IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks – by Trend Micro
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
Feb 22 2022
A cyber attack heavily impacted operations of Expeditors International
American worldwide logistics and freight forwarding company Expeditors International shuts down global operations after cyber attack
American logistics and freight forwarding company Expeditors International was hit by a cyberattack over the weekend that paralyzed most of its operations worldwide.
Expeditors company has over 18,000 employees worldwide and has annual gross revenue of around $10 billion. The company discovered the attack on February 20, 2022, it doesn’t provide details about the attack and announced to have launched an investigation into the incident.
“Expeditors International of Washington, Inc. (NASDAQ:EXPD) announced that on February 20, 2022, we determined that our company was the subject of a targeted cyber-attack. Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment.” reads the announcement published by the company. ”The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers’ shipments.”
The information publicly available on the attack suggests the company was the victim of a ransomware attack and was forced to shut down its network to avoid the threat from spreading.
The attack impacted the company’s operations, including the capability to arrange for shipments of freight or managing customs and distribution activities for our customers’ shipments.
The company hired cybersecurity experts to investigate the security breach and recover from the attack.
The company warned the incident could have a material adverse impact on our business, revenues, results of operations and reputation
“We are incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future. Depending on the length of the shutdown of our operations, the impact of this cyber-attack could have a material adverse impact on our business, revenues, results of operations and reputation.” concludes the advisory.
Cyber Attacks and the New Normal of Geopolitics
Feb 03 2022
Oil terminals in Europe’s biggest ports hit by a cyberattack
Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack.
Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after Rotterdam.
Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.
“A spokesperson for prosecutors in the northern Belgian city confirmed on Thursday they had begun an investigation earlier this week, but declined to give further details.” reported Reuters agency. “Belgian business daily De Tijd reported that terminal operator Sea-Tank had been hit by a cyber attack last Friday. The company declined to comment.
The AFP agency reported that the attackers have disrupted the unloading of barges in the affected European ports.
“There was a cyber attack at various terminals, quite some terminals are disrupted,” said Jelle Vreeman, senior broker at Riverlake in Rotterdam. “Their software is being hijacked and they can’t process barges. Basically, the operational system is down.”
The attacks were also confirmed by Europol, which is supporting the authorities in Germany, where other ports were hit by the threat actors.
“At this stage the investigation is ongoing and in a sensitive stage,” Europol spokeswoman Claire Georges said.
This week, two oil supply companies in Germany were hit by cyber-attacks that caused severe problems to petrol distribution.
The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
Jan 27 2022
Puerto Rico was hit by a major cyberattack
The Senate of Puerto Rico announced this week that it was hit by a major cyberattack that disabled its internet provider, phone system and official online page. Local and federal authorities are investigating the attack.
According to Senate President José Luis Dalmau, there is no evidence that threat actors were able to access sensitive information belonging to employees, contractors or consultants.
This isn’t the first time that Puerto Rico was hit by a cyber attack in recent years.
In March 2021, Puerto Rico Electric Power Authority (PREPA) power utility confirmed early this week that it has been hacked over the weekend.
In June 2021, a large fire at the Luma’s Monacillo electrical substation in San Juan for Puerto Rico’s new electricity provider, Luma Energy, caused major blackouts across Puerto Rico on Thursday. The same day the blackout took place, the company announced that a major DDoS attack disrupted its online services.
It is still unclear whether the fire and DDoS attack are connected.
In October 2020, Puerto Rico’s firefighting department disclosed a security breach, hackers breached its database and demanded a $600,000 ransom.
Blackout Warfare
Jan 04 2022
List of data breaches and cyber attacks in December 2021 – 219 million records breached
List of data breaches and cyber attacks in December 2021 – 219 million records breached
Luke Irwin 4th January 2022
2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards.
But before we turn our attention to 2022, we must first round out 2021 with our final monthly review of data breaches and cyber attacks. December saw 74 publicly disclosed security incidents, which accounted for 219,310,808 breached records.
