What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-19 13:00:00 | How Risk-Based Vulnerability Management Is a Game-Changer for OT Cybersecurity (lien direct) | >From legacy systems to the convergence of OT, IT, and IoT, the attack surface is expanding, and traditional IT security...
The post How Risk-Based Vulnerability Management Is a Game-Changer for OT Cybersecurity first appeared on Dragos.
>From legacy systems to the convergence of OT, IT, and IoT, the attack surface is expanding, and traditional IT security... The post How Risk-Based Vulnerability Management Is a Game-Changer for OT Cybersecurity first appeared on Dragos. |
Vulnerability Industrial | ★★ | |
 |
2024-12-19 08:13:32 | How to Create an Effective Merged IT/OT SOC (lien direct) | >A security operations center (SOC) is the nerve center of a network, monitoring traffic, devices, anomalies and alerts...
>A security operations center (SOC) is the nerve center of a network, monitoring traffic, devices, anomalies and alerts... |
Industrial | ★★ | |
 |
2024-12-18 18:56:30 | (Déjà vu) Hidden in Plain Sight: TA397\'s New Attack Chain Delivers Espionage RATs (lien direct) | #### Targeted Geolocations - Türkiye #### Targeted Industries - Defense Industrial Base ## Snapshot Proofpoint recently observed TA397, an advanced persistent threat (APT) group also known as Bitter, targeting a Turkish defense organization using spearphishing emails. The campaign leveraged lures related to public infrastructure projects in Madagascar, containing RAR archives with NTFS alternate data streams (ADS). These ADS streams delivered a malicious shortcut (LNK) file, which executed PowerShell commands to create a scheduled task for downloading additional payloads. ## Description In this attack, TA397 deployed two remote access trojans (RATs): WmRAT and MiyaRAT, both designed for intelligence gathering and data exfiltration. WmRAT is a C++-based backdoor capable of executing commands, capturing screenshots, determing geolocation data, and stealing system information. MiyaRAT, also written in C++, offers similar functionality. According to Proofpoint, this attack aligns with TA397\'s established tactics, which include using RAR archives and scheduled tasks for persistence, targeting defense sector organizations in the EMEA and APAC regions, and leveraging RATs historically attributed to the group. Notably, MiyaRAT appears to be reserved for high-value targets, as evidenced by its limited use. Proofpoint assesses that TA397\'s activities are likely intelligence-gathering efforts in support of a South Asian government. The group\'s consistent focus on the defense, energy, and engineering sectors in EMEA and APAC regions underscores their ability to adapt tools and techniques to target high-value entities effectively. ## Microsoft Analysis and Additional OSINT Context TA397, also known as [Bitter and T-APT-17](https://attack.mitre.org/groups/G1002/), is a likely South Asian cyber espionage threat group, active since at least 2013. The[group\'s targets](https://blog.talosintelligence.com/bitter-apt-adds-bangladesh-to-their/) have included organizations within the energy, engineering, government, and military sectors of China, Bangladesh, Pakistan, and Saudi Arabia, among others. The group is primarily motivated by espionage and has been observed targeting both mobile and desktop platforms. TA397 has used a number of RATs including Bitter RAT, SlideRAT, AndroRAT, and Almond RAT in addition to WmRAT and MiyaRAT, mentioned above. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection) is enabled in Microsoft Defender for Endpoint. - Enable [ne | Ransomware Malware Tool Threat Mobile Industrial | ★★★ | |
|
2024-12-18 13:23:33 | New Forescout research details persistent malware threats to OT/ICS engineering workstations (lien direct) | >Forescout Technologies has analyzed data from a public malware repository, revealing a persistent presence of malware targeting operational...
>Forescout Technologies has analyzed data from a public malware repository, revealing a persistent presence of malware targeting operational... |
Malware Industrial | ★★ | |
 |
2024-12-18 09:49:24 | Building An ICS/OT Threat Detection Strategy (lien direct) | >Learn how to build a tailored ICS/OT threat detection strategy to safeguard critical infrastructure. Explore Sygnia\'s four-phase framework: Know, Assess, Plan, and Optimize.
>Learn how to build a tailored ICS/OT threat detection strategy to safeguard critical infrastructure. Explore Sygnia\'s four-phase framework: Know, Assess, Plan, and Optimize. |
Threat Industrial | ★★★ | |
|
2024-12-17 13:00:00 | Dragos Industrial Ransomware Analysis: Q3 2024 (lien direct) | >Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary...
The post Dragos Industrial Ransomware Analysis: Q3 2024 first appeared on Dragos.
