You are here

Home » Cybersecurity

Cybersecurity

FBI FLASH: RagnarLocker Ransomware Indicators of Compromise

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with RagnarLocker ransomware. The FLASH indicates that since January 2022, RagnarLocker ransomware has targeted at least 52 organizations across 10 critical infrastructure sectors. According to the FBI, members of the RagnarLocker group work as part of a ransomware family and frequently alter obfuscation techniques to avoid detection and prevention. The FLASH includes further technical details regarding this activity and lists recommended mitigations.

Blended (Cyber-Physical) Threat Awareness – APC Smart-UPS Devices Vulnerable to Remote Exploitation Could have Physical Impacts

UPS (uninterruptible power supply) devices are widely relied on to keep our computer networks operational during a short-term power outage and to allow for graceful shutdowns in the event of longer-term power failures. But UPS devices can be a set it and forget it part of our network. A recent trio of vulnerabilities dubbed TLStorm highlight why UPS devices shouldn’t be neglected.

Threat Awareness – Anchor Malware

Cybersecurity researchers have uncovered a new version of the Anchor malware that has been observed targeting Windows systems. Anchor is a backdoor malware that was first spotted in 2018 and helped threat actors communicate with C2 servers to ultimately deploy Conti ransomware. Anchor has been used to target multiple critical infrastructure sectors. This new variant, dubbed AnchorMail, employs an email-based C2 server and communicates via the SMTP and IMAP protocols over TLS. This helps threat actors avoid detection from common email-based security protocols.

Cybersecurity Resilience – NSA Releases Network Infrastructure Best Practices

The National Security Agency (NSA) has just released a new report, Network Infrastructure Security Guidance, to help cybersecurity professional implement network security best practices. Procedures for securing networks are constantly evolving as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Consequently, this report focuses on the design and configurations that protect against common vulnerabilities and weaknesses on existing networks.

Ransomware Resilience – NIST Publishes Ransomware Risk Management: A Cybersecurity Framework Profile

The National Institute of Standards and Technology (NIST) just published the final version of its ransomware guide, Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374), to help organizations and individuals manage the risk of ransomware incidents. This ransomware report identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware incidents. The profile can be used as a guide for understanding the ransomware threat and managing the risk from it.

Improving Phishing Awareness to Prevent Ransomware Attacks

The cybersecurity company Proofpoint recently released its annual report on user phishing awareness, vulnerability, and resilience. According to the report, 78 percent of organizations experienced email-based ransomware attacks in 2021, while 77 percent saw business email compromise attacks (BEC) increase 18 percent compared to 2020. These results demonstrate the continuing focus of adversaries to compromise users via non-technical social engineering tactics compared to exploiting technical vulnerabilities.

Ransomware Awareness – Microsoft Exchange Vulnerabilities Exploited to Deliver Cuba Ransomware

The Cuba ransomware group is exploiting Microsoft Exchange vulnerabilities to gain initial access to enterprise networks and eventually deploy ransomware, according to security researchers at Mandiant. Cuba ransomware has been around since 2019, but their activity increased in 2021 prompting the FBI to issue a FLASH advisory.

Pages

Subscribe to Cybersecurity