You are here

Home » Cybersecurity

Cybersecurity

SamSam Ransomware Attacks Continue, Focusing Mostly on U.S. Organizations

While many types of ransomware are spread indiscriminately, SamSam in used in a targeted fashion, with the threat actors spending time performing reconnaissance by mapping out the network before encrypting as many computers as possible. A successful SamSam attack will likely be highly disruptive. In the worst-case scenario, if no backups are available or if backups are encrypted by SamSam, valuable data could be lost permanently. Even if an organization does have backups, restoring affected computers and cleaning up the network will cost time and money and may lead to reputational damage.

Bitdefender Offers Free Decryption Tool for GandCrab, the Most Popular Multi-Million Dollar Ransomware of the Year

The GandCrab ransomware family emerged in late February 2018 and was quickly adopted by cybercriminals because it offered something no other ransomware family had offered before: custom ransom amounts. While the average user would be reluctant to spend as much as $500 to get their data back, organizations and companies would be far more interested in paying larger amounts of money. Currently, the most prolific versions of GandCrab are versions 4 and 5, which are estimated to have infected around 500,000 victims worldwide since July 2018.

PEPPERL+FUCHS CT50-Ex (ICSA-18-303-01)

The NCCIC has released an advisory on an improper privilege management vulnerability in PEPPERL+FUCHS CT50-Ex. CT50-Ex running Android OS v4.4 and v6.0 are affected (the original manufacturer was Honeywell). Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges and obtain access to sensitive information. An update is available that resolves this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Trend Micro Report – Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructure

Based on research using open source intelligence resources, cybersecurity firm Trend Micro explores vulnerabilities for two of the most critical infrastructure lifelines. The report, Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries (posted below), demonstrates the ease of discovering and exploiting cyber assets in the water and energy sectors. Primarily using Shodan and other basic open source intelligence (OSINT) techniques, Trend Micro discovered exposed and vulnerable HMIs.

FireEye Intelligence Report: TRITON Activity May Have Ties to Kremlin-backed Threat Actors

FireEye Intelligence has publicly disclosed information highly suggesting activity linked to TRITON is associated with a Russian government-owned technical research institution. In their recent report, FireEye explains several factors contributing to their assessment that the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; a.k.a. ЦНИИХМ) is associated with the development of the secondary malware strains (activity now dubbed TEMP.Veles by FireEye) that aided in the deployment of the primary TRITON payload last November against a Saudi Arabian Petrochemical plant.

Two New Supply Chain Attacks Revealed

Over the past week, two supply-chain attacks have come to light. The first involves VestaCP, a control-panel interface that system administrators use to manage servers. According to security firm Eset, unknown attackers compromised VestaCP servers and used their access to make a malicious change to an installer that was available for download. “The VestaCP installation script was altered to report back generated admin credentials to vestacp.com after a successful installation,” said ESET Malware Researcher Marc-Étienne M.Léveillé.

Cybersecurity Risk and Responsibility in the Water Sector (AWWA)

The American Water Works Association's (AWWA's) Cybersecurity Risk & Responsibility in the Water Sector report seeks to help water utilities understand their cybersecurity risks and what they can do to address them. In addition to discussing the significant risks cyber poses to water utilities, which involves a review of some of the most notable cyber incidents involving the sector, the report also addresses less discussed but nonetheless important aspects of cybersecurity.

Pages

Subscribe to Cybersecurity