{"id":15018,"date":"2023-02-17T10:47:16","date_gmt":"2023-02-17T17:47:16","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=15018"},"modified":"2023-07-11T14:30:53","modified_gmt":"2023-07-11T21:30:53","slug":"all-about-hive-ransomware","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/all-about-hive-ransomware\/","title":{"rendered":"All About Hive Ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15018\" class=\"elementor elementor-15018\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1c7926eb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1c7926eb\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-33243357\" data-id=\"33243357\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8a07ed3 elementor-widget elementor-widget-heading\" data-id=\"8a07ed3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\">One of the most prolific ransomware groups to affect healthcare facilities, nonprofits, retailers, energy providers, and other sectors, with a total of more than 1,300 institutions hit by the ransomware group worldwide and a profit of $100 million in ransom payments, Hive Ransomware has been ruling the roost since June 2021. Read on to find out what Securin experts uncovered when they revisited HIVE and their attack tactics and techniques, and what organizations can do to remain safe from future attacks. <\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc45ac1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc45ac1\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9a03310\" data-id=\"9a03310\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91253d0 elementor-widget elementor-widget-text-editor\" data-id=\"91253d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Since they burst into the limelight in June 2021 with an attack on<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom\/\" target=\"_blank\" rel=\"noopener\">\u00a0Europe\u2019s largest consumer electronics retailer, MediaMarkt<\/a>, HIVE ransomware has targeted a wide range of businesses \u2013 more than 1300 \u2013 including government facilities, critical manufacturing, information technology, telecommunications providers and healthcare and public health sectors.\u00a0\u00a0<\/p><p dir=\"ltr\">The HIVE ransomware gang\u2019s aggressive activities bumped the group into the big league of the most dangerous ransomware groups, with a daily average of three companies being targeted since June 2021. Within the span of four months between August and November 2021, HIVE ransomware had infiltrated more than 350 organizations worldwide.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3f6c649 elementor-widget elementor-widget-spacer\" data-id=\"3f6c649\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7ad193f elementor-widget elementor-widget-heading\" data-id=\"7ad193f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">In This Article:<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5fa93a elementor-widget elementor-widget-text-editor\" data-id=\"c5fa93a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li dir=\"ltr\" role=\"presentation\"><a href=\"#Deconstructing-HIVE-Ransomwares-Honeycomb\">Deconstructing HIVE Ransomware\u2019s Honeycomb<\/a><\/li><li dir=\"ltr\" role=\"presentation\"><a href=\"#HIVE-Ransomware-Cheat-Sheet\">HIVE Ransomware Cheat Sheet<\/a><\/li><li><a href=\"#Vulnerability-Information-Infographics\">Vulnerability Information + Securin\u2019s Predictive Insights<\/a><\/li><li><a href=\"#History-of-HIVE-Ransomware-Attacks\">History of Attacks by HIVE Ransomware<\/a><\/li><li><a href=\"#Interesting-Trends\">Interesting Trends\u00a0<\/a><\/li><li dir=\"ltr\" role=\"presentation\"><a href=\"#Hive-Ransomware-Attack-Methodology\">HIVE Attack Methodology<\/a><\/li><li><a href=\"#HIVE-Ransomware-MITRE-ATTACK-Map\">MITRE ATT&amp;CK Map<\/a><\/li><li dir=\"ltr\" role=\"presentation\"><a href=\"#How-We-Can-Help\">What can organizations do to prevent a HIVE Ransomware attack?<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb8d10d elementor-widget elementor-widget-spacer\" data-id=\"eb8d10d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-442b769 elementor-widget elementor-widget-menu-anchor\" data-id=\"442b769\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Deconstructing-HIVE-Ransomwares-Honeycomb\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-df78518 elementor-widget elementor-widget-heading\" data-id=\"df78518\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Deconstructing HIVE Ransomware\u2019s Honeycomb<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0737983 elementor-widget elementor-widget-text-editor\" data-id=\"0737983\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Securin cybersecurity analysts first observed HIVE ransomware, an affiliate-based ransomware variant used by cyber attackers, in June 2021. The Hive ransomware-as-a-service operation is built around a team of developers who create and manage the malware, and affiliates who carry out attacks on target networks by purchasing domains from initial access brokers.\u00a0<\/p><p dir=\"ltr\">The HIVE operators carry out a standard double-extortion ransomware attack on its targets, where cybercriminals steal sensitive files, encrypt systems, and then threaten to publish the victim\u2019s data unless a ransom is paid.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2216fb0 elementor-widget elementor-widget-image\" data-id=\"2216fb0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"640\" height=\"436\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive_ransomware.png\" class=\"attachment-large size-large wp-image-15023\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive_ransomware.png 848w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive_ransomware-300x204.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive_ransomware-768x523.png 768w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive_ransomware-220x150.png 220w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f7705d elementor-widget elementor-widget-text-editor\" data-id=\"2f7705d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Figure 1: Screenshot of HIVE ransomware\u2019s leak page for their latest attack on CHC in January 2023<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ec94d23 elementor-widget elementor-widget-spacer\" data-id=\"ec94d23\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f11a2b elementor-widget elementor-widget-spacer\" data-id=\"9f11a2b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc0f230 elementor-widget elementor-widget-menu-anchor\" data-id=\"dc0f230\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"HIVE-Ransomware-Cheat-Sheet\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e7ec80 elementor-widget elementor-widget-heading\" data-id=\"5e7ec80\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">HIVE Ransomware Cheat Sheet<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-48e93d4 elementor-widget elementor-widget-text-editor\" data-id=\"48e93d4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Securin experts observed that HIVE ransomware gains access to a network and then spreads laterally through it while continuing to steal unencrypted files. They deploy their ransomware to encrypt all devices when they eventually gain admin access on a Windows domain controller. The HIVE group then seeks out and deletes backups in order to prevent victims from recovering their data.