You are here

Home » Cybersecurity

Cybersecurity

OT/ICS Threat Awareness – COSMICENERGY: New OT-Focused Malware Discovered by Mandiant

Mandiant published intelligence on what is essentially the 8th known ICS-focused malware discovered. Tracked as COSMICENERGY, Mandiant assesses the malware’s capabilities and overall attack strategy appear reminiscent of the 2016 INDUSTROYER incident. Specifically, the malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.

Ransomware Resilience – Updated #StopRansomware Guide Now Available

CISA, FBI, NSA, and MS-ISAC published an update to the 2020 #StopRansomware Guide which contains additional recommended actions, resources, and tools. The #StopRansomware Guide is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.

Ransomware Trend Awareness – New Vulnerabilities Utilized in Q1 2023 Ransomware Attacks

HelpNetSecurity provided a summary on a recent report produced by researchers at Ivanti, Securin, and Cyware discussing ransomware-related vulnerabilities for Q1 2023. Twelve new vulnerabilities have become associated with ransomware over this period, 73 percent of which are trending on the deep and dark web. Eighteen ransomware-associated vulnerabilities are currently not being detected by popular scanners, and 119 are present in open-source code that multiple vendors and products utilize.

Threat Awareness – Popular Secure Email Gateways Being Bypassed by SuperMailer Demonstrates Continued Evolution and Prolificacy of Credential Phishing

Cofense has shared analysis observing the increased use of SuperMailer by threat actors deploying high-volume phishing campaigns. SuperMailer is a professional newsletter program which seems to have become equally attractive to criminals running phishing campaigns as it is to marketing professionals. Fourteen percent of all phishing emails tracked by Cofense were produced by SuperMailer in the month of May, a significant increase from the prior month where it was only 4 percent.

Threat Awareness – BEC Campaigns Now Utilizing Residential IP Addresses to Increase Legitimacy

Microsoft has posted a blog discussing a shift in business email compromise (BEC) tactics towards the use of residential IP addresses in order to make threat actors’ emails more convincing to victims. By acquiring a residential IP address alongside account credentials from the victim, criminals can make it more difficult for network defenders to track malicious activities.

Vulnerability Awareness – Cisco Releases Security Advisory for Small Business Series Switches

Given widespread use of Cisco Small Business Switches, the critical exploitability rating (CVSS 9.8), and the public availability of proof-of-concept exploit code, members are encouraged to review the Cisco security advisory for impacted components in your environment and address accordingly.

Security Awareness – Social Engineering Techniques Being Used to Exploit Microsoft Teams

Proofpoint has posted a blog discussing research into new ways to exploit Microsoft Teams, including post account compromise impersonation and manipulation techniques, weaponized meeting invites by replacing default URLs with malicious links, and weaponized messages by replacing existing URLs with malicious links. The blog details how to use each exploit at a high level, along with examples.

Joint Cybersecurity Advisory – #StopRansomware: BianLian Ransomware Group

WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness of active threats and adversary capabilities.

CISA, the FBI, and the Australian Cyber Security Centre (ACSC) recently published a joint Cybersecurity Advisory (CSA) to provide network defenders with technical information, recommended actions, and mitigations to protect against BianLian Ransomware.

Pages

Subscribe to Cybersecurity