You are here

Home

Cybersecurity

FBI FLASH: Indicators of Compromise Associated with Hive Ransomware

The FBI has published another TLP:WHITE FLASH providing indicators of compromise associated with “Hive” ransomware. The Flash indicates that Hive ransomware, which was first discovered in June 2021 and likely operates as an affiliate-based ransomware campaign, primarily employs phishing tactics and remote desktop protocol (RDP) attacks to infiltrate a company’s network. After compromising a network, attackers exfiltrate data and encrypt files on the network before leaving a ransom note with further instructions.

Security Awareness – Convincing “UPS” Phishing Campaign Leveraged Common Website Vulnerability to Distribute Malware

Today, virtually everyone shops online and expects electronic notifications from package couriers regarding order status. That’s why a recently discovered phishing campaign, purporting to be an email from UPS, could have potentially traversed inboxes. The email states that the person’s package had an “exception” and directs them to download an invoice for pickup. Additionally, the email is filled with multiple legitimate links that mask its malicious intent.

FBI FLASH: OnePercent Group Ransomware Indicators of Compromise

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with the “OnePercent Group” ransomware. According to the FBI, the OnePercent group has used Cobalt Strike to perpetrate ransomware attacks against U.S. companies since November 2020. The group compromises victims through a phishing email containing an attachment that infects the system with the IcedID banking trojan. IcedID downloads additional software, to include Cobalt Strike. Cobalt Strike then moves laterally in the network, primarily with PowerShell remoting.

Threat Actors Exploiting Unpatched ProxyShell and PetitPotam Vulnerabilities to Deploy Ransomware

Organizations that have still not addressed the Microsoft Exchange vulnerabilities from May 2021 and the PetitPotam vulnerability from July 2021 could find themselves victim to recent exploitation activity, including the deployment of ransomware. This past weekend, the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert warning Microsoft Exchange users to patch servers against actively exploited ProxyShell vulnerabilities.

ICS/OT Vulnerability Management – Claroty Report Highlights Upward Trend of Disclosed ICS Vulnerabilities

Vulnerability management is at the core of every cybersecurity program. While managing vulnerabilities in control system environments is challenging – for a variety of reasons – it is still necessary. To make it even more challenging, if it seems the disclosure of vulnerabilities impacting ICS/OT has been more frequent than usual this year, it has.

CISA Provides Recommendations for Protecting against Information from Ransomware-caused Data Breaches

The Cybersecurity and Infrastructure Security Agency (CISA) has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. As CISA notes, these data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.

Pages

Subscribe to Cybersecurity