\u00a0<\/p><p dir=\"ltr\">Here is a detailed analysis of the vulnerabilities exploited by HIVE ransomware in their attacks. Our experts also used Securin\u2019s Vulnerability Intelligence platform for predictive analysis to identify the vulnerabilities and how likely they are to be exploited in future attacks. Securin\u2019s Vulnerability Risk Score (VRS) tries to fill the gaps created by CVSS v2 and v3 scores, by arriving at a consistent scoring methodology which analysts can use directly for faster prioritization.\u00a0<\/p><p dir=\"ltr\">Let us take a deeper insight into the vulnerabilities associated with Hive:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3efd2a elementor-widget elementor-widget-spacer\" data-id=\"b3efd2a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-80788b9 elementor-widget elementor-widget-menu-anchor\" data-id=\"80788b9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Vulnerability-Information-Infographics\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9505bc1 elementor-widget elementor-widget-heading\" data-id=\"9505bc1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-31207 - <\/strong>Microsoft Exchange Server Security Feature Bypass Vulnerability - 13 Ransomware \/ 7 APT - CISA\u00a0KEV, Trending<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c363af0 elementor-widget elementor-widget-text-editor\" data-id=\"c363af0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" role=\"presentation\">This CVE was initially published on May 11, 2021, soon after which, on October 2, 2021, Securin\u2019s Vulnerability Intelligence platform tagged it as extremely critical and assigned it the highest predictive score of 38.46. The DHS CISA added the vulnerability to the Known Exploited Vulnerabilities catalog on November 3, 2021, after it was found to be exploited in the wild. The vulnerability remained in trend, and has been actively trending in the last week or two.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-61df8df elementor-widget elementor-widget-image\" data-id=\"61df8df\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"878\" height=\"112\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-2.png\" class=\"attachment-full size-full wp-image-15024\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-2.png 878w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-2-300x38.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-2-768x98.png 768w\" sizes=\"(max-width: 878px) 100vw, 878px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-96f17d2 elementor-widget elementor-widget-image\" data-id=\"96f17d2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"999\" height=\"298\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-3.png\" class=\"attachment-full size-full wp-image-15025\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-3.png 999w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-3-300x89.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-3-768x229.png 768w\" sizes=\"(max-width: 999px) 100vw, 999px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d53d213 elementor-widget elementor-widget-text-editor\" data-id=\"d53d213\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Figure 2: Securin\u2019s VI platform tagged CVE-2021-31207 as extremely critical and assigned it the highest predictive score of 38.46.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1b1cd9 elementor-widget elementor-widget-text-editor\" data-id=\"c1b1cd9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2021-31207 has an initial CVSS v2 score of just 6.50 and is tagged as a medium severity vulnerability, in spite of being in the CISA KEV catalog and having been exploited by 12 ransomware families and eight APT groups. Considering the exploitation impact of this vulnerability, Securin VRS scores it at 9.06, marking it as a critical-severity vulnerability to watch out for.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cdf1bef elementor-widget elementor-widget-image\" data-id=\"cdf1bef\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1254\" height=\"516\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-03.png\" class=\"attachment-full size-full wp-image-16489\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-03.png 1254w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-03-300x123.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-03-1024x421.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-03-768x316.png 768w\" sizes=\"(max-width: 1254px) 100vw, 1254px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a73e4bb elementor-widget elementor-widget-spacer\" data-id=\"a73e4bb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4cf306c elementor-widget elementor-widget-heading\" data-id=\"4cf306c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-34473 -<\/strong> Microsoft Exchange Server Remote Code Execution Vulnerability - 12 Ransomware \/ 8 APT - CISA KEV, Trending<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-15bc847 elementor-widget elementor-widget-text-editor\" data-id=\"15bc847\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" role=\"presentation\">This CVE was initially published on July 13, 2021, after which, on October 2, 2021, Securin\u2019s Vulnerability Intelligence platform tagged it as extremely critical and assigned it the highest predictive score of 38.46. The DHS CISA added the vulnerability to the Known Exploited Vulnerabilities catalog on November 3, 2021, a month after it was found to be exploited in the wild. The vulnerability remained in trend, and has been actively trending in the last week or two.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-756ebf7 elementor-widget elementor-widget-image\" data-id=\"756ebf7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"855\" height=\"125\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-4.png\" class=\"attachment-full size-full wp-image-15026\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-4.png 855w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-4-300x44.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-4-768x112.png 768w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-4-850x125.png 850w\" sizes=\"(max-width: 855px) 100vw, 855px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-800d8cd elementor-widget elementor-widget-image\" data-id=\"800d8cd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1003\" height=\"309\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-5.png\" class=\"attachment-full size-full wp-image-15027\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-5.png 1003w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-5-300x92.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-5-768x237.png 768w\" sizes=\"(max-width: 1003px) 100vw, 1003px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b470d77 elementor-widget elementor-widget-text-editor\" data-id=\"b470d77\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Figure 3: Securin\u2019s VI platform tagged CVE-2021-34473 as extremely critical and assigned it the highest predictive score of 38.46<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-36c1f26 elementor-widget elementor-widget-text-editor\" data-id=\"36c1f26\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2021-34473 has an initial CVSS v2 score of 10.0 but its criticality is brought down slightly to 9.80 in the CVSS v3 score. The vulnerability has been exploited by 12 ransomware families and eight APT groups, as a result of which, the exploitation impact of the vulnerability garners it a VRS score of 9.96.