world of a new ransomware attack called Ghost that can affect mobile users as well. This attack has hit more than 70 countries worldwide and is targeting various industry sectors.
The FBI claims that these threat actors are working out of China. However, unlike your typical cyberattacks, such as phishing, the Ghost attack exploits security vulnerabilities found in unpatched software and firmware. This means that victims aren’t required to be tricked into clicking a malicious link for these attacks to happen.
According to the security advisory, “The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple Common Vulnerabilities and Exposures. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances, servers running Adobe ColdFusion, Microsoft SharePoint and Microsoft Exchange, commonly referred to as the ProxyShell attack chain.”
Some of the CVEs that the campaign has exploited include, CVE-2009-3960, CVE-2010-2861, CVE-2018-13379, CVE-2019-0604, CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523.
Remember that these attacks don’t target mobile devices specifically, but rather the systems that mobile devices might connect to. So, if you visit a website or connect your phone to a company network that lacks the latest security updates, you put your device at risk.
Staying safe
If you’re a business organization, the FBI has advised that you should maintain regular system backups stored separately from source systems. This is to prevent the data from being compromised or altered. Businesses and IT admins should also patch known vulnerabilities as soon as possible. They are also advising that if possible, segment networks to restrict lateral movement from infected defects. Lastly, they also suggest implementing Phishing-Resistant MFA for access to all privileged accounts and email services.
This mostly applies to businesses, but for end users, it doesn’t mean you should relax. You should also ensure that your mobile device has the latest security updates installed. We know it can disrupt your mobile usage for a few minutes, but it’s better to be safe than sorry.
2025-02-24 15:04:54