#NetworkDefense – Page 2

CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency

July 12, 2024 by Xynik

July 12, 2024 at 10:33AM In early 2023, a CISA red team exercise exposed significant cybersecurity gaps in a federal civilian executive branch organization. The SILENTSHIELD assessment revealed the organization’s failure to prevent and identify malicious activity, insufficient network segmentation, deficient log collection, and use of a ‘known-bad’ detection approach. Additionally, bureaucratic communication and decentralized … Read more

Addressing the Cybersecurity Vendor Ecosystem Disconnect

May 16, 2024 by Xynik

May 16, 2024 at 05:54PM The cybersecurity industry faces challenges with data integration, collaboration, and customer security. Vendors’ hypercompetitive dynamic results in complexity, while new technology increases vulnerability. Collaboration, shared standards, greater data control, and investment in cross-technology integration are essential steps to improve network defense without compromising business health. Cooperation within the industry against … Read more

Russian Hackers Target Industrial Systems in North America, Europe

May 2, 2024 by Xynik

May 2, 2024 at 08:09AM US, Canada, and UK government agencies issue recommendations to safeguard critical infrastructure from pro-Russia hacktivists’ attacks on industrial control and operational technology systems. The attacks targeted sectors like water systems, dams, energy, and agriculture primarily through vulnerable human-machine interfaces. Hackers with ties to Russian government’s Sandworm group pose physical threats, … Read more

CoralRaider attacks use CDN cache to push info-stealer malware

April 23, 2024 by Xynik

April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more

NCSC Says Newer Threats Need Network Defense Strategy

April 19, 2024 by Xynik

April 19, 2024 at 12:36PM The NCSC warns that network defense strategies must adapt to newer threats, as attackers exploit vulnerabilities in network perimeter products like firewalls and VPNs. They suggest demanding security evidence from vendors, avoiding unverified products, reducing risk in self-hosted solutions, ensuring developer accountability, and adopting a cloud-first approach to security, emphasizing … Read more

US critical infrastructure cyberattack reporting rules inch closer to reality

March 28, 2024 by Xynik

March 28, 2024 at 09:38AM New cyber incident reporting rules for critical infrastructure closer to implementation after President Biden signed CIRCIA into law in March 2022. Organizations must report substantial cyber incidents within 72 hours, including ransom payments within 24 hours. The rule faces pushback from industry due to added compliance strain on resources, according … Read more

Cybercrims: When we hit IT, they sometimes pay, but when we hit OT… jackpot

February 27, 2024 by Xynik

February 27, 2024 at 04:37AM Cybercriminals increasingly targeted the manufacturing industry with ransomware attacks last year, with 70% of industrial ransomware infections affecting manufacturing companies. Dragos CEO Robert Lee explains that manufacturing’s early adoption of IoT and connected machines, without adequate security, makes it a prime target. Furthermore, a ransomware infection at German control systems … Read more

Russian hackers shift to cloud attacks, US and allies warn

February 26, 2024 by Xynik

February 26, 2024 at 12:35PM The Five Eyes intelligence alliance issued a warning about increased targeting of cloud services by APT29, a Russian hacking group. A joint advisory by international cybersecurity agencies highlights APT29’s tactics, including compromising access credentials and exploiting dormant accounts. Recommendations for defenders include enabling multi-factor authentication and strong passwords, among others, … Read more

RansomHouse gang automates VMware ESXi attacks with new MrAgent tool

February 15, 2024 by Xynik

February 15, 2024 at 01:57PM RansomHouse’s new tool ‘MrAgent’ automates deploying its data encrypter across multiple VMware ESXi hypervisors. This ransomware targeting large organizations maximizes impact by compromising critical applications and services. Custom configurations include scheduling an encryption event and altering the hypervisor’s monitor message. The tool’s adaptation for Windows systems demonstrates intent to extend … Read more

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

January 31, 2024 by Xynik

January 31, 2024 at 03:00AM Pawn Storm, also known as APT28 and Forest Blizzard, has been utilizing brute force and stealth tactics to launch NTLMv2 hash relay attacks against high-value targets, particularly government departments, from April 2022 to November 2023. The group’s aggressive and repetitive spear-phishing campaigns mask their advanced and stealthy post-exploitation actions, often … Read more