>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q3 2024 first appeared on Dragos. |
Ransomware Threat Industrial | ★★ | |
|
2024-12-16 12:50:03 | Weekly OSINT Highlights, 16 December 2024 (lien direct) | ## Snapshot Last week\'s OSINT reporting highlighted a diverse range of cyber threats, emphasizing sophisticated malware, targeted attacks, and global threat actor activities. Credential theft and data exfiltration emerged as prominent attack types, as seen in campaigns like Bizfum Stealer and Meeten malware targeting cryptocurrency users. Phishing remained a key attack vector, deployed in operations like UAC-0185\'s MeshAgent campaign against Ukraine and APT-C-60\'s SpyGlace backdoor targeting Japan. Nation-state actors dominated the landscape, including North Korea\'s UNC4736 exploiting DeFi systems and China\'s espionage on critical industries, while hacktivists like Holy League targeted France amid geopolitical unrest. The attacks primarily focused on sensitive targets such as critical infrastructure, financial systems, and government entities, underscoring the rising risks to global cybersecurity. ## Description 1. [Bizfum Stealer:](https://sip.security.microsoft.com/intel-explorer/articles/b522b6ae) CYFIRMA researchers discovered "Bizfum Stealer," an advanced information-stealing malware designed to exfiltrate credentials, cookies, and sensitive files from infected systems. Targeting popular browsers and leveraging platforms like GoFile and Telegram, it employs sophisticated techniques for stealth, encryption, and evasion. 1. [IOCONTROL Malware:](https://sip.security.microsoft.com/intel-explorer/articles/5fa3e494) Team82 identified IOCONTROL, a modular malware linked to Iran\'s IRGC-CEC, targeting IoT and OT devices to disrupt fuel systems in the U.S. and Israel. The malware uses advanced techniques, including DNS-over-HTTPS and AES-256-CBC encryption, to evade detection while compromising critical infrastructure. 1. [Kimsuky\'s Million OK Campaign:](https://sip.security.microsoft.com/intel-explorer/articles/d1e1ee65) Hunt researchers uncovered infrastructure tied to North Korea\'s APT group Kimsuky, which employed domains mimicking South Korea\'s Naver platform to steal credentials. The campaign\'s infrastructure used distinctive HTTP responses, shared server configurations, and phishing techniques to target South Korean users. 1. [UNC4736 Cryptocurrency Heist](https://sip.security.microsoft.com/intel-explorer/articles/3a647a38): Mandiant attributed the $50 million cryptocurrency theft from Radiant Capital to North Korea\'s UNC4736. The attackers used malware to compromise trusted developers, executing unauthorized transactions that exploited DeFi multi-signature processes while bypassing robust security measures. 1. [PUMAKIT Malware Report](https://sip.security.microsoft.com/intel-explorer/articles/a16902ac): Elastic Security Labs detailed PUMAKIT, a modular Linux malware employing fileless execution, kernel rootkits, and syscall hooking for stealth and persistence. Its sophisticated architecture allows it to manipulate system behaviors, evade detection, and target older kernel versions with privilege escalation capabilities. 1. [Android Banking Trojan in India](https://sip.security.microsoft.com/intel-explorer/articles/5ff566b7): McAfee researchers uncovered a trojan targeting Indian Android users, masquerading as utility apps and stealing financial data via malicious APKs distributed on platforms like WhatsApp. The malware exfiltrates data using Supabase and employs stealth tactics, compromising over 400 devices and intercepting thousands of SMS messages. 1. [DarkGate Malware via Teams Call](https://sip.security.microsoft.com/intel-explorer/articles/5cac0381): Trend Micro identified an attack leveraging Microsoft Teams to distribute DarkGate malware through social engineering and remote desktop applications. The attacker used vishing to gain trust and access, deploying malware with persistence and evasion techniques before being intercepted. 1. [Socks5Systemz Botnet Resurgence](https://sip.security.microsoft.com/intel-explorer/articles/15cfbc2f): Bitsight TRACE uncovered the long-standing Socks5Systemz botnet, which peaked at 250,000 compr | Ransomware Malware Tool Vulnerability Threat Legislation Mobile Industrial Prediction Cloud | APT C 60 | ★★ |
 |
2024-12-16 12:14:35 | Empowering Manufacturing Security: OTORIO and Cyberscope\\'s Collaborative Approach to OT Cyber Resilience (lien direct) | Empowering Manufacturing Security: OTORIO and Cyberscope\'s Collaborative Approach to OT Cyber Resilience
-
Opinion
Empowering Manufacturing Security: OTORIO and Cyberscope\'s Collaborative Approach to OT Cyber Resilience - Opinion |
Industrial | ★★ | |
|
2024-12-15 08:02:17 | 2024 in retrospect: Lessons learned and cyber strategies shaping future of critical infrastructure (lien direct) | As the curtain closes on 2024, the critical infrastructure and OT (operational technology) sectors reflect upon a year...
