You are here

Home » Cybersecurity

Cybersecurity

Passthrough – EPA Office of Inspector General Issues BEC Fraud Alert

The U.S. EPA OIG issued a fraud alert (attached) to highlight the all-too-common and costly form of phishing known as business email compromise (BEC). In this convincing scam, criminals are using fraudulent emails that appear to come from known and trusted sources to access company email accounts and target organizations that make or receive financial transactions. These emails may originate from lookalike, or spoofed, email accounts or legitimate email accounts compromised through phishing campaigns.

Passthrough – CISA Cybersecurity Emotions

CISA recently shared its “Cybersecurity Emotions” series detailing social engineering tactics that threat actors often use when implementing various tactics against organizations and internet facing users. Organizations can add CISA’s “Cybersecurity Emotions” to security awareness training as each of the “emotions” are effectively described and explained giving relatable real-world understanding of these tactics and helping users learn the basics of “cyber hygiene.”

ICS/OT Cyber Resilience – Dragos’ 2023 OT Cybersecurity Year in Review: Insights on New Activity Groups, Industrial Ransomware, and ICS/OT Vulnerabilities

Dragos published its 2023 OT Cybersecurity Year in Review today. In its seventh iteration, this comprehensive report contains the latest threat intelligence on adversary activity targeting OT environments, industrial risk of ransomware, the state of OT vulnerabilities, and more. Dragos shares predominate insights, poignant lessons learned, and proactive recommendations in this annual data-driven analysis of ICS/OT focused cyber threats and vulnerabilities.

Ransomware Awareness – LockBit Ransomware Disrupted Following International Takedown Operation

In a joint operation known as “Operation Cronos,” international law enforcement partners collaborated in efforts to disrupt the notorious ransomware group known as LockBit. The U.S. Department of Justice Office of Public Affairs has issued a press release announcing the disruption of the gang along with indictment charges against two Russian nationals. 

A banner on LockBit’s data leak website reads:

FBI FLASH – Identification and Disruption of the Warzone Remote Access Trojan (RAT)

The FBI has published a TLP:CLEAR FLASH to disseminate indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Warzone Remote Access Trojan (RAT), also identified as “Ave Maria” through open-source reporting and FBI investigation.

On 7 February 2024, the FBI and international partners executed a coordinated operation to disrupt Warzone RAT infrastructure worldwide. The FBI is releasing this product to maximize awareness on the service and to seek additional reporting from victims.

Incident Awareness – Canadian Pipeline Confirms November Breach, ALPHV/BlackCat Claims Responsibility

The Trans-Northern Pipelines (TNPI), a Canadian pipeline located in Ontario-Quebec, confirmed yesterday that its internal network was breached in November. TNPI operates 726 total miles of pipeline across Ontario and Alberta, transporting 221,300 barrels daily. The threat group ALPHV/BlackCat has claimed responsibility for the breach, added Trans-Northern to its blackmail site on Tuesday, and purports to have stolen 190 GB of data from the oil distributor.

Cyber Resilience – Observed Challenges in Information Sharing, Applicable Lessons from an ISAC Exercise

In October 2023, Health-ISAC (H-ISAC) facilitated an all-day workshop and tabletop exercise with Health-ISAC members and United States Government (USG) agencies in Washington, DC. While the exercise involved healthcare organizations, the scenario and challenges are applicable and representative broadly across all critical infrastructure sectors. The H-ISAC has released its Hobby Exercise 2023 After Action Report, which documents the lessons learned and challenges experienced upon review of its most recent Hobby Exercise Series.

Pages

Subscribe to Cybersecurity