You are here

Home

Cybersecurity

Ransomware Resilience – Proactive Defense Against Ransomware is to Protect Against Behaviors, not Indicators

With ransomware running rampant, pardon the cliché, it’s only a matter of time before many more organizations fall victim to this money-grubbing menace. Recently, Microsoft tweeted about the more than 100 threat actors using ransomware that its tracking in attacks across over 50 unique active ransomware families, including LockBit, BlackCat (ALPHV), and Play, to name a few. While phishing is still a threat actor fan favorite, it’s not the only technique in town.

Action Recommended: Check if your On-Prem or Hybrid Microsoft Exchange Server is Still Vulnerable to ProxyNotShell and/or OWASSRF Exploitation

Despite repeated warnings to patch on-premises and hybrid Microsoft Exchange servers during the past couple of years, the number of vulnerable servers remains concerning. We know that as long as devices remain unpatched, threat actors will keep exploiting them. This fact can be evidenced by a cursory review of CISA’s Known Exploited Vulnerabilities Catalog, which lists vulnerabilities known to currently be exploited dating back over 20 years.

Threat Awareness – Threat Actors Continue Infecting Victims Through Top Google Ads Search Results

Threat actors continue exploiting the Google Ad platform to infect users with malware or steal credentials or financial information. Recent reporting highlights how attackers are targeting password managers via malicious ads. Specifically, users of Bitwarden and 1Password reported that malicious ads on Google search were masquerading as the legitimate password manager domains and led users to credential stealing phishing sites. These incidents are just the latest in a series of incidents with password managers and Google’s Ad network over the past few months.

Ransomware Awareness – Insights on Ransomware Activity, Recent Trends, and the Importance of Threat Intelligence

Dark Reading posted an article providing insights from GuidePoint Security’s recently released GRIT 2022 Ransomware Report. GuidePoint offers multiple perspectives based on its ransomware negotiations. The report highlights four general categories that ransomware groups fall into and which are the most active threat. Additionally, the report offers additional considerations, most notably how improved backup strategies have been making a positive difference in being able to successfully recover after an attack.

Joint Cybersecurity Advisory – Protecting Against Malicious Use of Remote Monitoring and Management Software

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) published a joint Cybersecurity Advisory (CSA) to warn network defenders about threat actors exploiting legitimate remote monitoring and management (RMM) software to conduct malicious activity.

Cyber Resilience – European Union Agency for Cybersecurity Releases Tool for Cybersecurity Awareness Campaigns

The European Union Agency for Cybersecurity (ENISA) has released a new resource called AR-in-a-Box (Awareness Raising in a Box). AR-in-a-Box is described as “a comprehensive solution for cybersecurity awareness activities designed to meet the needs of public bodies, operators of essential services, and both large and small private companies.” The collection includes multiple guidelines and instructions covering the different aspects an organization needs to be aware of when organizing a cybersecurity awareness campaign, as well as an awareness quiz and game for use by employees.

Threat Awareness – New USB Malware Variant Utilizes Novel Method of Obfuscation

Palo Alto Networks published a blog discussing research by its Unit 42 of a newly discovered variant of PlugX malware. This variant has a few unique capabilities, including the ability to hide itself within a USB using a novel technique that’s effective on the current Windows OS and that can only be detected using specialized forensic tools. It then copies all Adobe PDF and Microsoft Word files from the attached machine and spreads to any other removable drives (e.g., floppy, thumb, or flash) connected to the system.

Pages

Subscribe to Cybersecurity