You can find the full list of incidents below, with those affecting UK-based organisations listed in bold.
Additionally, we’ll also soon be publishing our latest quarterly review of security incidents, in which you can discover the latest trends and take a look back at the year as a whole.
Contents
- Cyber attacks
- Ransomware
- Data breaches
- Financial information
- Malicious insiders and miscellaneous incidents
- In other news…
Big Breaches: Cybersecurity Lessons for Everyone
Dec 17 2021
SANS 2021 Top New Attacks and Threat Report
SANS 2021 Top New Attacks and Threat Report Download
System Security Threats | Computer Science Posters
Dec 01 2021
List of data breaches and cyber attacks in November 2021 – 223.6 million records breached
Luke Irwin 1st December 2021
In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records.
With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion.
Keep an eye out for our end-of-year report in the next few weeks, where we’ll break down the findings of these lists – or subscribe to our Weekly Round-up to get the latest news sent straight to your inbox.
In the meantime, you can find the full list of security incidents below, with those affecting UK organizations listed in bold.
Contents
- Cyber attacks
- Ransomware
- Data breaches
- Financial information
- Malicious insiders and miscellaneous incidents
- In other news…
Different techniques and tools used by cyberattackers to exploit a system are thoroughly discussed and analyzed in their respective chapters.
Use promo code XMASTOOLS to redeem your 10% discount on any toolkit, but hurry – this exclusive offer ends December 5.
Toolkits are sets of documents and tools that allow you to easily create and maintain up-to-date compliance documents. Each toolkit contains:
* Pre-written policies, procedures, and templates created by industry experts that will save you time and money
* Additional tools to ensure complete coverage of the relevant standard, framework, or regulation
* Work instructions and guidance
Oct 02 2021
Baby died at Alabama Springhill Medical Center due to cyber attack
A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack.
An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its systems causing the death of the infant daughter, reported The Wall Street Journal.
According to Kidd, the Alabama hospital did not disclose that it was hit by a severe cyberattack that interfered with the care for her baby, Nicko Silar.
“Nicko suffered a severe brain injury when medical staff failed to notice the umbilical cord was wrapped around her neck because of a “lack of access to critical services and information caused by the cyberattack,” the suit said. She died nine months after the cord cut off her blood and oxygen supply.” reported The New York Post.
The hospital released a public statement about the security breach the day before the infant was born announcing it “has continued to safely care for our patients and will continue to provide the high quality of service that our patients deserve and expect.”
The 2022 Report on Healthcare Cyber Security: World Market Segmentation by City
Sep 27 2021
Port of Houston was hit by an alleged state-sponsored attack
One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems.
“The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.” reads a statement issued on Thursday by Port officials.
Cybersecurity and Infrastructure Security Agency Director Jen Easterly disclosed the attack at a Senate committee hearing Thursday morning. She believed the attack was conducted by a “nation-state actor” that exploited a zero-day flaw in a Zoho user authentication device.
“We are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,” Easterly added.
May 30 2021
These 2 attacks allow to alter certified PDF Documents
Researchers from Ruhr-University Bochum have disclosed two new attack techniques, dubbed Evil Annotation and Sneaky Signature attacks, on certified PDF documents that could potentially allow attackers to modify visible content without invalidating their digital signature. The attacks are documented in CVE-2020-35931, CVE-2021-28545, and CVE-2021-28546.
The experts presented the results of the study at the 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021).
The attacks leverage the flexibility of PDF certification that allows signing or adding annotations to certified documents under different permission levels. The experts demonstrated that the EAA technique could be effective against 15 of 26 viewer applications while the SSA could work against 8 viewers.
“The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels. Our practical evaluation shows that an attacker could change the visible content in 15 of 26 viewer applications by using EAA and in 8 applications using SSA by using PDF specification compliant exploits.” reads the post published by the researchers.
The experts explained that the certification of signed content also allows users with specific permissions set by the certifier to apply certain modifications to the PDF document. This means that the user could write text to specific form fields, provide annotations, or add its own signature if permitted by the certifier.
