Cybersecurity

As the holiday shopping season approaches everyone should be on the lookout for holiday shopping scams. Be aware of those “too good to be true” spam and scams from suspicious sites, phishing emails, or online ads offering items at inconceivable discounts. Threat actors have gotten good at disguising their campaigns to fit in with the legitimate messages and use the hustle and bustle of the shopping season to hope we don’t notice their scams.

To safely shop online, remember:

Last week, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain, titled Securing Software Supply Chain Series - Recommended Practices Guide for Customers.

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.

Develop a viable defense and threat actors will inevitably find a way to bypass it. That’s the endless game of cat-and-mouse, especially in the cybersecurity world. A historical example was the old advice to ‘never open an email from someone you don’t know,’ so threat actors now expertly purport to be or impersonate someone (or something, as in the case of a well-known brand) we do know. A more recent example is in regards to multifactor authentication (MFA).