You are here

Home » Cybersecurity

Cybersecurity

FBI PIN: Spear Phishing Attack Directing Recipients to Download Fake Windows Application Impersonating a Financial Institution

The FBI has published a Private Industry Notification (PIN) advising that it in a recent spear phishing campaign, cyber actors impersonated a U.S.-based financial institution’s brand in an attempt to get recipients to download a Windows application unaffiliated with the financial institution. The unknown cyber actors tailored the campaign to spoof the financial institution through registered domains, email subjects, and an application, all appearing to be related to the institution. This product provides a threat overview and series of recommended mitigations.

Why IT-Based Ransomware Matters for ICS Operations – Colonial Pipeline Ransomware Attack

Ransomware attacks have ubiquitous relevance for all organizations, regardless of targeting set/victimology or targeted system (IT or OT) of the attributed ransomware group/family for any given incident. For every cyber threat group that claims they don’t target particular sectors or types of organizations, there are many more groups that do not espouse similar tenets. For example, while Darkside proclaims to only support targeting high-value victims capable of paying outrageous demands, many other ransomware groups are indiscriminate and opportunistic and project no such illusion.

Potential Threat Vectors to 5G Infrastructure Analysis Paper

The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), and the Cybersecurity and Infrastructure Security Agency (CISA) have published Potential Threat Vectors to 5G Infrastructure, an analysis paper that identifies and assesses risks and vulnerabilities introduced by 5G adoption. The analysis paper examined three major threat vectors in 5G: standards, the supply chain, and threats to systems architecture.

Aspiring to CIP Compliance for Water and Wastewater Utilities, Even Though You Don’t Have To

Given cross-sector dependencies with electric utilities, many water and wastewater utilities are familiar with the North American Electric Reliability Corporation (NERC) and its Critical Infrastructure Protection (CIP) Reliability Standards. Some larger and more resourced water and wastewater utilities reference NERC CIP standards as they are applicable to many cybersecurity practices.

FBI Tech Tuesday on Building a Digital Defense against Robocalls

As part of its Tech Tuesday series, the FBI's Portland, Oregon office has published an article on building a digital defense against robocalls. For this, the FBI relays a series of tips from the Federal Communications Commission (FCC). One tip is that if you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. It explains scammers often use this trick to identify potential targets.

CISA Analysis Reports: New FiveHands Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) has released an analysis report and malware analysis report of the FiveHands ransomware, which it reports was used in a a recent, successful cyberattack against an organization. These reports provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs).  They also provide CISA’s recommended mitigations for strengthening networks to protect against, detect, and respond to potential FiveHands ransomware attacks.

Password Hygiene – World Password Day, May 6, 2021

In 2004, Bill Gates prematurely postulated that passwords were dead. According to a recent DarkReading post, in 2005 security expert Mark Burnett wrote a book called Perfect Passwords, in which he floated the idea of dedicating one day in the calendar each year when everybody should change their passwords. Here we are in 2021 and passwords are still pertinent today and for the projected future.

The Ghosts of COVID-Past – Cybersecurity Considerations for Returning to Workspaces

In a heroic feat to maintain operations at a record-setting pace, countless IT and security teams rushed to provide accommodations for a new remote workforce leaving the office behind over one year ago. As we begin inhabiting those abandoned buildings there are bound to be some ghosts lurking around the office due to unintentional oversights when we left. If IT and security staff haven’t been on the premises during the past year, now is a good time to exorcise those ghosts before the masses return.

Pages

Subscribe to Cybersecurity