The idea behind Evil Annotation Attack (EAA) is to modify a certified document by inserting annotations that include malicious code.
“The idea of the Evil Annotation Attack (EAA) is to show arbitrary content in a certified document by abusing annotations for this purpose. Since P3 certified document allow to add annotations, EAA breaks the integrity of the certification.” continues the post.
The idea behind the Sneaky Signature Attack (SSA) is to manipulate the appearance of arbitrary content within the PDF by adding overlaying signature elements to a PDF document that is certified at level P2, which means that it allows to fill forms.
These 2 attacks allow to alter certified PDF Documents
May 04 2021
Hospital Operator Takes Network Offline After Major Cyberattack
A Californian hospital operator has made the move to take is network offline after it was hit by a major cyberattack.
Reports state that the Scripps Health computer network that operates across half a dozen hospitals and a number of outpatient facilities in the San Diego, California area was forced to move to offline procedures after hackers launched a major cyberattack.
The Californian hospital operator says it has contacted law enforcement and government agencies of the cyberattack, but failed to mention specifics of the departments it has informed of the potential data breach.
Hospital Operator Takes Network Offline After Major Cyberattack
Data Protection and Privacy in Healthcare
Apr 20 2021
The cost of a cyber attack in 2021
It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices.
And, of course, there is the threat of cyber attacks. According to a UK government survey, 39% of UK businesses came under attack in the first quarter of 2021, with many incidents causing significant damage.
The specific costs will depend on the sophistication of the attack and how well executed it was.
For example, a DDoS (distributed denial-of-service) attack could knock systems offline for a few hours, creating a frustrated workforce and unhappy customers – but otherwise the cost would be comparatively low.
By contrast, an attacker who infects an organisation’s systems with ransomware could cripple them for days or even weeks. The cost of recovery, not to mention the ransom payment (if the organisation pays up) could result in losses of several million pounds.
For an estimate of how much cyber security incidents cost, a Ponemon Institute study found that organisations spend $3.86 million (about £2.9 million) per incident.
However, it notes that organisations can cut this cost dramatically by addressing four key factors:
- Incident detection
By implementing measures such as audit logs and forensics analysis, you will be able to spot breaches sooner and identify the full extent of the damage. The faster you do this, the less damage the attacker can cause.
- Lost business
This relates to both the direct damage caused by the breach – such as system downtime preventing you from completing processes – as well as long-term damage, such as customer churn and reputational loss.
Organisations that are better equipped to continue operating while under attack will be able to reduce lost business.
- Notification
This relates to the costs involved in disclosing incidents. For example, organisations may be required to contact affected data subjects, report the breach to their data protection authority and consult with outside experts.
- Ex-post response
These are the costs associated with recompensing affected data subjects, as well as the legal ramifications of the incident. It includes credit monitoring services for victims, legal expenses, product discounts and regulatory fines.
Recognise, respond, recover
Navigating the cyber threat landscape has never been harder, but you will make life a lot easier by planning for disaster before it occurs.
The Cyber Security Breaches Survey 2021 found that directors and senior staff are placing a greater emphasis on data protection, but that doesn’t just mean preventing breaches. It also requires organizations to create processes to recognize, respond to and recover from incidents.
If the path to safety has been mapped out in advance, you can remain calm in the face of disaster and follow processes and policies that you have worked on and can trust.
If you’re looking for help creating that documentation, IT Governance can help steer you in the right direction. We offer a range of data protection and cyber security training, tools, software and consultancy services – all of which can be delivered remotely.
You may be particularly interested in our Business Continuity Pandemic Response Service, which is tailored to help you address cyber attacks and other disruptions while operating with a dispersed workforce.
Whether your workforce is cautious about returning to the office as lockdown ends or you’re offering staff the opportunity to work remotely on a permanent basis, we have you covered.
