Cannabis Industry Faces Everest Ransomware Threat
The Everest ransomware group has targeted the cannabis industry, as reported by the Cannabis Information Sharing & Analysis Organization (Cannabis ISAO). Within one week, two cannabis-related businesses appeared as victims on Everest's dark-web blog, raising alarms about third-party vendor vulnerabilities in the sector.
OG Article: here
View our Fair Use Policy: here
Watch the Commentary Here
Understanding the Threat
Everest’s Modus Operandi:
Known as an “initial access broker,” Everest specializes in gaining unauthorized access to organizations’ systems and selling it to ransomware groups.
Their recent focus on the marijuana industry highlights increasing risks for operators reliant on third-party vendors.
Third-Party Risk:
The connection between the two victims—one being a client of the other—demonstrates the ripple effects of vendor breaches.
Third-party risk management is critical, as vendors may have varying levels of cybersecurity readiness.
Cannabis Industry at Risk
Emerging Targets:
Cannabis businesses, like other nascent industries, often lack robust cybersecurity measures.
A notable example was in 2022 when a logistics partner breach disrupted Ontario Cannabis Store's supply chain.
Indicators of Compromise (IOCs):
The U.S. Department of Health and Human Services (HHS) identified specific tools and URLs used by Everest, including:
Tools: SoftPerfect Network Scanner, Metasploit payload, WinRAR
URLs: Hosting Cobalt Strike beacons and Meterpreter C2
Recommended Defenses
Proactive Measures:
Conduct regular cybersecurity training for employees.
Develop and test a response plan through tabletop exercises.
Work with Managed Security Service Providers (MSSPs) to scan for known IOCs.
Third-Party Risk Management:
Assess vendors’ cybersecurity practices and offer support for improvements.
Monitor vendors regularly for vulnerabilities and threats.
Ransomware-Specific Guidance:
Use resources like the Cybersecurity & Infrastructure Security Agency's (CISA) Stop Ransomware guide.
Establish robust backup processes and test recovery capabilities.
Collective Defense:
Share threat intelligence across the industry to anticipate and counter evolving risks.
Next Steps for the Industry
Strengthen Cyber Hygiene:Incorporate best practices into daily operations and onboarding processes.
Leverage Available Resources:Use CISA's tools and HHS Threat Actor Profiles to stay ahead of evolving threats.
Prepare for Future Attacks:The cannabis industry must view cybersecurity as a critical business function to safeguard operations, protect sensitive data, and maintain trust with customers and partners.
Collaboration, vigilance, and continuous improvement will be key to defending against Everest and other cyber threats.
Comments