Phishing isn’t the only threat to worry about. The FBI has issued a critical advisory about Ghost, a ransomware campaign exploiting known software vulnerabilities instead of relying on phishing. Active in over 70 countries, Ghost targets sectors worldwide, using publicly available code to infiltrate unpatched internet-facing servers.

Attack Methods & Vulnerabilities
Ghost operators—believed to be based in China—use various aliases like Cring, Phantom, and Rapture. Their approach exploits vulnerabilities in Fortinet FortiOS, Adobe ColdFusion, Microsoft SharePoint, and Exchange (notably via ProxyShell). Some CVEs date back to 2009, highlighting shocking lapses in patching. Once inside, attackers deploy web shells to execute Cobalt Strike, steal credentials, disable antivirus (like Windows Defender), and potentially exfiltrate data—though significant data theft evidence is limited.

Expert Insights
Cyber experts stress patching as the frontline defense. Juliette Hudson (CybaVerse) emphasizes urgency in remediation, while Darren Guccione (Keeper Security) warns attackers exploit vulnerabilities faster than organizations patch them. Joe Silva (Spektion) calls for real-time vulnerability management over outdated methods, and Rom Carmel (Apono) urges strict privilege controls to prevent deep infiltration.

Immediate FBI Recommendations
To mitigate Ghost’s risk, the FBI urges organizations to:

1. Maintain isolated system backups.
2. Promptly patch known vulnerabilities.
3. Segment networks to block lateral movement.
4. Enforce phishing-resistant multi-factor authentication (MFA) for privileged accounts.

Additional best practices include least-privilege access, disabling unused ports, and implementing application allowlisting. Cyber resilience hinges on proactive risk management and vigilance.