You are here

Home » Cybersecurity

Cybersecurity

Organizational Resilience – Insider Threats

The risk posed by insider threats is increasing. Organizations routinely fall victim to cyber attacks due to both intentional and unintentional insider threats. There are two broad categories of insider threats: the malicious insider and the unwitting asset. Malicious insiders can be motivated by financial or political factors or be driven by personal grievances against an employer. They also may be a disgruntled former employee. While malicious insiders have negative intentions, unwitting assets are also a concern.

Threat Awareness – Compromised Microsoft SQL Servers Being Used to Deliver Ransomware

Threat actors have been observed compromising vulnerable Microsoft SQL servers and infecting them with FARGO ransomware. Disrupting database servers can lead to significant disruption of business operations. They are often compromised via brute force, dictionary attacks, or by exploiting unpatched vulnerabilities. According to security researchers at AhnLab, this attack chain involves downloading a .Net file and PowerShell, followed by the execution of a BAT file, which eventually leads to the deployment of the FARGO ransomware and a ransom note on a victim’s device.

Threat Awareness – Ransomware Groups Attempting to Destroy Data Rather than Encrypt to Ensure Payouts

Last week, researchers began noticing at least one ransomware group attempting to “up” the data extortion game. Researchers at Cyderes and Stairwell observed a BlackCat/ALPHV sample attempting to corrupt files within the victim’s environment rather than encrypting them and then staging the files for destruction. The data destruction functionality is being linked to Exmatter, a tool that has previously been associated with BlackMatter.

Joint Cybersecurity Advisory – Iranian State Actors Conduct Cyber Operations Against the Government of Albania

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) with technical details on cyber activity by Iranian state-sponsored threat actors that launched a destructive cyberattack against the government of Albania. Members are encouraged to review this advisory for greater understanding of adversary capabilities and behaviors and for recommended mitigations to protect systems from similar threatsirrespective of threat group or victimology.

Threat Awareness – Emotet Botnet Now Delivering Quantum and BlackCat Ransomware

The infamous Emotet botnet is now being used by attackers to deliver Quantum and BlackCat ransomware, based on a report by the cybersecurity firm AdvIntel. Emotet is a very common malware and AdvIntel has observed 1,267,598 total Emotet infections worldwide during the first nine months of 2022. Emotet typically propagates via email phishing campaigns and often hijacks email threads.

DHS Announces a Billion Dollars in Funding for First-Ever State and Local Cybersecurity Grant Program

Last week, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country. This State and Local Cybersecurity Grant Program, made possible by President Biden’s Bipartisan Infrastructure Law, provides $1 billion in funding to SLT partners over four years, with $185 million available for FY22, to support SLT efforts to address cyber risk to their information systems.

Pages

Subscribe to Cybersecurity