You are here

Home » Cybersecurity

Cybersecurity

Canadian Centre for Cyber Security – Preparedness, Resilience, and Security Awareness Resources - (Updated June 1, 2023)

The Canadian Centre for Cyber Security (CCCS) continues to publish cybersecurity guidance documents that offer practical cyber hygiene best practices and enterprise preparedness and resilience resources. WaterISAC is sharing these resources to assist network defenders and help strengthen their cybersecurity posture. Members are encouraged to reference CCCS for on-going guidance publications and updates.

June 1, 2023

Threat Awareness – Phishing Attack Employs Encrypted File Attachments to Steal Microsoft Account Credentials

Threat actors have recently been observed utilizing encrypted attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways, according to security researchers at Trustwave.

Security Awareness – File Extensions as Top-Level Domains Could Cause Confusion and may Become Potential Exploitation Vector

Researchers at Trend Micro posted a blog analyzing security risks emanating from recent activity by Google which created Top-Level Domains (TLDs) that are mostly known for being well-known file extensions. There has been some debate among the security community on whether concerns over this action are warranted. Nonetheless, members are encouraged to share this development with users who might be quick to click.  

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 30, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Insider Threat Awareness – Study: Insider Threats Caused by Unintentional Human Error are Costly

Proofpoint published its 2022 Cost of Insider Threats Global Report analyzing costs of a wide variety of insider threat risks. On average, an insider threat incident cost $484,931 in 2022 and takes 85 days to contain, both major impacts to small and medium businesses. Furthermore, 56 percent of those incidents occur simply due to employee or third party negligence or carelessness, instead of any malicious behavior.

Ransomware Awareness – New Buhti Ransomware Leverages Leaked Code

Symantec shared an analysis report discussing a new ransomware operation called Buhti that appears to be leveraging leaked code of popular ransomware families, most notably LockBit and the defunct, Babuk. The threat actor (Blacktail) behind the campaign doesn’t appear to be linked to any other groups. Additionally, Buhti appears to have developed a custom tool for searching and exfiltrating data and archiving specified file types.

Vulnerability Awareness – Zero-Day Vulnerability Identified in Barracuda Email Security Gateway Appliances

Barracuda recently detected a zero-day vulnerability in its Email Security Gateway appliance (ESG). Successful exploitation of the vulnerability could have provided threat actors with unauthorized access to a subset of email gateway appliances. According to Barracuda, “the vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.”

OT/ICS Threat Awareness – COSMICENERGY: New OT-Focused Malware Discovered by Mandiant

Mandiant published intelligence on what is essentially the 8th known ICS-focused malware discovered. Tracked as COSMICENERGY, Mandiant assesses the malware’s capabilities and overall attack strategy appear reminiscent of the 2016 INDUSTROYER incident. Specifically, the malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.

Ransomware Resilience – Updated #StopRansomware Guide Now Available

CISA, FBI, NSA, and MS-ISAC published an update to the 2020 #StopRansomware Guide which contains additional recommended actions, resources, and tools. The #StopRansomware Guide is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.

Pages

Subscribe to Cybersecurity