Continuous Monitoring and Protection
All macOS users are highly recommended to not download or use pirated apps that claim to be an authentic app at a highly discounted rate. When researching apps, users should only download the app from the legitimate Apple store and from the original author of the app. https://thehackernews.com/2023/02/hackers-using-trojanized-macos-apps-to.html
Read MoreThe threat of leaking data if a ransom is not paid is a common tactic amongst ransomware actors. In this case, the group would still leak data even if ransom was paid. By using this model, the group was setting themselves up to not get paid by anyone because there would be no benefit to paying. Although this is a risk taken by companies paying a ransom, most groups do not follow this model to…
Read MoreThis new recommendation from Microsoft demonstrates how adding over-encompassing AV exclusions can negatively impact and organization’s security. Especially in the current threat landscape, many actors make use of PowerShell and malicious IIS extensions to perform their attacks. Having these exclusions in place allows for a large gap in visibility where the threat actors can go unnoticed. On top of removing these exclusions and following the other recommendations from Microsoft, it is also recommended to frequently…
Read MoreAlthough no one has claimed responsibility for the attack, if one actually took place, it is likely it was carried out by a pro-Ukrainian hacktivist group. Hacktivist groups have carried out multiple attacks on behalf of both Ukraine and Russia over the course of the conflict. Even though President Putin continues to erroneously blame the West and Ukraine for Russia’s invasion, multiple reports identified Russian backed cyber-attacks on Ukrainian organizations in the months leading up…
Read MoreSocial media sites like Facebook are common vectors for threat actors to spread malware. Due to this, it is highly recommended to avoid downloading files from social media sites, particularly in cases where the source is unknown or untrusted. Even from known sources, it is recommended to carefully vet any links or files that are shared, as the source could be compromised. It is also recommended to maintain good endpoint security controls on all devices…
Read MoreThis situation highlights the potential impact of cyber attacks on the food supply chain, which is a critical infrastructure that requires secure and resilient systems. The disruption of food supplies can have severe consequences for public health and safety, as well as economic and social stability. The continuance of ransomware attacks against businesses that are part of critical infrastructure emphasizes the need for organizations to continue to invest in cybersecurity and risk management processes, people,…
Read MoreSurvey methodology and respondent profiles The results in this report are from the Cyber Security Hub survey which we fielded to subscribers from May and June 2020 to benchmark actual results from H1 2020 vs. expectations for H2 2020. A balanced representation of the enterprise cyber security mindset, the largest segment of survey respondents (41 percent) describes their job function as cyber security. The next largest segment is IT at (27 percent) followed by corporate…
Read MoreAdvise employees not to open links arriving in unexpected SMS messages. If a business sends an unexpected text, look up their number online and call them back to verify if they sent the message. Suspicious links should only be opened in a controlled, safe environment, such as a resettable virtual machine image. That way, if the link points to malicious code, it won’t execute on a device that contains sensitive information. https://www.bleepingcomputer.com/news/security/activision-confirms-data-breach-exposing-employee-and-game-info/
Read MorePhishing continues to be a focal point of initial access for threat actors. This campaign emphasizes the importance of a phishing awareness program and monitoring processes such as PowerShell and Procdump for potential misuse or abuse. LOLBIN usage can allow attackers to blend in with normal activity. Organizations are recommended to employ detections and mitigations for the post exploitation phase of an attack to try and weed out misuse of these programs. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering
Read MoreWhile patches for new vulnerabilities are released nearly every day, it is up to organizations themselves to implement these patches. Organizations are recommended to implement the recommended patch from Vmware as quickly as feasible. All patches are recommended to be tested on selected machines ahead of deployment as per standard enterprise practices. The Threat Hunting and Managed Detection and Response (MDR) services offered by Binary Defense represent an effective way to incorporate a post-exploitation focus…
Read More