You are here

Home » Cybersecurity

Cybersecurity

FBI PSA: FBI Warns of the Impersonation of Law Enforcement and Government Officials

The FBI has published a Public Service Announcement (PSA) detailing ongoing pervasive fraud schemes in which scammers impersonate law enforcement or government officials in order to extort money or steal personally identifiable information. These threat actors commonly spoof genuine phone numbers and names and use fake credentials of well-known government and law enforcement agencies. Scammers will use an urgent and aggressive tone and refuse to speak to or leave a message with anyone other than their targeted victim, according to the FBI.

FBI FLASH: RagnarLocker Ransomware Indicators of Compromise

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with RagnarLocker ransomware. The FLASH indicates that since January 2022, RagnarLocker ransomware has targeted at least 52 organizations across 10 critical infrastructure sectors. According to the FBI, members of the RagnarLocker group work as part of a ransomware family and frequently alter obfuscation techniques to avoid detection and prevention. The FLASH includes further technical details regarding this activity and lists recommended mitigations.

Blended (Cyber-Physical) Threat Awareness – APC Smart-UPS Devices Vulnerable to Remote Exploitation Could have Physical Impacts

UPS (uninterruptible power supply) devices are widely relied on to keep our computer networks operational during a short-term power outage and to allow for graceful shutdowns in the event of longer-term power failures. But UPS devices can be a set it and forget it part of our network. A recent trio of vulnerabilities dubbed TLStorm highlight why UPS devices shouldn’t be neglected.

Threat Awareness – Anchor Malware

Cybersecurity researchers have uncovered a new version of the Anchor malware that has been observed targeting Windows systems. Anchor is a backdoor malware that was first spotted in 2018 and helped threat actors communicate with C2 servers to ultimately deploy Conti ransomware. Anchor has been used to target multiple critical infrastructure sectors. This new variant, dubbed AnchorMail, employs an email-based C2 server and communicates via the SMTP and IMAP protocols over TLS. This helps threat actors avoid detection from common email-based security protocols.

Cybersecurity Resilience – NSA Releases Network Infrastructure Best Practices

The National Security Agency (NSA) has just released a new report, Network Infrastructure Security Guidance, to help cybersecurity professional implement network security best practices. Procedures for securing networks are constantly evolving as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Consequently, this report focuses on the design and configurations that protect against common vulnerabilities and weaknesses on existing networks.

Ransomware Resilience – NIST Publishes Ransomware Risk Management: A Cybersecurity Framework Profile

The National Institute of Standards and Technology (NIST) just published the final version of its ransomware guide, Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374), to help organizations and individuals manage the risk of ransomware incidents. This ransomware report identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware incidents. The profile can be used as a guide for understanding the ransomware threat and managing the risk from it.

Improving Phishing Awareness to Prevent Ransomware Attacks

The cybersecurity company Proofpoint recently released its annual report on user phishing awareness, vulnerability, and resilience. According to the report, 78 percent of organizations experienced email-based ransomware attacks in 2021, while 77 percent saw business email compromise attacks (BEC) increase 18 percent compared to 2020. These results demonstrate the continuing focus of adversaries to compromise users via non-technical social engineering tactics compared to exploiting technical vulnerabilities.

Pages

Subscribe to Cybersecurity