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d6db182 elementor-widget elementor-widget-spacer\" data-id=\"d6db182\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b99b657 elementor-widget elementor-widget-heading\" data-id=\"b99b657\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-34523 - <\/strong>Microsoft Exchange Server Privilege Escalation Vulnerability - 12 Ransomware \/ 8 APT - CISA KEV, Trending<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03a6c4f elementor-widget elementor-widget-image\" data-id=\"03a6c4f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1246\" height=\"515\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-10-1.png\" class=\"attachment-full size-full wp-image-16488\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-10-1.png 1246w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-10-1-300x124.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-10-1-1024x423.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-10-1-768x317.png 768w\" sizes=\"(max-width: 1246px) 100vw, 1246px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b38813f elementor-widget elementor-widget-text-editor\" data-id=\"b38813f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This CVE was initially published on July 13, 2021, after which Securin\u2019s Vulnerability Intelligence platform tagged it as extremely critical and assigned it the highest predictive score of 38.46 on July 19, 2021. The DHS CISA added the vulnerability to the Known Exploited Vulnerabilities catalog on November 3, 2021, a little under a month after it was found to be exploited in the wild. The vulnerability has been trending actively ever since.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7a55eed elementor-widget elementor-widget-image\" data-id=\"7a55eed\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"122\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-6.png\" class=\"attachment-full size-full wp-image-15032\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-6.png 840w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-6-300x44.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-6-768x112.png 768w\" sizes=\"(max-width: 840px) 100vw, 840px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8c75b5 elementor-widget elementor-widget-image\" data-id=\"c8c75b5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"992\" height=\"308\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-7.png\" class=\"attachment-full size-full wp-image-15033\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-7.png 992w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-7-300x93.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-7-768x238.png 768w\" sizes=\"(max-width: 992px) 100vw, 992px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-66c8bd6 elementor-widget elementor-widget-text-editor\" data-id=\"66c8bd6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 4: Securin\u2019s VI platform tagged CVE-2021-34523 as extremely critical and assigned it the highest predictive score of 38.46<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-22c3cda elementor-widget elementor-widget-text-editor\" data-id=\"22c3cda\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2021-34523 has an initial CVSS v2 score of just 7.50, tagging it as a medium-severity vulnerability, and subsequently the CVSS v3 score was increased to 9.80 post exploitation. This vulnerability too has been exploited by 12 ransomware families and eight APT groups, thereby garnering a VRS score of 9.96, emphasizing the criticality of the vulnerability.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0acd890 elementor-widget elementor-widget-image\" data-id=\"0acd890\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1246\" height=\"548\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-11-1.png\" class=\"attachment-full size-full wp-image-16487\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-11-1.png 1246w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-11-1-300x132.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-11-1-1024x450.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-11-1-768x338.png 768w\" sizes=\"(max-width: 1246px) 100vw, 1246px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b776aab elementor-widget elementor-widget-spacer\" data-id=\"b776aab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-05b19c4 elementor-widget elementor-widget-heading\" data-id=\"05b19c4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-42321 - <\/strong>Microsoft Exchange Server Remote Code Execution Vulnerability - 1 Ransomware \/ 1 APT - CISA KEV, Trending<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-491c8c3 elementor-widget elementor-widget-text-editor\" data-id=\"491c8c3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This CVE was initially published on November 9, 2021. The first exploits were found on November 17, following which, the DHS CISA added the vulnerability to the KEV catalog. Securin\u2019s Vulnerability Intelligence platform tagged it as extremely critical and assigned it the highest predictive score of 38.46 on November 30, 2021.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-69d863c elementor-widget elementor-widget-image\" data-id=\"69d863c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"799\" height=\"129\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-8.png\" class=\"attachment-full size-full wp-image-15034\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-8.png 799w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-8-300x48.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-8-768x124.png 768w\" sizes=\"(max-width: 799px) 100vw, 799px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8265751 elementor-widget elementor-widget-image\" data-id=\"8265751\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1003\" height=\"313\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-9.png\" class=\"attachment-full size-full wp-image-15035\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-9.png 1003w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-9-300x94.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-9-768x240.png 768w\" sizes=\"(max-width: 1003px) 100vw, 1003px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fed5db2 elementor-widget elementor-widget-text-editor\" data-id=\"fed5db2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 5: Securin\u2019s VI platform tagged CVE-2021-42321 as extremely critical and assigned it the highest predictive score of 38.46<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d463b7 elementor-widget elementor-widget-text-editor\" data-id=\"5d463b7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2021-42321 had an initial CVSS v2 score of a meager 6.50, marking it as a medium-severity vulnerability. Since the vulnerability has been chained with the ProxyShell vulnerabilities, the vulnerability has a high exploitation impact, resulting in the Securin VRS score of 9.58.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7c3ab2f elementor-widget elementor-widget-image\" data-id=\"7c3ab2f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1263\" height=\"466\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-05.png\" class=\"attachment-full size-full wp-image-16486\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-05.png 1263w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-05-300x111.