Apr 19 2021
Alarming Cybersecurity Stats: What You Need To Know For 2021
The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others, highlighted both the threat and sophistication of those realities.
The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.
To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.
There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.
Top Resources for Cybersecurity Stats:
If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:
300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)·
The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal
134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis
Source: The State of Cybersecurity Readiness:
Cyber-Security Threats, Actors, and Dynamic Mitigation
Related article:
Top Cyber Security Statistics, Facts & Trends in 2022
👇 Please Follow our LI page…
DISC InfoSec
#InfoSecTools and #InfoSectraining
Apr 09 2021
How do I select an attack detection solution for my business?
When selecting an attack detection solution, no single product will provide the adequate detection needed that is required to detect and defend against the current advanced threat landscape. The holistic aspect of defending against threat actors requires technology, expertise, and intelligence.
The technology should be a platform of integrated technologies providing detection at each point of entry that a threat actor may use such as email, endpoint, network, and public cloud. These should not be disparate technologies that don’t work together to holistically defend the organization.
We must use technologies that can scale against threat actors that have a very large number of resources. The technology should also be driven by intelligence cultivated from the frontlines where incident responders have an unmatched advantage. It is also important to remember that post-exploitation, threat actors masquerade as your own employee’s making it difficult to know legitimate from non-legitimate activity occurring on the network or your endpoints.
This is where intelligence and expertise is extremely valuable to determine when a threat actor is operating within the organization. Being able to identify the threat actors “calling card” and potential next moves, is paramount. While many solutions will claim they defend against advanced threats, it is important to understand the experience that a vendor has and how that is included into their product offering.
How do I select an attack detection solution for my business?
Mar 22 2021
FCC Boots Chinese Telecom Companies, Citing Security
he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.
The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”
In June 2020, the FCC designated both ZTE and Huawei as national security threats. “… [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services. The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”
ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.
FCC Boots Chinese Telecom Companies, Citing Security
Mar 22 2021
How to stay ahead of the rise of synthetic fraud
There are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.
Synthetic fraud on the rise
Banks around the world have faced difficulty in recognizing this type of complex fraud. Synthetic identity fraudsters are expert cybercriminals. They make use of the dark web to acquire legitimate personal information which they then blend with falsified information. They will then use this newly formed identity to establish a positive credit report and spend or borrow until they’ve maxed out their spending abilities.
They will often have multiple synthetic identities in play simultaneously to maximize the impact of their efforts. And it is hard to detect because these synthetic identities even have genuine profiles with the credit bureaus which the fraudsters creatively engineer.
An economic environment primed for fraud
Due to the economic toll the coronavirus pandemic has taken on the world, global GDP is expected to be negative this year. As a result, there has been and will continue to be an increase in the size of the banks’ loan portfolios, as businesses that are struggling to manage working capital requirements in a challenging commercial climate seek new lines of credit. The same demand for additional credit is similarly anticipated for retail customers.
As such, it will be easier to hide fraud within an environment where there is more lending activity, a larger portfolio to monitor and more losses to recover. This environment allows criminals to hide inside the noise of economic turmoil, while financial institutions struggle to cope with the sheer volume of applications, overwhelmed with the amount of identity checking they have to undertake.
It will also become harder to differentiate between delinquencies and defaults from genuine customers in distress and deliberate attacks from fraudsters as these loans come due for repayment.
Further, more individuals may be tempted to turn to fraud to maintain their lifestyles in an environment where they’ve lost jobs, financial security and are dealing with other economic difficulties.
How to stay ahead of the rise of synthetic fraud
Feb 26 2021
Microsoft releases open-source CodeQL queries to assess Solorigate compromise
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack
In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.
The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.
The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor, likely Russian in origin.
According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert the Sunburst backdoor into the supply chain of the SolarWinds Orion monitoring product.
Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released the source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated with Solorigate.
“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.” reads the blog post published by Microsoft. “We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.”
Microsoft releases open-source CodeQL queries to assess Solorigate compromise
« Previous Page — Next Page »
