You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – New IceApple Toolset Being Deployed on Microsoft Exchange Servers

Security researchers have discovered a new sophisticated post-exploitation framework being primarily deployed on Exchange servers, dubbed IceApple. The toolset was discovered by CrowdStrike after an alert triggered on a new customer’s Microsoft OWA deployment. Researchers believe the developers behind IceApple prioritize keeping a low profile in network environments to achieve long-term objectives in targeted attacks.

Joint Cybersecurity Advisory - Protecting Against Cyber Threats to Managed Service Providers and their Customers

The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the United Kingdom have released joint Cybersecurity Advisory (CSA) AA22-131A, warning of an increase in malicious cyber activity targeting managed service providers (MSPs) and this trend is expected to persist. The advisory offers specific steps MSPs and their customers can implement to reduce their risk of falling victim to a cyber intrusion.

NIST Updates Cybersecurity Guidance for Supply Chain Risk Management

The National Institute of Standards and Technology (NIST) has released an updated guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. The updated guide, titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, offers specific methods for companies to adopt as they improve their ability to manage cybersecurity risks within and across their supply chains.

Security Awareness – Infrastructure Entities Targeted by HTML Phishing Campaign

Security researchers have uncovered a phishing campaign targeting energy and other infrastructure companies by exploiting HTML attachments that contain credential stealing forms. In this specific campaign, the threat actor portrays the phishing email as a being from an internal source by leveraging the “Shared-Files via” feature of Microsoft 365 and masquerades as a transcript being sent to the victim. However, the email address, with a Japanese domain, is clearly visible. After downloading the HTML file, users are prompted to enter their Microsoft email password to access a fake invoice.

Ransomware Resilience – Defending against the Ransomware-as-a-Service Model

The Microsoft Threat Intelligence Center (MSTIC) just published a lengthy report providing an overview of the Ransomware-as-a-service (RaaS) threat and detailing what organizations can do to better defend against this activity. Microsoft has termed the RaaS gig economy as human-operated ransomware, where human threat actors make decisions at every stage of the attack. Despite the rising threat, there are many preventative steps organization can implement to harden their defenses. First, it’s important that companies practice credential hygiene.

Threat Awareness – Threat Actors Exploiting Event Logs to Hide Fileless Malware

Security researchers have uncovered a malicious cyber campaign that employs a novel anti-detection technique to deliver a trojan onto a targeted device. The campaign, first observed by Kaspersky, writes shellcode into Windows event logs that allows for a “fileless” last stage trojan to be hidden in a computer’s random-access memory. Injecting malware directly into system memory is what classifies as “fileless” and this technique allows threat actors to hide malicious payloads from traditional security and detection tools.

FBI PSA – BEC Scams Continue to Target Organizations Large and Small

The FBI’s Internet Crime Complaint Center (IC3) has updated its Public Service Announcement (PSA) on the continuing threat of Business Email Compromise (BEC) scams. This latest PSA includes updated statistical data for the time frame of October 2013 to December 2021, which includes the estimate that during this period total domestic and international losses to BEC have amounted to over $43 billion.

Pages

Subscribe to Cybersecurity