You are here

Home » Cybersecurity

Cybersecurity

Cyber Resilience – More Comprehensive Cyber Incident Reporting is Critical to Enhance Sector Security

CSO Online has written an article discussing the importance of cyber incident reporting and how it helps build a more resilient security community. While many governments are beginning to implement legislation that mandates incident reporting, the article points to existing mechanisms the private sector has used to share information through Information Sharing and Analysis Centers (ISACs). These channels have helped organizations mitigate attacks and coordinate a response to widespread campaigns.

Organizations Collaborate to Dismantle Malicious Cobalt Strike Infrastructure

Microsoft, Fortra, and Health-ISAC have announced a partnership to remove malicious copies of Cobalt Strike through legal and technical means. This includes copyright claims, targeting file sharing sites, and a court order allowing the partnership to disrupt the infrastructure that utilizes Cobalt Strike to conduct cyber attacks. Fortra’s Cobalt Strike is a popular security tool used by red teams. However, cracked and altered copies have become extremely popular for threat actors to utilize as part of ransomware attacks.

Threat Awareness – 'Proxyjacking' Could Lead to High Cloud Usage Charges for Victims

Threat actors are utilizing a new attack vector that hijacks legitimate proxyware services, which allows users to sell portions of Internet bandwidth to third parties. In large-scale attacks that exploit cloud-based systems, threat actors can use this vector, termed proxyjacking, to earn possibly hundreds of thousands of dollars per month in passive income, according to security researchers from Sysdig Threat Research Team.

Threat Awareness – PureCrypter Campaign Demonstrates Danger of Increasing Cyberattacks on Government

Menlo Labs has observed a threat actor conducting PureCrypter-enabled attacks against government agencies. Utilizing a compromised non-profit’s website, researchers tracked multiple attempts to infect government agencies through ZIP files containing PureCrypter distributed through Discord who were primed to upload a secondary payload from a compromised non-profit organization’s network. After analyzing the potential chain of infection, they found 106 other attacks that utilized similar behaviors.

Ransomware Awareness – Rorschach Demonstrates Advancements in Ransomware

Check Point Research has posted its analysis of a new strain of partially autonomous ransomware with other concerning capabilities that researchers have labeled Rorschach. Check Point assesses that this strain does not appear to be related to any other ransomware family, nor does the threat actor behind it seem to be affiliated with any other criminal groups. Rorschach is highly customizable and appears to be able to autonomously propagate itself across a victim’s network under the right circumstances.

Threat Awareness – ALPHV/BlackCat Ransomware Threat Actor Exploited Veritas Backup Flaw for Initial Access

An affiliate of the ALPHV/BlackCat ransomware group exploited three vulnerabilities in the Veritas Backup product to gain initial access to a victim’s network, according to security researchers at Mandiant. Members who use Veritas Backup Exec are encouraged to review this report and verify your systems have been patched for the exploited vulnerabilities.

Cyber Resilience – Microsoft Will Begin Blocking Dangerous Extensions in OneNote

As WaterISAC has reported multiple times since January, threat actors made a significant pivot to abusing OneNote to spread malware after Microsoft automatically blocked macros last year. Due to this surge in activity, Microsoft has announced they will begin blocking files within OneNote that contain dangerous extensions, similar to Outlook, Word, Excel, and PowerPoint. Microsoft has included 120 file types/extensions along with the capability to block additional extensions if needed.

Pages

Subscribe to Cybersecurity