Attacks

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).• Install updates/patch operating…

Read More

It is recommended to update all instances of OpenLightSpeed Server to the latest version as that reportedly addresses these issues. It is always advised to patch systems with the latest updates whenever they become available. Patches should only be downloaded directly from the manufactures’ websites, never from a third party as they could have nefarious software added to them. https://thehackernews.com/2022/11/multiple-high-severity-flaw-affect.html

Read More

It is important for companies to properly train employees on how to spot phishing emails. Organizations should also have detections in place to identify when malware has been downloaded. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs. https://www.bleepingcomputer.com/news/security/phishing-drops-icexloader-malware-on-thousands-of-home-corporate-devices/

Read More

This campaign highlights the difficulty of attribution in relation to threat campaigns. While the BadBazaar malware was previously tied to a campaign taking place in the Middle East in 2017, it was later tied to APT15 in 2020, and now Xi’an Tian He Defense Technology in 2022. This is likely due to this specific tool being sold as a service rather than one of the groups developing this malware themselves, which is becoming more and…

Read More

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. On top of that, keeping systems up to date with patches and keeping an up-to-date anti-virus software will help a considerable amount. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Keeping eyes out for network intrusions…

Read More

It is highly recommended to implement and maintain good email security controls, such as AV scanning and sandboxing, to help prevent phishing emails from being delivered to end users. Since the vast majority of malware is delivered via phishing emails, this step alone can help prevent a large number of malware campaigns from being unsuccessful in infecting an organization. It is also recommended to implement a blocklist of potentially suspicious email attachment file types, such…

Read More

This issue is likely to get worse before it gets better. Threat actors will continue to use the new verified check marks as a means to spread misinformation as well as attempt social engineering tactics to take advantage of individuals. Users should be wary of “verified” twitter accounts and should validate any information received from a twitter account with a secondary reliable source. Individuals should also be cautious of direct messages from verified accounts enticing…

Read More