Collaborate Disseminate
New botnets, more AI in spearphishing and increases in hack-for-hire business are some of Kaspersky’s security predictions. Get extensive APT mitigation tips, too. Continue reading Kaspersky’s Advanced Persistent Threats Predictions for 2024
Another nation-state malware, Russian in origin:
In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).
The malware was built to manipulate the network communication protocols used by programmable logic controllers (PLCs) leveraged by two critical producers of PLCs for ICSs within the critical infrastructure sector, Schneider Electric and OMRON…
Continue reading PIPEDREAM Malware against Industrial Control Systems
Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates.
On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware.
“The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”…
CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. T… Continue reading Attacks on Managed Service Providers Expected to Increase
The NSA and CISA have released a document on how to harden your VPN.
Continue reading Hardening Your VPN
Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere.
Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware — Backdoor.Hartip — that Symantec has not seen being used by the group before. Among the machines compromised during this attack campaign were domain controllers and file servers, and there was evidence of files being exfiltrated from some of the compromised machines…
Continue reading Symantec Reports on Cicada APT Attacks against Japan
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Continue reading Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds. Continue reading APT Groups Finding Success with Mix of Old and New Tools
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities. Continue reading Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Advanced Persistent Threat. In name alone it sounds ominous and for good reason. Advanced […]
The post Characteristics and Challenges of Advanced Persistent Threats (APTs) appeared first on Security Boulevard.
Continue reading Characteristics and Challenges of Advanced Persistent Threats (APTs)