icefire attacks Wyden

Incident Date: Aug 20, 2022

Attack Overview
VICTIM
Wyden
INDUSTRY
Finance
LOCATION
Switzerland
ATTACKER
Icefire
FIRST REPORTED
August 20, 2022

IceFire Ransomware Attacks Wyden: A Deep Dive into the Institutional Crypto Trading Platform's Vulnerabilities

In a recent cyber attack, the ransomware group IceFire claimed responsibility for targeting Wyden, an institutional crypto trading platform operating in the finance sector. The victim's website offers a range of services including end-to-end trade automation, risk-optimized order funding, and seamless integration with premier custody, core banking, and portfolio management system providers.

Wyden's institutional crypto trading platform is designed to provide best execution through market-wide connectivity and end-to-end crypto asset orchestration, offering diversified connectivity and best execution for banks. The platform also provides an end-to-end algorithmic trading platform, covering everything from generating algorithmic trade signals to automatically executing orders.

Exploited Vulnerability and Attack Methodology

The attackers exploited a critical remote code execution (RCE) vulnerability in the IBM Aspera, CVE-2022-47986, with a CVSS rating of 9.8. This vulnerability allowed the attackers to gain unauthorized access to the system and execute malicious code.

IceFire ransomware primarily targets user and shared directories, which are important yet unprotected parts of the file system that do not require elevated privileges to write or modify. The attackers avoid encrypting certain paths to ensure critical parts of the system remain operational.

The ransomware group's shift towards targeting Linux systems, despite the extra work involved, is due to the perceived value of these systems in enterprise settings. Linux-based systems are frequently utilized in enterprise settings to perform crucial tasks such as hosting databases, Web servers, and other mission-critical applications. Additionally, some ransomware actors may perceive Linux as an unexploited market that could yield a higher return on investment.

Recommended Mitigation Strategies

To mitigate the risk of ransomware attacks, organizations should prioritize patching known vulnerabilities, implement multi-factor authentication, and regularly back up critical data. Additionally, organizations should educate their employees about phishing and spear-phishing attacks, as these are common infection vectors for ransomware.

The IceFire ransomware attack on Wyden highlights the importance of maintaining robust cybersecurity measures, particularly in the finance sector where sensitive data is often targeted. Organizations should remain vigilant against emerging threats and prioritize patching known vulnerabilities to minimize the risk of successful attacks.

Sources

  • Wyden | AlgoTrader: Institutional Crypto Trading Platform
  • IceFire Ransomware Portends a Broader Shift From Windows to Linux - IBM Security
  • Ransomware Posts - GitHub Pages - GitHub Blog
  • How to Protect Your Business from Ransomware Attacks - CISA

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.