Original release date: July 16, 2020
This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques.
Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. Attribution requires analysis of multiple variables, including location. Because threat actors can use these techniques to obfuscate their location, it is not possible to identify the true physical location of malicious activity based solely on the geolocation of Internet Protocol (IP). This Alert discusses how threat actors use these obfuscation techniques to mislead incident responders. More…
Author and pentester Vinny Troia isn’t making any friends in the criminal hacking underground, that’s for sure. In fact, just days before his keynote at SecureWorld Boston, Troia was hit with what he calls a revenge cyberattack. And he kicked off his keynote talking about it. “In my opinion, it couldn’t be more obvious that my research has hit a very deep nerve with the people that we’re about to discuss. If my research was wrong, they wouldn’t be retaliating in this way,” Troia told the online audience. And what does his research reveal? Never before seen insights into connections between several prolific hacking groups, who the key players allegedly are in real life (hint: teenagers), and the incredible number of hacks he links back to them. Hence, the retaliation. But that’s not stopping Troia. “So, game on… Read more
Quote of the Week
The apparent breach at… Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime.
— Brian Krebs, on the methods used by researcher Vinny Troia to dupe hackers
AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
Original release date: July 23, 2020
Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets. Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression. OT assets are critical to the Department of Defense (DoD) mission and underpin essential National Security Systems (NSS) and services, as well as the Defense Industrial Base (DIB) and other critical infrastructure. At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure resilience and safety of U.S. systems should a time of crisis emerge in the near term. The National Security Agency (NSA) along with the Cybersecurity and Infrastructure Security Agency (CISA) recommend that all DoD, NSS, DIB, and U.S. critical infrastructure facilities take immediate actions to secure their OT assets. Read more…
With COVID-19 ravaging the physical and digital world, and a U.S. presidential election on the horizon, cybersecurity is more critical than ever. The Biden for President Campaign apparently got the memo, recently announcing it filled the positions of CISO and CTO to address potential cybersecurity threats to the campaign. The pick for CISO was Chris DeRusha, the former CSO for the State of Michigan… Read more
What do eBay, body cameras, and hackers have in common? They are linked by this unique story about activism, encryption, and the data life cycle. Once upon a recent time, a hacker with the Twitter moniker d0tslash bought a police body camera on eBay. Actually, this story begins long before d0tslash. In 2014, as with 2020, uproar surrounding the killings of unarmed Black people ignited a movement for… Read more
Just how private is your Virtual Private Network?
The following is a sponsored message from the DaniWeb community.
Earlier this year, news broke that 500,000 of Zoom’s usernames and passwords were exposed on the Dark Web. Those passwords are likely being reused for other systems and could be used to infiltrate more data. Time to find out if your Active Directory users are using pwned passwords.
Specops Password Auditor is a FREE tool that detects password-related vulnerabilities in Active Directory. With a quick scan, you can see how many of your Active Directory users are using known-breached passwords. Other available insights include:
- Accounts with expired passwords
- Accounts with password expiration approaching
- Accounts using identical passwords
- Accounts not requiring passwords
- Accounts without a minimum password length requirement
- Stale/inactive admin accounts
“If a crook has already snuck in, got into someone’s email, and is lying low looking for a chance to swindle the whole company, how on earth do you spot the fake emails that shoudln’t be there amongst all the real ones that are still flowing normally?”