Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Guidance on Sharing Cyber Incident Information

Original release date: April 7, 2022

CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.

CISA uses this information from partners to build a common understanding of how adversaries are targeting U.S. networks and critical infrastructure sectors. This information fills critical information gaps and allows CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.  Click the fact sheet link to learn more and visit our Shields Up site for useful information.

Some things just never change – Developers do not view application security as a top priority, study finds

This is why we keeping have the breaches and cyber attacks over and over again.  Developers just can be bothered to write secure code.  Too hard, too different, too weird.  Training may help alleviate some of these issues (doubt it, you have to want to change), along with clearer directives (threats up to and including termination?) by management.

Credit agency warns weak cybersecurity defenses could hurt a company’s credit rating, even before an attack

S&P Global Credit adds cybersecurity to list of risk factors for evaluating credit scores and will use NIST standards for the evaluation process.

Google is on guard: sharks shall not pass!

When you search for Anti-Virus (AV) solutions to protect your mobile devices, you don’t expect these solutions to do the opposite i.e. make devices vulnerable to malware.

This what the Check Point Research (CPR) team encountered while analyzing suspicious applications found in Google Play. These applications pretended to be genuine AV solutions while in reality they downloaded and installed an Android Stealer called Sharkbot.

Sharkbot steals credentials and banking information. The malware implements a geofencing feature and evasion techniques that makes it stand out in the field. It also makes use of Domain Generation Algorithm (DGA), an aspect rarely used in the world of Android malware. Sharkbot lures victims to enter their credentials in windows that mimic benign credential input forms. When the user enters credentials in these windows, the compromised data is sent to a malicious server.

Sharkbot has a handful of tricks up its sleeve. It doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus.  More including TTPs, IOCs, and screen shots…

Parrot TDS takes over web servers and threatens millions

A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the world. The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites.

Parrot TDS acts as a gateway for further malicious campaigns to reach potential victims. In this particular case, the infected sites’ appearances are altered by a campaign called FakeUpdate (also known as SocGholish), which uses JavaScript to display fake notices for users to update their browser, offering an update file for download. The file observed being delivered to victims is a remote access tool.

We identified several infected servers hosting phishing sites. These phishing sites, imitating, for example, a Microsoft office login page, were hosted on compromised servers in the form of PHP scripts. The figure below shows the aforementioned Microsoft phishing observed on an otherwise legitimate site. We don’t have enough information to assign this to Parrot TDS directly. However, a significant number of the compromised servers contained phishing as well.


Top Six Advantages of ZTNA Compared to Remote Access VPN

While VPN has long served us well, the surge in remote working has highlighted the limitations of this aging technology. As such, organizations are turning to Zero Trust Network Access (ZTNA) to address their remote access challenges.

To help you understand why, we’ve put together a ZTNA buyers guide where we explore:

  •  The challenges with remote access VPN
  •  How ZTNA works
  •  The top six advantages of ZTNA over VPN
  •  What to look for in a ZTNA solution

It also introduces Sophos ZTNA and how it delivers tangible real-world benefits to visibility, protection, and response.

Download Report

What is a Password Manager

From capital letters to punctuation and numbers, most sites require long and complex passwords to best protect user information. While the benefits of added security are understandable, trying to keep track of the complicated passwords used across dozens of websites and applications can be easier said than done. Studies estimate that the average business user has 191 passwords to keep straight.

For those who struggle to manage passwords across dozens of sites, a password manager can be an excellent investment. These programs are designed to manage security by creating strong passwords and keeping them organized, and both businesses and individuals alike can make use of the protections they offer. From safeguarding confidential corporate content to keeping personal banking logins secure, a password manager can be a very valuable tool.  More…

APT Actors Target ICS/SCADA Devices

Original release date: April 13, 2022

CISA, the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), warning that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices using custom-made tools.

CISA encourages all critical infrastructure organizations to review joint CSA: APT Cyber Tools Targeting ICS/SCADA Devices and apply the recommended mitigations.







About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.