You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Cybercrime Services and Supply Chain Fueling Cyber Attacks

New research from Trend Micro sheds light on the potential factors behind the recent surge in ransomware attacks, namely, cyber-criminal marketplaces offering initial access to threat actors. Over the past two years, demand for initial access has grown so much that many dark web markets now have a dedicated “Access-as-a-Service” section. The researchers divided access brokers into three categories: opportunistic sellers, dedicated brokers whose services are often used by smaller ransomware groups, and online shops that provide RDP and VPN credentials.

Colorado Rural Electric Cooperative Suffers Ransomware Attack

A small electric cooperative was the apparent victim of a ransomware attack that caused significant disruption and damage last month. On November 7, Delta-Montrose Electric Association (DMEA) discovered a breach on its internal enterprise network. As a result of the attack, the utility lost 90 percent of its enterprise network functions and large amounts of data, including saved documents and spreadsheets.

FBI FLASH: Indicators of Compromise Associated with Cuba Ransomware

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with Cuba ransomware. The FLASH indicates that Cuba ransomware threat actors, since early November 2021, have compromised more than 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology. Cuba ransomware’s typical attack pattern begins with the distribution of the Hancitor malware.

Joint Cybersecurity Advisory: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI just released a joint cybersecurity advisory highlighting the cyber threat associated with active exploitation of a newly identified vulnerability, tracked as CVE-2021-44077, in Zoho ManageEngine ServiceDesk Plus, an IT help desk software with asset management. According to the report, the CVE-2021-44077 vulnerability is an unauthenticated remote code execution (RCE) vulnerability impacting all ServiceDesk Plus versions up to, and including, version 11305.

Security Awareness – New Phishing Campaigns Impersonate Apple and Amazon Invoices for High-Value Items

Amid greater adoption of anti-phishing software and increased awareness of phishing scams, threat actors are increasingly incorporating low-tech phone scams to spoof unknowing victims. A recent campaign involves emailing fake Amazon and Apple invoices informing recipients they have just purchased a very expensive item. The recipients are prompted to call a number in the email if they wish to get refund – a ploy that has a great deal of success as victims hastily want to stop/prevent a high-dollar charge.

Security Awareness – Emotet Propagating via Fake Software Installers

The nefarious Emotet malware, which recently reappeared, continues to evolve its propagation methods. The malware is now being delivered by malicious Windows App Installer packages that profess to be Adobe PDF software. WaterISAC previously reported on the reemergence of this malware that spreads via phishing emails and malicious attachments, and often leads to ransomware attacks.

Critical Infrastructure Resilience – Control Systems Upgrade Done Right Involves Cybersecurity

With control systems at water and wastewater utilities having been installed before cybersecurity was even a thing 20 - 30+ years ago, many utilities are now faced with having to replace those aged, insecure, and obsolete systems and devices. However, after such longevity, could there be a concern that once systems start being replaced, these new OT devices will follow a similar fate as their IT counterparts and commence on a path of having to be replaced every 5 years or less? Not necessarily.

Pages

Subscribe to Cybersecurity