You are here

Home

Cybersecurity

Insider Threat Awareness – Study: Insider Threats Caused by Unintentional Human Error are Costly

Proofpoint published its 2022 Cost of Insider Threats Global Report analyzing costs of a wide variety of insider threat risks. On average, an insider threat incident cost $484,931 in 2022 and takes 85 days to contain, both major impacts to small and medium businesses. Furthermore, 56 percent of those incidents occur simply due to employee or third party negligence or carelessness, instead of any malicious behavior.

Ransomware Awareness – New Buhti Ransomware Leverages Leaked Code

Symantec shared an analysis report discussing a new ransomware operation called Buhti that appears to be leveraging leaked code of popular ransomware families, most notably LockBit and the defunct, Babuk. The threat actor (Blacktail) behind the campaign doesn’t appear to be linked to any other groups. Additionally, Buhti appears to have developed a custom tool for searching and exfiltrating data and archiving specified file types.

Vulnerability Awareness – Zero-Day Vulnerability Identified in Barracuda Email Security Gateway Appliances

Barracuda recently detected a zero-day vulnerability in its Email Security Gateway appliance (ESG). Successful exploitation of the vulnerability could have provided threat actors with unauthorized access to a subset of email gateway appliances. According to Barracuda, “the vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.”

OT/ICS Threat Awareness – COSMICENERGY: New OT-Focused Malware Discovered by Mandiant

Mandiant published intelligence on what is essentially the 8th known ICS-focused malware discovered. Tracked as COSMICENERGY, Mandiant assesses the malware’s capabilities and overall attack strategy appear reminiscent of the 2016 INDUSTROYER incident. Specifically, the malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.

Ransomware Resilience – Updated #StopRansomware Guide Now Available

CISA, FBI, NSA, and MS-ISAC published an update to the 2020 #StopRansomware Guide which contains additional recommended actions, resources, and tools. The #StopRansomware Guide is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.

Ransomware Trend Awareness – New Vulnerabilities Utilized in Q1 2023 Ransomware Attacks

HelpNetSecurity provided a summary on a recent report produced by researchers at Ivanti, Securin, and Cyware discussing ransomware-related vulnerabilities for Q1 2023. Twelve new vulnerabilities have become associated with ransomware over this period, 73 percent of which are trending on the deep and dark web. Eighteen ransomware-associated vulnerabilities are currently not being detected by popular scanners, and 119 are present in open-source code that multiple vendors and products utilize.

Threat Awareness – Popular Secure Email Gateways Being Bypassed by SuperMailer Demonstrates Continued Evolution and Prolificacy of Credential Phishing

Cofense has shared analysis observing the increased use of SuperMailer by threat actors deploying high-volume phishing campaigns. SuperMailer is a professional newsletter program which seems to have become equally attractive to criminals running phishing campaigns as it is to marketing professionals. Fourteen percent of all phishing emails tracked by Cofense were produced by SuperMailer in the month of May, a significant increase from the prior month where it was only 4 percent.

Threat Awareness – BEC Campaigns Now Utilizing Residential IP Addresses to Increase Legitimacy

Microsoft has posted a blog discussing a shift in business email compromise (BEC) tactics towards the use of residential IP addresses in order to make threat actors’ emails more convincing to victims. By acquiring a residential IP address alongside account credentials from the victim, criminals can make it more difficult for network defenders to track malicious activities.

Vulnerability Awareness – Cisco Releases Security Advisory for Small Business Series Switches

Given widespread use of Cisco Small Business Switches, the critical exploitability rating (CVSS 9.8), and the public availability of proof-of-concept exploit code, members are encouraged to review the Cisco security advisory for impacted components in your environment and address accordingly.

Pages

Subscribe to Cybersecurity