Cybersecurity
Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware
Overall malware detections have decreased from their record high in the first half of 2021, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office, according to WatchGuard Threat Lab’s latest report.
New Sophos Report – The State of Ransomware in State and Local Government 2022
Yesterday, the cybersecurity company Sophos released a new report, The State of Ransomware in State and Local Government 2022, which provides insights into ransomware attack trends, costs and recovery, and ransom payouts in state and local government organizations over the last year. To conduct the report, Sophos polled 5,600 IT professionals in mid-sized organizations across 31 countries, including 199 respondents from the state and local government sector. The study found that ransomware attacks against state and local governments are significantly increasing.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Cyber Resilience – Get to Know the Enemy Before They Get to Know You
by Jennifer Lyn Walker
Organizational Resilience – Insider Threats
The risk posed by insider threats is increasing. Organizations routinely fall victim to cyber attacks due to both intentional and unintentional insider threats. There are two broad categories of insider threats: the malicious insider and the unwitting asset. Malicious insiders can be motivated by financial or political factors or be driven by personal grievances against an employer. They also may be a disgruntled former employee. While malicious insiders have negative intentions, unwitting assets are also a concern.
Threat Awareness – Compromised Microsoft SQL Servers Being Used to Deliver Ransomware
Threat actors have been observed compromising vulnerable Microsoft SQL servers and infecting them with FARGO ransomware. Disrupting database servers can lead to significant disruption of business operations. They are often compromised via brute force, dictionary attacks, or by exploiting unpatched vulnerabilities. According to security researchers at AhnLab, this attack chain involves downloading a .Net file and PowerShell, followed by the execution of a BAT file, which eventually leads to the deployment of the FARGO ransomware and a ransom note on a victim’s device.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 27, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat Awareness – Ransomware Groups Attempting to Destroy Data Rather than Encrypt to Ensure Payouts
Last week, researchers began noticing at least one ransomware group attempting to “up” the data extortion game. Researchers at Cyderes and Stairwell observed a BlackCat/ALPHV sample attempting to corrupt files within the victim’s environment rather than encrypting them and then staging the files for destruction. The data destruction functionality is being linked to Exmatter, a tool that has previously been associated with BlackMatter.
OT/ICS Cyber Resilience – Joint Cybersecurity Advisory on Control System Defense
CISA and the National Security Agency (NSA) published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). According to the advisory, Control System Defense: Know the Opponent (AA22-265A) is intended to provide critical infrastructure owners and operators with an understanding of the tactics, techniques, and procedures (TTPs) used by malicious cyber actors.
Pages
