It is highly recommended to implement and maintain a regular patching cycle for all devices in an organization and particularly devices that are Internet-facing. Vice Society exploits vulnerabilities to both gain an initial foothold into an environment as well as escalating privileges on infected systems. By making sure all devices are up-to-date on patches consistently, an organization can help prevent threat actors like Vice Society from being able to gain a foothold into an environment. It is also recommended to employ good ransomware protection practices, such as creating regular off-site backups of critical systems and creating a segmented network, to help prevent successful ransomware attacks from destroying an environment.
Finally, it is highly recommended to implement and maintain good security endpoint controls, such as EDR, on all devices in an organization. EDR can be used to prevent or detect multiple stages of the attack used by threat actor groups like Vice Society as they move and exploit systems in the environment. Creating customized detections for behaviors exhibited by Vice Society and other threat actor groups is also recommended to alert the organization to a compromise prior to data exfiltration or ransomware execution. Windows Defender Registry keys being modified by abnormal processes, legitimate Windows binaries being used in a suspicious manner, and PowerShell making outbound connections to unknown external IP addresses are all behaviors that Vice Society exhibits that could be considered suspicious. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.
https://thehackernews.com/2022/10/vice-society-hackers-are-behind-several.html
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
