Cybersecurity

Cybersecurity researchers have uncovered a new version of the Anchor malware that has been observed targeting Windows systems. Anchor is a backdoor malware that was first spotted in 2018 and helped threat actors communicate with C2 servers to ultimately deploy Conti ransomware. Anchor has been used to target multiple critical infrastructure sectors. This new variant, dubbed AnchorMail, employs an email-based C2 server and communicates via the SMTP and IMAP protocols over TLS. This helps threat actors avoid detection from common email-based security protocols.

The National Institute of Standards and Technology (NIST) just published the final version of its ransomware guide, Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374), to help organizations and individuals manage the risk of ransomware incidents. This ransomware report identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware incidents. The profile can be used as a guide for understanding the ransomware threat and managing the risk from it.

The cybersecurity company Proofpoint recently released its annual report on user phishing awareness, vulnerability, and resilience. According to the report, 78 percent of organizations experienced email-based ransomware attacks in 2021, while 77 percent saw business email compromise attacks (BEC) increase 18 percent compared to 2020. These results demonstrate the continuing focus of adversaries to compromise users via non-technical social engineering tactics compared to exploiting technical vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) has shared Broadcom Software’s threat advisory warning that an advanced persistent threat (APT) campaign using the Daxin malware has targeted multiple government and other critical infrastructure targets.