You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Zero-Days Increase in Popularity for Ransomware Groups

Kaspersky’s SecureList has published a blog detailing an observed Nokoyawa ransomware attack utilizing a previously unknown Microsoft vulnerability. While the use of zero-days is mostly associated with nation-state threat groups, the actors behind Nokoyawa ransomware are known for their technical sophistication and tendency to utilize exploits targeting the Common Log File System, of which the zero day was associated with.

April 12, 2023 WaterISAC Special Web Briefing

WaterISAC convened a special web briefing on April 12. Nushat Thomas, the cybersecurity branch chief at EPA's Water Infrastructure and Cyber Resilience Division (WICRD), presented.

Agenda - What You Need to Know: EPA’s New Operational Technology Cybersecurity Requirement to Help PWSs 

  • Memorandum Overview
  • Guidance and Resources
  • Training
  • Q&A

In addition to the recording and presentation, WaterISAC provided information on upcoming events and opportunities.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Cyber Resilience – More Comprehensive Cyber Incident Reporting is Critical to Enhance Sector Security

CSO Online has written an article discussing the importance of cyber incident reporting and how it helps build a more resilient security community. While many governments are beginning to implement legislation that mandates incident reporting, the article points to existing mechanisms the private sector has used to share information through Information Sharing and Analysis Centers (ISACs). These channels have helped organizations mitigate attacks and coordinate a response to widespread campaigns.

Organizations Collaborate to Dismantle Malicious Cobalt Strike Infrastructure

Microsoft, Fortra, and Health-ISAC have announced a partnership to remove malicious copies of Cobalt Strike through legal and technical means. This includes copyright claims, targeting file sharing sites, and a court order allowing the partnership to disrupt the infrastructure that utilizes Cobalt Strike to conduct cyber attacks. Fortra’s Cobalt Strike is a popular security tool used by red teams. However, cracked and altered copies have become extremely popular for threat actors to utilize as part of ransomware attacks.

Threat Awareness – 'Proxyjacking' Could Lead to High Cloud Usage Charges for Victims

Threat actors are utilizing a new attack vector that hijacks legitimate proxyware services, which allows users to sell portions of Internet bandwidth to third parties. In large-scale attacks that exploit cloud-based systems, threat actors can use this vector, termed proxyjacking, to earn possibly hundreds of thousands of dollars per month in passive income, according to security researchers from Sysdig Threat Research Team.

Threat Awareness – PureCrypter Campaign Demonstrates Danger of Increasing Cyberattacks on Government

Menlo Labs has observed a threat actor conducting PureCrypter-enabled attacks against government agencies. Utilizing a compromised non-profit’s website, researchers tracked multiple attempts to infect government agencies through ZIP files containing PureCrypter distributed through Discord who were primed to upload a secondary payload from a compromised non-profit organization’s network. After analyzing the potential chain of infection, they found 106 other attacks that utilized similar behaviors.

Ransomware Awareness – Rorschach Demonstrates Advancements in Ransomware

Check Point Research has posted its analysis of a new strain of partially autonomous ransomware with other concerning capabilities that researchers have labeled Rorschach. Check Point assesses that this strain does not appear to be related to any other ransomware family, nor does the threat actor behind it seem to be affiliated with any other criminal groups. Rorschach is highly customizable and appears to be able to autonomously propagate itself across a victim’s network under the right circumstances.

Pages

Subscribe to Cybersecurity