You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Social Media Among Top Brands Impersonated in Phishing Attacks

Phishing attacks continue to be one of the one of the most common entry vectors for threat actors. Brand impersonation attacks, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most pernicious forms of phishing. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the first quarter of 2022.

Security Awareness – Cyber Criminal Groups Expand Working Relationship

Security researchers have uncovered technological and financial links between the Karakurt cyber crime group and the Conti and Diavol ransomware gangs, allowing these threat actors to expand their operations and target additional victims. Karakhurt is a financially motivated threat actor, first identified last summer, and it was previously believed that the group focused exclusively on data exfiltration. However, the group’s link to Conti and Diavol suggest it is expanding its tactics and operations.

Joint Cybersecurity Advisory – North Korean State-Sponsored APT Targets Blockchain Companies

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, and the U.S. Department of Treasury, have published a joint Cybersecurity Advisory on tactics, techniques, and procedures associated with a North Korean state-sponsored advanced persistent threat (APT) group as well as warning that the group is targeting blockchain companies. This North Korean APT group, commonly tracked as the Lazarus Group, uses spear phishing and social engineering to trick individuals into downloading trojanized cryptocurrency applications onto their operating system.

Lockbit Attack on Regional US Agency Comes After Months of Access

Sophos has posted a blog providing an insightful look into the activity of threat actors loitering on victim networks before finally executing a Lockbit ransomware attack. Researchers described how an unknown threat actor spent over five months exploring a “regional US government agency’s” networks after gaining access to them. Their activity was initially amateurish and lackadaisical, before turning professional in the weeks before the ransom, potentially indicating that a novice attacker had penetrated the network and eventually sold the access to a more sophisticated group.

Threat Awareness - Tarrask Malware

Security researchers at Microsoft have uncovered a new malware being employed by the Chinese-state sponsored Hafnium group, that maintains persistence on compromised Windows devices by creating and obfuscating scheduled tasks. The Hafnium group was linked to last year’s worldwide exploitation of the ProxyLogon zero-day flaws that impacted Microsoft Exchange Servers. These threat actors have targeted organizations in multiple critical infrastructure sectors.

ICS/SCADA Threat Advisory – Joint Cybersecurity Advisory Regarding Advanced Cyber Tools Targeting ICS/SCADA Devices

Summary: Given the current threat landscape and recent concerns for the potential of cyber attacks against critical infrastructure, members are highly encouraged to review the following Joint Cybersecurity Advisory regarding newly discovered custom attack tools designed to target ICS/SCADA devices and address accordingly. The current advisory warns of tools that have been created to cause damage to the following components:

Microsoft Advises to Patch Now to Address Critical Remote Code Execution Vulnerability for MS-RPC

Action Recommended: Members are strongly encouraged to advise their system administrators to address Microsoft security updates for April 2022. This month’s round of patches includes a critical remote code execution (RCE) vulnerability for an extremely important component of the operating system that allows for arbitrary code execution without authentication or user interaction.

Six Steps to Go Passwordless at Your Organization

While still the most popular method of authentication, passwords suffer significant drawbacks in terms of security and cost as we continue to struggle at creating less crackable ones. Dark Reading has written a piece describing six steps organizations can take to transition to passwordless authentication methods to help reduce the reliance on humans to create strong enough passwords to reduce the occurrence of information and data leaks. First, passwordless programs must start small, instead of attempting to switch the entire organization over at once.

Pages

Subscribe to Cybersecurity