Supplemental Cyber Highlights – August 15, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

ICS/OT/SCADA Vulnerabilities & Threats

• Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying (Security Week)
• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (Dark Reading)
• The analysis of this malware is included in the security analyst section below: New SystemBC Malware Variant Targets Southern African Power Company (The Hacker News)

Critical Infrastructure Resilience

• Enhancing OT Vulnerability Management with Visibility (SynSaber)
• OT Security is Less Mature but Progressing Rapidly (Trend Micro)
• Thinking outside of the box: Mastering OT security is not about defending against threats (Langner)
• The Critical MOVEit Transfer Vulnerability and What it Means for Your OT Infrastructure (TX One)

IT Vulnerabilities & Threats

• Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519) (Mandiant)
• Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks (HelpNetSecurity)
• Major vulnerabilities discovered in data center solutions (HelpNetSecurity)
• CISA: New Whirlpool backdoor used in Barracuda ESG hacks (Bleeping Computer)
• Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (FBI Internet Crime Complaint Center)
• How executives’ personal devices threaten business security (HelpNetSecurity)
• Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle (Bleeping Computer)

Ransomware Awareness

• This was research presented at BlackHat. It’s an interesting read: ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware (SC Magazine)
  • “What if I told you that I can encrypt all your files without even infecting your computer?”
  • “When I started this research, I wanted to create a fully undetectable-by-design ransomware,” Yair explained.
• Why detection and response technology won’t solve all ransomware attacks (SC Magazine)

Technical Posts (for security analysts, sysadmins, and other nerds)

• From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail (Sucuri)
• Focus on DroxiDat/SystemBC (Kaspersky Securelist)
• Investigating New INC Ransom Group Activity (Huntress)

Cyber Resilience & General Awareness

• 5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments (Dark Reading)
  • WaterISAC particularly likes this one!! “1. Streamline Membership and Access to ISACs”
• Here’s how to contain supply chain attacks (SC Magazine)
• Email – The System Running Since 71’ (Security Week)