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-05-1024x378.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-05-768x283.png 768w\" sizes=\"(max-width: 1263px) 100vw, 1263px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a77c8f elementor-widget elementor-widget-spacer\" data-id=\"3a77c8f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d1e0ab elementor-widget elementor-widget-heading\" data-id=\"7d1e0ab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2020-12812 -<\/strong> An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below. o- 2 Ransomware \/ 0 APT - KEV, Trending <\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-105a265 elementor-widget elementor-widget-text-editor\" data-id=\"105a265\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This CVE was initially published on July 24, 2020. In early August 2021, the first active exploits were observed by our experts, soon after which Securin\u2019s Vulnerability Intelligence platform tagged it as critical and assigned it the highest predictive score of 38.46 on August 04, 2020. The DHS CISA added the vulnerability to the Known Exploited Vulnerabilities catalog only on November 3, 2021, approximately fifteen months after our VI platform had recognized the likelihood of future exploits using this vulnerability.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-960f416 elementor-widget elementor-widget-image\" data-id=\"960f416\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"844\" height=\"123\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-10.png\" class=\"attachment-full size-full wp-image-15039\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-10.png 844w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-10-300x44.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-10-768x112.png 768w\" sizes=\"(max-width: 844px) 100vw, 844px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-52bdd0e elementor-widget elementor-widget-image\" data-id=\"52bdd0e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1015\" height=\"311\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-11.png\" class=\"attachment-full size-full wp-image-15040\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-11.png 1015w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-11-300x92.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-11-768x235.png 768w\" sizes=\"(max-width: 1015px) 100vw, 1015px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ddd370f elementor-widget elementor-widget-text-editor\" data-id=\"ddd370f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 5: Securin\u2019s VI platform tagged CVE-2020-12812 as extremely critical and assigned it the highest predictive score of 38.46<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2d4a80 elementor-widget elementor-widget-text-editor\" data-id=\"f2d4a80\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2020-12812 has an initial CVSS v2 score of 7.50 and was upgraded to a CVSS v3 score of 9.8 later after active exploits were found. Securin\u2019s VI platform however assigned it a lower score of 8.80 because in spite of being exploited in the wild, we do not have sufficient information to suggest if this improper authentication vulnerability can be accessed remotely by a threat actor, or can lead to privilege escalation.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dd8b2ca elementor-widget elementor-widget-image\" data-id=\"dd8b2ca\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1263\" height=\"546\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-08.png\" class=\"attachment-full size-full wp-image-16485\" alt=\"CVSS vs VRS Scoring Comparison\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-08.png 1263w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-08-300x130.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-08-1024x443.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-08-768x332.png 768w\" sizes=\"(max-width: 1263px) 100vw, 1263px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c2ff937 elementor-widget elementor-widget-spacer\" data-id=\"c2ff937\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c47118c elementor-widget elementor-widget-heading\" data-id=\"c47118c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-33558 - <\/strong>Boa Web Server version 0.94.13 - 1 Ransomware \/ 1 APT - Trending <\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9fe5ab4 elementor-widget elementor-widget-text-editor\" data-id=\"9fe5ab4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">This CVE was initially published in May 2021. It was not until November 23, 2021, that Hive ransomware exploited the Boa server vulnerability to target energy grids in India.\u00a0<\/p><p dir=\"ltr\"><em><strong>Securin experts feel this vulnerability should be added to the DHS CISA\u2019s Known Exploited Vulnerabilities catalog.\u00a0<\/strong><\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-04ebccd elementor-widget elementor-widget-image\" data-id=\"04ebccd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"994\" height=\"308\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-12.png\" class=\"attachment-full size-full wp-image-15044\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-12.png 994w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-12-300x93.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-12-768x238.png 768w\" sizes=\"(max-width: 994px) 100vw, 994px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e84c37e elementor-widget elementor-widget-text-editor\" data-id=\"e84c37e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 6: Securin\u2019s VI platform assigned CVE-2021-33558 a score of 8.56<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c825bc elementor-widget elementor-widget-text-editor\" data-id=\"1c825bc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2021-33558 had an initial CVSS v2 score of just 5.00 and was upgraded to a CVSS v3 score of 7.50 after it was exploited. Although sufficient information is not available for the vulnerability, Securin\u2019s VI platform assigned it a score of 8.56, since it was actively exploited by Hive ransomware and RedEcho APT.\u00a0<\/p><p dir=\"ltr\">This vulnerability, though trending since 2021, is not detectable by any of the popular cybersecurity scanners \u2013 Nessus, Nexpose and Qualys \u2013 that organizations depend on so greatly to keep their attack surface secure.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ea73ba8 elementor-widget elementor-widget-image\" data-id=\"ea73ba8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1273\" height=\"506\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-07.png\" class=\"attachment-full size-full wp-image-16483\" alt=\"CVSS and VRS Scoring Comparison\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-07.png 1273w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-07-300x119.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-07-1024x407.