You are here

Home » Cybersecurity

Cybersecurity

CISA, FBI, and NSA Note Increase in Conti Ransomware Attacks in Advisory

The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA have released a Joint Cybersecurity Advisory (CSA) on the Conti ransomware, noting they have observed the increased use of this malware in attacks. The advisory contains technical details on the malware; it also maps the malware’s techniques to the MITRE ATT&CK framework. Additionally, it discusses mitigation measures to reduce the risk of compromise by the Conti ransomware.

Cyber Hygiene – Addressing Authentication in Active Directory

Microsoft’s Active Directory (AD) service is rife with potential risk factors providing threat actors with multiple avenues of exploitation. The cybersecurity firm Mandiant reported that 90 percent of the breaches they surveyed exploited AD vulnerabilities. Topping the list of fixable AD vulnerabilities is inadequate authentication security. One of the most pervasive issues is corporate applications allowing users anonymous access to AD.

Trend Micro’s First Half of 2021 Cyber Threat Review

Trend Micro released its midyear review on cybersecurity threats detected in 2021 thus far. The study, Attacks From All Angles: 2021 Midyear Cybersecurity Report, covers Trend’s observations across ransomware, technical vulnerabilities, the impacts from the pandemic, and more. The report asserts that almost 41 billion threats were identified and blocked in the first six months of this year. Ransomware operations decreased from 14 million in the first half of 2020 to over 7 million during the same period this year.

Ransomware Resilience – Deferred Patching Could Result in a Ransomware Attack

Ransomware resilience is more than just having validated backups to use to restore your systems after a ransomware attack, patching has a lot to do with it too. A security researcher has compiled no less than forty-three (at the time of this writing) technical vulnerabilities across multiple products that ransomware actors are actively exploiting on unpatched devices.

Biden Administration Hoping to Deflate Ransomware Groups’ Pocketbooks

Amid the continued upward trend in ransomware attacks, the U.S Treasury issued a bulletin this morning that begins proposed actions of levying sanctions against cryptocurrency exchanges, wallets, and traders utilized by ransomware groups. At the behest of the Biden Administration, today’s actions include the Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) designation of SUEX OTC, S.R.O.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 16, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Pot Calling the Kettle Black – Ransomware Groups Blame Negotiators for Only Being there to Make Money

Under the guise of ‘negotiators don’t care about the victim, they’re only in it for the money,’ at least two ransomware groups have recently upped the ante on their quest for a quick buck – or hundreds of thousands of bucks. Amid the flurry of ransomware attacks, the Grief ransomware group is now threatening to destroy the decryption keys of any victim who hires a professional negotiator. Similarly, the Ragnar Locker ransomware group threatened to release stolen data if the victim contacted law enforcement or a negotiator.

Another Reason to Patch – Potential Nexus Between Microsoft’s MSHTML Zero-Day Attacks and Ransomware Activity

Microsoft recently disclosed that its Windows MSHTML zero-day vulnerability may have possibly been exploited by ransomware gangs. The exploit, tracked as CVE-2021-40444, was revealed on September 7 when Microsoft acknowledged that it had observed the exploit used in limited targeted attacks. Microsoft released a patch for this vulnerability with its September 14th updates.

Australian Annual Cyber Threat Report

The Australian Cyber Security Centre (ACSC) has released its second annual report on key cyber threats and statistics from 2020–2021. The report underlines that threat actors have greatly exploited the pandemic environment, ransomware attacks saw a 15 percent increase over the past year, and around 25 percent of all reported cyber incidents were associated with critical infrastructure. WaterISAC encourages members to review the ACSC report more insights and observations.

Pages

Subscribe to Cybersecurity