Cybersecurity

If your utility has been putting off participating in a tabletop exercise (TTX) because it seems too resource-consuming, CISA has an alternative. Similar to its CTEPs (CISA Tabletop Exercise Packages), CISA released a new toolkit called the “Secure Tomorrow Series” designed to be self-facilitated and completed with fewer staff in less time.

Security researchers have identified a new remote access trojan (RAT) malware, dubbed Borat, available on criminal marketplaces which allows threat actors to deploy ransomware, conduct DDoS attacks, user account control (UAC) bypass, and more. It is unknown if Borat is sold or shared for free among cyber criminals, but researchers note the malware is distributed as a highly modular comprehensive package allowing criminals to mix and match technical exploits that can be tailored for targeted attacks.

This week, the FBI announced another global law enforcement operation that successfully disrupted Business Email Compromise (BEC) schemes. BEC scams typically target employees of businesses that make payments via wire transfers. These fraudsters usually gain access to a company’s email accounts or spoof their email addresses to send legitimate sounding and well-timed requests for wire transfers, according to the FBI. Over a three-month period, the FBI conducted Operation Eagle Sweep, where they arrested 65 suspected BEC fraudsters in the U.S. and overseas.

The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that ransomware attacks are straining local U.S. governments and public services. The FBI has been tracking cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. Based on victim incident reporting, the Government Facilities Sector (GSF) was the second highest victimized sector of ransomware attacks, between January and December 2021.