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-07-768x305.png 768w\" sizes=\"(max-width: 1273px) 100vw, 1273px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-80d9736 elementor-widget elementor-widget-spacer\" data-id=\"80d9736\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dfa49ec elementor-widget elementor-widget-heading\" data-id=\"dfa49ec\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2017-9833 - <\/strong> Boa Web Server version 0.94.14rc21 - 1 Ransomware \/ 1 APT - Trending <\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cefb097 elementor-widget elementor-widget-text-editor\" data-id=\"cefb097\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This CVE was first exploited in June 2017, following which, it was published on June 24, 2017. According to Securin\u2019s Vulnerability Intelligence platform, the VRS scores reached the maximum score of 38.46 in May 2020. However, in spite of its likelihood of being used in attacks by threat actors, DHS CISA still has not added the vulnerability to its catalog.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-11fc9dd elementor-widget elementor-widget-image\" data-id=\"11fc9dd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"406\" height=\"131\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-14.png\" class=\"attachment-full size-full wp-image-15046\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-14.png 406w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-14-300x97.png 300w\" sizes=\"(max-width: 406px) 100vw, 406px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a26bad elementor-widget elementor-widget-image\" data-id=\"1a26bad\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"677\" height=\"137\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-13.png\" class=\"attachment-full size-full wp-image-15045\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-13.png 677w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-13-300x61.png 300w\" sizes=\"(max-width: 677px) 100vw, 677px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-05b92cd elementor-widget elementor-widget-image\" data-id=\"05b92cd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1009\" height=\"310\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-15.png\" class=\"attachment-full size-full wp-image-15047\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-15.png 1009w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-15-300x92.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-15-768x236.png 768w\" sizes=\"(max-width: 1009px) 100vw, 1009px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4feb4b5 elementor-widget elementor-widget-text-editor\" data-id=\"4feb4b5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 7: Securin\u2019s VI platform tagged CVE-2017-9833 as extremely critical and assigned the highest predictive score of 38.46<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-575a4be elementor-widget elementor-widget-text-editor\" data-id=\"575a4be\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CVE-2017-9833 had an initial CVSS v2 score of 7.80 but was demoted to a CVSS v3 score of 7.50. However, since the vulnerability has been exploited actively by Hive ransomware and RedEcho APT, many years after it was discovered, our Securin VI platform has assigned it a VRS score of 9.23.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-54cea4e elementor-widget elementor-widget-image\" data-id=\"54cea4e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1273\" height=\"544\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-09.png\" class=\"attachment-full size-full wp-image-16484\" alt=\"CVSS v2 and VRS Scoring Comparison\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-09.png 1273w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-09-300x128.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-09-1024x438.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-09-768x328.png 768w\" sizes=\"(max-width: 1273px) 100vw, 1273px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-950a2e9 elementor-widget elementor-widget-spacer\" data-id=\"950a2e9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-352bcb1 elementor-widget elementor-widget-menu-anchor\" data-id=\"352bcb1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"History-of-HIVE-Ransomware-Attacks\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c26a726 elementor-widget elementor-widget-heading\" data-id=\"c26a726\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">History of HIVE Ransomware Attacks<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-71aca0e elementor-widget elementor-widget-text-editor\" data-id=\"71aca0e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">The end of 2022 saw an influx of ransomware attacks reported targeting the education sector. Approximately five of the 24 ransomware attacks that were disclosed and confirmed in November and December 2022, were against K-12 schools and universities.<\/p><p dir=\"ltr\">The Hive ransomware group, invariably, claimed responsibility for a couple of attacks, by leaking the date on their public leak site.\u00a0<\/p><p dir=\"ltr\"><em>Note: The list of attacks carried out by HIVE can be found at the end of the article.<\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9fa7a9f elementor-widget elementor-widget-spacer\" data-id=\"9fa7a9f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e2d5583 elementor-widget elementor-widget-menu-anchor\" data-id=\"e2d5583\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Interesting-Trends\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c3deeb elementor-widget elementor-widget-heading\" data-id=\"3c3deeb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Interesting Trends<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03123b1 elementor-widget elementor-widget-text-editor\" data-id=\"03123b1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ol><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" style=\"text-align: left;\" role=\"presentation\"><strong>Customer Service:<\/strong><\/p><\/li><\/ol><p>The HIVE ransomware gang allows its victims to contact a sales representative in their operation through a \u2018customer service\u2019 link provided at the time of encryption. This connects the victim directly to a live chat with a HIVE executive who then tries to negotiate a ransom amount.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8847b97 elementor-widget elementor-widget-image\" data-id=\"8847b97\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"839\" height=\"147\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-16.png\" class=\"attachment-full size-full wp-image-15051\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-16.png 839w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-16-300x53.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-16-768x135.png 768w\" sizes=\"(max-width: 839px) 100vw, 839px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-25ab908 elementor-widget elementor-widget-image\" data-id=\"25ab908\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"778\" height=\"148\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-17.png\" class=\"attachment-full size-full wp-image-15052\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-17.png 778w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-17-300x57.