Attacks

Here are some recommendations on how to defend against Havoc: Keep software up to date: As with Cobalt Strike, keeping your software up to date is essential in defending against Havoc. This includes both operating systems and software applications. Use strong authentication: Implement strong authentication methods to prevent unauthorized access to your systems, and use unique and strong passwords for all accounts. Monitor network traffic: Monitor your network traffic for any unusual activity, such as…

Malicious Google Ads are becoming popular among threat actors as an infection vector for malware. Due to this, it is highly recommended to use an adblocker software when performing Google searches, particularly when searching for popular applications like Chrome or Telegram. This can help prevent a user from accidentally clicking on one of these malicious advertisement websites as opposed to the software’s legitimate site. Likewise, it is important to always double-check the URL of a…

Global joint law enforcement cooperation has been the key to taking down cyber criminals. Often operating out of several countries, threat actors are being exposed more and more due global cooperation among law enforcement. The director of the FBI stated in August 2022, that cyber threat actors have become a top priority for the FBI and other law enforcement partners. The director stated cooperation was the key to success, “We must impose consequences on cyber…

This form of attack is not novel by any means and has been successfully leveraged by many groups in the past. Perhaps the best form of prevention is to ensure that all security analysts are aware of this form of attack. Apart from spreading awareness, an organization could also ensure that their security controls are set to block files with invalid signatures from running. Additionally, ensure that RDP ports are only open on devices where…

Due to the risks involved with these vulnerabilities, these updates should be tested and pushed to production environments as soon as policies allow. These attacks require initial access to be effective, and phishing emails are the most prominent method of gaining that first foothold. Ensuring that users know the risks of phishing emails and how to detect them can help protect an organization. Remote Code Execution and Privilege Escalation vulnerabilities are inevitable with the increasing…

It is recommended to upgrade any instances of Exchange 2013 to a newer version of Exchange as soon as possible. Exchange 2013 servers can also be migrated to Microsoft’s hosted Exchange Online email and calendaring solution, available as an Office 365 subscription or as a stand-alone service. Once mailboxes, public folders, and other data are migrated, admins can remove on-premises Exchange servers and Active Directory. Microsoft recently urged customers to keep their on-premises Exchange servers…