You are here

Home » Cybersecurity

Cybersecurity

(Update April 28, 2022) CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

CISA and the FBI have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and Malware Analysis Reports (MARs) containing technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.

Beyond Just the Known Exploited Vulnerabilities to the Vulnerabilities Threat Actors are Routinely Exploiting

On April 27, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom published a joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A). As in prior years, this joint effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor.

Threat Awareness - SocGholish and Zloader

A new threat analysis report from Cybereason examines the threat posed by two malware strains, SocGholish and Zloader, that masquerade as legitimate software updates and installers. From December 2021 to now, Cybereason researchers have observed an increase in the number of attacks involving SocGholish and Zloader. First, SocGholish is a JavaScript-based malware that poses as a legitimate browser update delivered to victims via compromised websites and establishes an initial foothold on a victim’s network before deploying ransomware or conducting other malicious activity.

Security Awareness – Organizations Continue to Fall Victim to Email Phishing Attacks

Email-borne cyber threats remain one of the most prevalent avenues for threat actors to target organizations and are thus a major headache for companies. A new report from Cyren and Osterman Research found that companies are spending an average of 3,850 hours per year responding to compromises caused by email-borne attacks. The most common breach vector the study found was compromised Office 365 login credentials. Email-based account compromise can lead to financial scams, business email compromise (BEC), and the deployment of ransomware.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - April 26, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

FBI FLASH - BlackCat/ALPHV Ransomware Indicators of Compromise

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with BlackCat/ALPHV ransomware. The Flash notes that BlackCat/ALPHV threat actors operate as a ransomware as a service (RaaS) organization and since March 2022 have compromised at least 60 entities worldwide. The group is reportedly the first successful ransomware entity to employ the RUST programing language, which is considered to be more secure.

Joint Cybersecurity Advisory – Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) (AA22-110A) to warn organizations of the potential for increased Russian malicious cyber activity as a response to the unprecedented economic costs imposed on Russia as well as the materiel support provided by the U.S. and its allies and partners. Members are encouraged to review the advisory and immediately take action to protect against and mitigate this activity.

Pages

Subscribe to Cybersecurity