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-17-768x146.png 768w\" sizes=\"(max-width: 778px) 100vw, 778px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4db4f01 elementor-widget elementor-widget-text-editor\" data-id=\"4db4f01\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 8: Screengrab of Victims Chats with HIVE negotiators\u00a0<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13ae28f elementor-widget elementor-widget-text-editor\" data-id=\"13ae28f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ol start=\"2\"><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Leveraging victim chats for insights:<\/strong><\/p><\/li><\/ol><p dir=\"ltr\">Before Hive decides upon a ransom amount, they do an in-depth research on the victim organizations and generally ask for about 1 percent of the company\u2019s annual revenue. Though they target companies indiscriminately, they most probably base their assessments on how easily they can compromise the victim for quick financial gains.\u00a0<\/p><p dir=\"ltr\">The communications employed by HIVE are shorter and direct, but are quick to lower ransom demands, offering substantial reductions several times through their negotiations.\u00a0\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc5d5b1 elementor-widget elementor-widget-image\" data-id=\"dc5d5b1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"544\" height=\"404\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-18.png\" class=\"attachment-large size-large wp-image-15054\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-18.png 544w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-18-300x223.png 300w\" sizes=\"(max-width: 544px) 100vw, 544px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d670f52 elementor-widget elementor-widget-image\" data-id=\"d670f52\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"541\" height=\"539\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-19.png\" class=\"attachment-large size-large wp-image-15055\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-19.png 541w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-19-300x300.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-19-150x150.png 150w\" sizes=\"(max-width: 541px) 100vw, 541px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6969c76 elementor-widget elementor-widget-image\" data-id=\"6969c76\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"543\" height=\"513\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-20.png\" class=\"attachment-large size-large wp-image-15056\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-20.png 543w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-20-300x283.png 300w\" sizes=\"(max-width: 543px) 100vw, 543px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5601373 elementor-widget elementor-widget-image\" data-id=\"5601373\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"545\" height=\"520\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-21.png\" class=\"attachment-large size-large wp-image-15057\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-21.png 545w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-21-300x286.png 300w\" sizes=\"(max-width: 545px) 100vw, 545px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f16bff5 elementor-widget elementor-widget-text-editor\" data-id=\"f16bff5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong>Fig 9: How Hive leverages on chats with victim to gain insights<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6cb47fb elementor-widget elementor-widget-text-editor\" data-id=\"6cb47fb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ol start=\"3\"><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Hive ransomware creates Linux and FreeBSD server variants:<\/strong><\/p><\/li><\/ol><p dir=\"ltr\">Hive ransomware devised a variant of their ransomware that can encrypt Linux and FreeBSD servers. Although quite buggy, according to our experts, it comes with support for a single command line parameter (-no-wipe). The Linux version of the ransomware fails to encrypt files unless executed without root privileges. In contrast, the Windows ransomware variant comes with five execution options.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-02ad66a elementor-widget elementor-widget-text-editor\" data-id=\"02ad66a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ol start=\"4\"><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Hive ransomware ports its Linux VMware ESXi encryptor to Rust:\u00a0<\/strong><\/p><\/li><\/ol><p dir=\"ltr\">In March 2022, the Hive ransomware gang added new features to their\u00a0 VMware ESXi Linux encryptor and also converted it to the Rust programming language in order to make it harder for security researchers to spy on a victim\u2019s ransom negotiations.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f081aff elementor-widget elementor-widget-text-editor\" data-id=\"f081aff\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ol start=\"5\"><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>The Conti-Hive link:<\/strong><\/p><\/li><\/ol><p dir=\"ltr\">With Conti shutting its operations in May 2022, its\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units\/\" target=\"_blank\" rel=\"noopener\">members splintered into smaller groups<\/a>\u00a0that it partnered with groups, such as Hive, HelloKitty, AvosLocker, BlackCat, and BlackByte among others. Some Conti members also joined the Hive ransomware ranks and began leaking victim data on both the Conti and Hive leak sites.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-58f3d56 elementor-widget elementor-widget-image\" data-id=\"58f3d56\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"504\" height=\"418\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-22.png\" class=\"attachment-large size-large wp-image-15058\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-22.png 504w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/hive-22-300x249.png 300w\" sizes=\"(max-width: 504px) 100vw, 504px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5ada4cf elementor-widget elementor-widget-spacer\" data-id=\"5ada4cf\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a88a64 elementor-widget elementor-widget-text-editor\" data-id=\"8a88a64\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ol start=\"6\"><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>New &#8216;IPfuscation&#8217; trick to hide payload:\u00a0<\/strong><\/p><\/li><\/ol><p dir=\"ltr\">The Hive ransomware operators developed an obfuscation technique involving IPv4 addresses and a set of conversions that lead to Cobalt Strike beacons being downloaded. Our analysts discovered that the payload itself was obscured by taking the form of an ASCII IPv4 array, which could have easily been mistaken for hard-coded C2 communications.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-221254f elementor-widget elementor-widget-spacer\" data-id=\"221254f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5463a7d elementor-widget elementor-widget-menu-anchor\" data-id=\"5463a7d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"Hive-Ransomware-Attack-Methodology\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d13ec2 elementor-widget elementor-widget-heading\" data-id=\"7d13ec2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Hive Ransomware Attack Methodology<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-12cc3a2 elementor-widget elementor-widget-text-editor\" data-id=\"12cc3a2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Initial Access Techniques:<\/strong><\/p><ul><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Hive actors gain access to victim networks by using single factor logins via RDP, VPN, and other remote network connection protocols.