Attacks

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as possible• Implement monitoring of security events on…

Binary Defense has regularly covered info stealer malware. While the user experience for Stealc seems to be particularly well developed and therefore lends itself to rapid adoption as a Malware as a Service offering (MaaS), the techniques and behaviors this malware uses are not novel. Keeping Detection and Response systems (EDR/MDR/XDR/etc.) up-to-date will go a long ways discovering campaigns like this. Additionally, netflow analysis and DNS monitoring can help detect C2 and exfiltration activity. This…

The city has already taken some steps to prevent future scams, such as implementing multi-factor authentication and providing additional training for employees. However, they may also want to consider conducting regular security audits, hiring a third-party cybersecurity firm to assess their vulnerabilities, and establishing a response plan for potential future incidents. https://www.usatoday.com/story/news/nation/2023/02/17/hilliard-ohio-fires-finance-director-phishing-scam/11282093002

Although the service was launched in October 2022, it is believed to have facilitated the transfer of tens of millions of dollars from the Horizon and other North Korea-linked cyberattacks. According to data released by Chainalysis, the nation-state group sent 1,429.6 Bitcoin worth about $24.2 million to the mixer during the two months from December 2022 to January 2023. The overlaps in the wallet addresses utilized, their connections to Russia, and the similarities in how…

To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics as well as overall emerging cybersecurity risks and vulnerabilities. It is important to employ a defense-in-depth strategy to detect this activity at a different portion of the attack chain, such as detecting lateral movement or reconnaissance activity. Binary Defense’s MDR and Threat Hunting services are an excellent solution to assist with such a program. https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/

The most effective way to defend systems against Miria and other botnet infections is to change the default password to a complex password that is unique to that device. It is also recommended to download and apply security patches when the official manufacturer releases them. https://www.bleepingcomputer.com/news/security/new-mirai-malware-variant-infects-linux-devices-to-build-ddos-botnet/

Servers running the affected versions of these Fortinet products should be updated to a version that is not susceptible to these attacks. Whenever a product releases a security patch, it is important to test and implement the update as soon as possible to prevent attackers from being able to exploit vulnerabilities. A full list of affected product versions can be found in the source article. https://www.infosecurity-magazine.com/news/hackers-fake-emsisoft-certificate/

While CISA’s directive only applies to United States federal agencies, it is encouraged and best practice that organizations also follow this timeline to patch their vulnerabilities. In cybersecurity, a timely patching schedule is an important factor of securing an environment, as many threat actors will attempt to exploit recently released 0-days before organizations have a chance to patch them. On top of a timely patching schedule, it is also important to employ a defense-in-depth strategy.…