cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Conti emerges as growing cyber threat

The dissolution of notorious cyber actors has paved the way for a new cyber threat, according to Sophos research.

user iconReporter
Mon, 06 Sep 2021
Conti emerges as growing cyber threat
expand image

Conti ransomware has emerged as an increasingly active cyber threat following the dissolution of DarkSide, REvil and Avaddon, which operated under a ransomware-as-a-service (RaaS) business model.

A new analysis from cyber security company Sophos suggests Conti is exploiting ProxyShell — a collection of vulnerabilities for Microsoft Exchange servers, which enables an actor to bypass authentication and execute code as a privileged user.

Conti attackers are reportedly gaining access to the target's network and set up a remote web shell in under one minute, and are installing a second, backup web shell just three minutes later.


“Within 30 minutes they had generated a complete list of the network's computers, domain controllers, and domain administrators,” Sophos noted.

“Just four hours later, the Conti attackers had obtained the credentials of domain administrator accounts and began executing commands.”

Alarmingly, Sophos found that within 48 hours of initial access, attackers exfiltrated approximately one terabyte of data.

“After five days had passed, they deployed the Conti ransomware to every machine on the network, specifically targeting individual network shares on each computer,” the company added.

Conti attackers were reported to have installed seven backdoors on the network — two web shells, Cobalt Strike and four commercial remote access tools (AnyDesk, Atera, Splashtop and Remote Utilities).

“Cobalt Strike and AnyDesk were the primary tools used for the remainder of the attack. It was swift and efficient,” Sophos noted.

“Patching is absolutely essential.”

Sophos urged stakeholders to patch and deploy preventative security measures, including anti-ransomware and behavioural and machine learning technology.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.