<\/p><\/li><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Exploit Public-Facing Application &#8211; Hive actors gain access to victim networks by exploiting the following Microsoft Exchange vulnerabilities: CVE-2021- 34473, CVE-2021-34523, CVE-2021- 31207, CVE-2021-42321. They may also use the newly discovered Boa vulnerability, CVE-2021-33558.\u00a0<\/p><\/li><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Phishing &#8211; Hive actors gain access to victim networks by distributing phishing emails with malicious attachments.<\/p><\/li><\/ul><\/li><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Execution:<\/strong><\/p><ul><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Use Command and Scripting Interpreter &#8211;\u00a0 Hive actors looks to stop the volume shadow copy services and remove all existing shadow copies via vssadmin on command line or PowerShell.<\/p><\/li><\/ul><\/li><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Defense Evasion:<\/strong><\/p><ul><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Use Indicator Removal on Host &#8211; Hive actors delete Windows event logs, specifically, the System, Security and Application logs.\u00a0<\/p><\/li><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Modify Registry &#8211; Hive actors set registry values for DisableAntiSpyware and DisableAntiVirus to 1.\u00a0<\/p><\/li><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Impair Defenses &#8211; Hive actors seek processes related to backups, antivirus\/anti-spyware, and file copying and terminates those processes to facilitate file encryption.\u00a0<\/p><\/li><\/ul><\/li><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Exfiltration:<\/strong><\/p><ul><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Use Transfer Data to Cloud Account &#8211; Hive actors exfiltrate data from victims, using a possible combination of Rclone and the cloud storage service Mega.nz.\u00a0<\/p><\/li><\/ul><\/li><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><strong>Impact:<\/strong><\/p><ul><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Use Data Encrypted for Impact &#8211; Hive actors deploy a ransom note into each affected directory which states the *.key file cannot be modified, renamed, or deleted, otherwise the encrypted files cannot be recovered.\u00a0<\/p><\/li><li dir=\"ltr\" aria-level=\"2\"><p dir=\"ltr\" role=\"presentation\">Inhibit System Recovery &#8211; Hive actors look to stop the volume shadow copy services and remove all existing shadow copies via vssadmin via command line or PowerShell.<\/p><\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a357c4 elementor-widget elementor-widget-image\" data-id=\"8a357c4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1520\" height=\"842\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive.png\" class=\"attachment-full size-full wp-image-16481\" alt=\"Hive Ransomware Attack Methodology\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive.png 1520w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-300x166.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-1024x567.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-768x425.png 768w\" sizes=\"(max-width: 1520px) 100vw, 1520px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-54c4dbe elementor-widget elementor-widget-spacer\" data-id=\"54c4dbe\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e2660c8 elementor-widget elementor-widget-menu-anchor\" data-id=\"e2660c8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"HIVE-Ransomware-MITRE-ATTACK-Map\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1bfbdd elementor-widget elementor-widget-heading\" data-id=\"c1bfbdd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">HIVE Ransomware MITRE ATT&amp;CK Map <\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c39148 elementor-widget elementor-widget-image\" data-id=\"0c39148\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1888\" height=\"668\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-02.png\" class=\"attachment-full size-full wp-image-16482\" alt=\"Hive Ransomware MITRE ATT&amp;CK Map\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-02.png 1888w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-02-300x106.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-02-1024x362.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-02-768x272.png 768w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/Hive-02-1536x543.png 1536w\" sizes=\"(max-width: 1888px) 100vw, 1888px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-32ec3a8 elementor-widget elementor-widget-text-editor\" data-id=\"32ec3a8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Since Hive ransomware has been affecting the education and healthcare sectors since 2021, many more individuals are at risk of data theft, making it imperative that cyber security measures are taken to limit the effects of ransomware attacks on institutions and organizations.\u00a0<\/p><p dir=\"ltr\">K-12 schools have seen a meteoric rise in ransoms paid, with an estimated $3.5 billion in 2022, with the graph steadily rising due to ineffective attack surface management on the enterprise and local levels.\u00a0<\/p><p dir=\"ltr\">Securin\u2019s Ransomware Spotlight Report 2023, highlights a continuing 19% rise in vulnerabilities associated with ransomware in 2022. A total of 344 vulnerabilities have been leveraged by ransomware groups thus far, of which 156 of the vulnerabilities are yet to be added to CISA\u2019s KEV catalog. About 180 vulnerabilities have been actively searched as a point of interest by hackers and malicious actors such as HIVE, therefore, making it imperative for organizations today, especially K-12 schools and other vulnerable critical entities, to require a robust Attack Surface Management solution to see their ransomware exposure, prioritize their patching cadence and secure their network.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f9b835 elementor-widget elementor-widget-text-editor\" data-id=\"9f9b835\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Here is a list of significant attacks carried out by HIVE ransomware between June 2021 and January 2023:<\/p><table border=\"1\"><colgroup> <col \/> <col \/> <col \/><\/colgroup><tbody><tr><td><p dir=\"ltr\"><strong>Targets<\/strong><\/p><\/td><td><p dir=\"ltr\"><strong>Month<\/strong><\/p><\/td><td><p dir=\"ltr\"><strong>Impact of the Attack<\/strong><\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/consulate-health-care-chain-hit-by-hive\/\" target=\"_blank\" rel=\"noopener\">Consulate Health Care<\/a><\/p><\/td><td><p dir=\"ltr\">January 2023<\/p><\/td><td><p dir=\"ltr\">All customer information and hospital documentation leaked; 550GB<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/ransomware-group-claims-to-have-encrypted-centro-medico-virgen-de-la-caridad\/\" target=\"_blank\" rel=\"noopener\">Centro M\u00e9dico Virgen De La Caridad, Cartagena, Spain<\/a><\/p><\/td><td><p dir=\"ltr\">January 2023<\/p><\/td><td><p dir=\"ltr\">Two hospitals, 20 polyclinics, 23 physiotherapy clinics, and 16 dental clinics were affected in the region. All PII leaked.