Cybersecurity

Researchers at Heimdal Security have provided a high-level overview of MegaCortex ransomware. While MegaCortex has been primarily known to target enterprise networks, members may recall that version 2 has been linked to its OT process aware cousin, EKANS. For more on EKANS and its relationship to MegaCortex v2, members are encouraged to review the Security & Resilience Update on February 4, 2020.

The National Security Agency (NSA) Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during its first full year of existence. The report begins by highlighting NSA Cybersecurity’s contributions to the 2020 elections, Operation Warp Speed, and the Department of Defense’s pandemic-influenced transition to telework. But it also discusses the organization’s work to strengthen public-private partnerships and steps it took to build a more diverse and resilient workforce.

Adversaries do not usually have to work too hard to discover valuable information to plan and execute attacks against their targets. Even threat actors targeting ICS are able to find plenty of open source information during their reconnaissance phase to disrupt operational functions. For example, Dragos observed adversaries conducting ICS-targeting activities that sought data about energy infrastructure and physical processes necessary to recover from a compromise.

As part of its Tech Tuesday series, the FBI's Portland, Oregon office has published an article on building a digital defense against tech support fraud, which is an especially relevant topic now given that many people received new electronic gadgets over the holidays. In one version of the scam, the user of the new device scans the internet for help on how to use it, which could lead them to illegitimate websites. In the second scenario, the scam starts with the fraudster contacting the user first, pretending to represent a well-known, reputable tech company.