You are here

Home » Cybersecurity

Cybersecurity

Ransomware Resilience – Unpacking a Typical Ransomware Attack

Based on extensive experience, security researchers at IBM’s Security X-Force Incident Response team have discerned a predictable pattern that ransomware attacks follow. IBM researchers utilized this predictable pattern to break down a ransomware attack into five stages: Initial Access, Post-Exploitation, Understand and Expand, Data Collection and Exfiltration, and Ransomware Deployment. Initial access is gained most commonly through phishing or vulnerability exploitation.

BazarLoader Incorporates New Delivery Technique

The malware family BazarLoader has new tricks up its sleeves. The data theft motivated threat actors have updated BazarLoader’s delivery methods used to gain access to a victim’s network or device. BazarLoader’s new tactics include convincing victims to download compromised software installers such as TeamViewer, and delivering malware by exploiting ISO files. Experts believe these new delivery methods are likely an attempt to evade detection. Additionally, BazarLoader is known to be used for initial access by prominent ransomware families such as Conti.

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

As the holiday season approaches, many are focused on shopping, cooking, and visiting relatives – cybersecurity is often forgotten. Cybercriminals, however, are aware of and regularly leverage these distractions to conduct attacks while our minds are elsewhere. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are making sure stakeholders are aware of the potential risks going into the holiday season, in a newly released advisory.

Incident Notification – New GoDaddy Breach Impacts WordPress Data

Yesterday, GoDaddy filed a report with the Securities and Exchange Commission (SEC) for a security incident it discovered on November 17, 2021. The filing describes the discovery of unauthorized third-party access to their Managed WordPress hosting environment. According to the report, beginning on September 6, 2021 an unauthorized third party leveraged the vulnerability to gain access to the following customer information:

Think Tank Makes Far Reaching Federal Policy Recommendations for Water Sector Cybersecurity

Today, the Foundation for Defense of Democracies (FDD), a think tank aligned with the congressional Cyberspace Solarium Commission, released a research memo recommending a wide range of federal cybersecurity policy changes to improve water and wastewater cybersecurity. The memo, “Poor Cybersecurity Makes Water a Weak Link in Critical Infrastructure,” is expected to be translated into legislation for Congress to consider next year.

Joint Cybersecurity Advisory Regarding Iranian APT – Another Threat Emphasizing the Importance of Patching

The FBI, CISA, ACSC, and NCSC released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group believed to be associated with the government of Iran. Specifically, the FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

Security Awareness – Current Phishing Campaign Leverages Fake Outlook Web App

A new phishing scam is using the likeness of Microsoft Outlook Web App to steal credentials. Researchers at Mailguard observed a recent phishing campaign from an unknown group of cyber criminals seeking to gain access to user credentials. The email asks users to ‘validate your account’ by clicking on a nefarious link and entering your password. After clicking the link, victims are directed to a mimicked version of the Outlook Web App login page and asked to provide their username and password.

Pages

Subscribe to Cybersecurity