<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/lake-charles-memorial-health-system-victim-of-cyberattack-and-data-leak-by-hive\/\" target=\"_blank\" rel=\"noopener\">Lake Charles Memorial Health System (LCMHS)<\/a><\/p><\/td><td><p dir=\"ltr\">November to December 2022<\/p><\/td><td><p dir=\"ltr\">data breach affecting almost 270,000 people<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/update-norman-public-schools-employee-and-student-leaked-on-dark-web-by-ransomware-gang\/\" target=\"_blank\" rel=\"noopener\">Norman Public Schools (NPS), Oklahoma<\/a><\/p><\/td><td><p dir=\"ltr\">November 2022<\/p><\/td><td><p dir=\"ltr\">A district with 24 schools and more than 14,000 students hit. Led to discontinuation of use and shutdown of NPS-issued devices.<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hive-claims-ransomware-attack-on-tata-power-begins-leaking-data\/\" target=\"_blank\" rel=\"noopener\">Tata Power<\/a><\/p><\/td><td><p dir=\"ltr\">October 2022<\/p><\/td><td><p dir=\"ltr\">Tata Power employees&#8217; personally identifiable information (PII), National ID (Aadhar) card numbers, PAN (tax account) numbers, salary information, etc. was stolen. Additionally, the data dump contained engineering drawings, financial and banking records as well as client information.<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-york-ambulance-service-discloses-data-breach-after-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">Empress EMS (Emergency Medical Services)<\/a><\/p><\/td><td><p dir=\"ltr\">September 2022<\/p><\/td><td><p dir=\"ltr\">files contained patient names, dates of service, insurance information, and in some instances, Social Security numbers<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/damart-clothing-store-hit-by-hive-ransomware-2-million-demanded\/\" target=\"_blank\" rel=\"noopener\">Damart, France<\/a><\/p><\/td><td><p dir=\"ltr\">August &#8211; September 2022<\/p><\/td><td><p dir=\"ltr\">$2 million ransom demanded; sales network stopped operating normally thereby impacting 92 of its stores<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/uk-hive-ransomware-group-threatens-bedford-school-demanding-500k-or-else\/\" target=\"_blank\" rel=\"noopener\">Wootton Upper School, Bedford, UK<\/a><\/p><\/td><td><p dir=\"ltr\">August 2022<\/p><\/td><td><p dir=\"ltr\">\u00a3500,000 ransom demanded, PII exfiltrated<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/hive-starts-dumping-patient-and-employee-data-from-baton-rouge-general-health-system\/\" target=\"_blank\" rel=\"noopener\">Baton Rouge General Medical Center, Louisiana<\/a>\u00a0<\/p><\/td><td><p dir=\"ltr\">August 2022<\/p><\/td><td><p dir=\"ltr\">PII exfiltrated<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/scoop-hive-claims-responsibility-for-attack-on-artear-the-argentinian-multimedia-giant\/\" target=\"_blank\" rel=\"noopener\">Artear (Arte Radiotelevisivo Argentino) group<\/a><\/p><\/td><td><p dir=\"ltr\">June 2022<\/p><\/td><td><p dir=\"ltr\">1.4 TB files exfiltrated, extensive IT outage<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/goodman-campbell-brain-and-spine-alerts-patients-to-ransomware-attack-while-continuing-to-provide-care\/\" target=\"_blank\" rel=\"noopener\">Goodman Campbell Brain and Spine<\/a><\/p><\/td><td><p dir=\"ltr\">June 2022<\/p><\/td><td><p dir=\"ltr\">internal information about the entity including passwords for important accounts, but it has also leaked personal and financial information on doctors, and information on named patients that include their diagnoses and procedures, with some insurance information.<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/costa-rica-s-public-health-agency-hit-by-hive-ransomware\/\" target=\"_blank\" rel=\"noopener\">Costa Rica\u2019s public health service (known as Costa Rican Social Security Fund or CCCS)<\/a><\/p><\/td><td><p dir=\"ltr\">June 2022<\/p><\/td><td><p dir=\"ltr\">Major IT outage<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.databreaches.net\/hive-claims-partnership-healthplan-of-california-as-a-victim\/\" target=\"_blank\" rel=\"noopener\">Partnership HealthPlan of California<\/a><\/p><\/td><td><p dir=\"ltr\">March 2022<\/p><\/td><td><p dir=\"ltr\">Hive exfiltrated 850,000 unique records with name, Social Security Number, date of birth, address, contact information, and more; 400 GB of stolen files were encrypted\u00a0<\/p><\/td><\/tr><tr><td><p dir=\"ltr\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hive-ransomware-attacks-memorial-health-system-steals-patient-data\/\" target=\"_blank\" rel=\"noopener\">Memorial Health Systems<\/a><\/p><\/td><td><p dir=\"ltr\">August 2021<\/p><\/td><td><p dir=\"ltr\">The attack caused disruptions of clinical and financial operations, causing urgent surgical cases and radiology exams, surgeries postponed, etc<\/p><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53dc216 elementor-widget elementor-widget-menu-anchor\" data-id=\"53dc216\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"How-We-Can-Help\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-8770db6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8770db6\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-47226c8\" data-id=\"47226c8\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-41c8a16 elementor-widget elementor-widget-heading\" data-id=\"41c8a16\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">How We Can Help<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc3ccab elementor-widget elementor-widget-text-editor\" data-id=\"dc3ccab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Securin has been researching\u00a0ransomware groups and the methods they use\u00a0to invade networks since 2019. Our comprehensive database of more than 359 vulnerabilities (and counting) used by ransomware groups is the most extensive compilation in the industry today. Securin\u2019s expertise in ransomware research translates into our\u00a0<a style=\"transition-property: all;\" href=\"\/ransomware\/\">Ransomware reports<\/a> and Ransomware Assessment service that can help organizations increase their security posture.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2675343 elementor-align-center elementor-widget elementor-widget-button\" data-id=\"2675343\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-lg\" href=\"\/ransomware\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">GET STARTED TODAY!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bb7accf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bb7accf\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-31aeb00\" data-id=\"31aeb00\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Read Securin experts&#8217; insights when they revisited HIVE and their attack tactics and techniques, and what organizations can do to remain safe from future attacks.<\/p>\n","protected":false},"author":1,"featured_media":15020,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,117],"tags":[623,442,189,239,357,91,405,139,591],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15018"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=15018"}],"version-history":[{"count":54,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15018\/revisions"}],"predecessor-version":[{"id":18825,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15018\/revisions\/18825"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/15020"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=15018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=15018"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=15018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}