You are here

Home » Cybersecurity

Cybersecurity

Organizations Collaborate to Dismantle Malicious Cobalt Strike Infrastructure

Microsoft, Fortra, and Health-ISAC have announced a partnership to remove malicious copies of Cobalt Strike through legal and technical means. This includes copyright claims, targeting file sharing sites, and a court order allowing the partnership to disrupt the infrastructure that utilizes Cobalt Strike to conduct cyber attacks. Fortra’s Cobalt Strike is a popular security tool used by red teams. However, cracked and altered copies have become extremely popular for threat actors to utilize as part of ransomware attacks.

Threat Awareness – 'Proxyjacking' Could Lead to High Cloud Usage Charges for Victims

Threat actors are utilizing a new attack vector that hijacks legitimate proxyware services, which allows users to sell portions of Internet bandwidth to third parties. In large-scale attacks that exploit cloud-based systems, threat actors can use this vector, termed proxyjacking, to earn possibly hundreds of thousands of dollars per month in passive income, according to security researchers from Sysdig Threat Research Team.

Threat Awareness – PureCrypter Campaign Demonstrates Danger of Increasing Cyberattacks on Government

Menlo Labs has observed a threat actor conducting PureCrypter-enabled attacks against government agencies. Utilizing a compromised non-profit’s website, researchers tracked multiple attempts to infect government agencies through ZIP files containing PureCrypter distributed through Discord who were primed to upload a secondary payload from a compromised non-profit organization’s network. After analyzing the potential chain of infection, they found 106 other attacks that utilized similar behaviors.

Ransomware Awareness – Rorschach Demonstrates Advancements in Ransomware

Check Point Research has posted its analysis of a new strain of partially autonomous ransomware with other concerning capabilities that researchers have labeled Rorschach. Check Point assesses that this strain does not appear to be related to any other ransomware family, nor does the threat actor behind it seem to be affiliated with any other criminal groups. Rorschach is highly customizable and appears to be able to autonomously propagate itself across a victim’s network under the right circumstances.

Threat Awareness – ALPHV/BlackCat Ransomware Threat Actor Exploited Veritas Backup Flaw for Initial Access

An affiliate of the ALPHV/BlackCat ransomware group exploited three vulnerabilities in the Veritas Backup product to gain initial access to a victim’s network, according to security researchers at Mandiant. Members who use Veritas Backup Exec are encouraged to review this report and verify your systems have been patched for the exploited vulnerabilities.

Cyber Resilience – Microsoft Will Begin Blocking Dangerous Extensions in OneNote

As WaterISAC has reported multiple times since January, threat actors made a significant pivot to abusing OneNote to spread malware after Microsoft automatically blocked macros last year. Due to this surge in activity, Microsoft has announced they will begin blocking files within OneNote that contain dangerous extensions, similar to Outlook, Word, Excel, and PowerPoint. Microsoft has included 120 file types/extensions along with the capability to block additional extensions if needed.

Cyber Resilience – Majority of CISOs Concerned Over Efficacy of Insider Threat Management Programs

CSO Online has written an article about a new study commissioned by Code42 that focuses on insider risk and insider risk management (IRM). After interviewing over 700 cybersecurity professionals, analysts found that, while 72 percent of participants had an IRM program in place, 71 percent felt they would suffer an insider threat within a year – hinting at either a lack of trust in their current program or at the pervasiveness of the threat.

Pages

Subscribe to Cybersecurity