As the curtain closes on 2024, the critical infrastructure and OT (operational technology) sectors reflect upon a year... |
Industrial | ★★★ | |
 |
2024-12-13 23:56:13 | Iran-linked crew used custom \\'cyberweapon\\' in US critical infrastructure attacks (lien direct) | IOCONTROL targets IoT and OT devices from a ton of makers, apparently An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.…
IOCONTROL targets IoT and OT devices from a ton of makers, apparently An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.… |
Malware Industrial | ★★ | |
|
2024-12-13 23:02:14 | Inside a New OT/IoT Cyberweapon: IOCONTROL (lien direct) | #### Targeted Geolocations - Israel - United States - Middle East - North America ## Snapshot Team82 has obtained a sample of IOCONTROL, a custom-built malware targeting western IoT and OT devices, including PLCs, HMIs, and Linux-based platforms. Its modular design allows it to affect devices from various vendors. Team82 reports that the malware has been tied to the CyberAv3ngers, a group linked to Iran\'s IRGC-CEC. This malware has been leveraged in significant geopolitical cyberattacks, including the compromise of fuel management systems in the United States and Israel. ## Description The group using the IOCONTROL malware targeted Orpak Systems, affecting 200 gas stations in Israel and the U.S., and leaked management portal screenshots and sensitive databases. They used the tylarion867mino\[.\]com domain to establish command-and-control infrastructure for compromised devices. IOCONTROL malware was found on Orpak-associated Gasboy fuel systems, hiding within payment terminals. This granted attackers control to disrupt fuel services and potentially steal customer payment data. The analyzed IOCONTROL malware was designed for ARM 32-bit Big Endian architecture, utilizing in-memory unpacking to hide its payload. Researchers employed the Unicorn emulation engine to safely analyze the malware, tracing its execution flow and handling syscall invocations to prevent harm to testing environments. The malware appeared to use a modified UPX packer, evidenced by unique byte sequences like "ABC!" in place of the standard UPX signature, suggesting efforts to evade detection. Despite this, researchers successfully unpacked and analyzed the malware, revealing its sophisticated design. The IOCONTROL malware includes an encrypted configuration section containing critical parameters like file paths and IP addresses. Each configuration entry is encrypted using AES-256-CBC, with keys and initialization vectors (IVs) derived from a GUID. Researchers identified flaws in the attackers\' implementation, including oversized keys and IVs, which limited their actual use in the decryption process. Unique GUIDs allow the malware to distinguish between victims and campaigns. After extracting the encryption details, researchers decrypted the configuration, revealing identifiers such as "Orpak," tying the malware to specific IoT vendor targets. The IOCONTROL malware uses DNS-over-HTTPS (DoH) to resolve its command-and-control (C2) domain, avoiding detection by encrypting DNS traffic. It ensures persistence by installing a backdoor and storing itself under /usr/bin. The malware communicates with its C2 via the MQTT protocol on port 8883, authenticating using GUID-derived credentials. Upon connection, it sends a "hello" message with device details and subscribes to a specific topic for receiving commands. Supported commands include system actions, with responses published back to the C2. This design enhances stealth and functionality for IoT environments. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this activity: - Review web-facing assets and services using tools like[Microsoft Defender External Attack Surface Management](https://www.microsoft.com/security/business/cloud-security/microsoft-defender-external-attack-surface-management), which continuously discovers and maps a digital attack surface to provide an external view of an organization\'s online infrastructure. Ensure that unneeded, unintended, or potentially insecure protocols are not widely accessible from the Internet. - Reduce your attack surface by eliminating unnecessary internet connections to IoT devices in the network. Apply network segmentation to prevent an attacker from moving laterally and compromising assets after intrusion. IoT and critical device networks should be isolated with firewalls and [placed behind a VPN](https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-vpn). - Adopt a comprehensive IoT and OT soluti | Malware Tool Industrial | ★★ | |
 |
2024-12-13 17:14:00 | Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (lien direct) | Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States.
The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable
Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable |
Malware Threat Industrial | ★★★★ | |
|
2024-12-13 15:00:00 | OT Cybersecurity Best Practices for SMBs: Identity and Access Management in OT (lien direct) | >This blog is part of a blog series detailing best practices for operational technology (OT) cybersecurity for under-resourced organizations by...
The post OT Cybersecurity Best Practices for SMBs: Identity and Access Management in OT first appeared on Dragos.
>This blog is part of a blog series detailing best practices for operational technology (OT) cybersecurity for under-resourced organizations by... The post OT Cybersecurity Best Practices for SMBs: Identity and Access Management in OT first appeared on Dragos. |
Industrial | ★★ | |
 |
2024-12-13 11:15:00 | Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems (lien direct) | IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty |
Malware Industrial | ★★ | |
|
2024-12-13 10:18:04 | Iran-linked IOCONTROL malware targets critical IoT/OT infrastructure in Israel, US (lien direct) | >Researchers from Claroty\'s Team82 arm have obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by...
>Researchers from Claroty\'s Team82 arm have obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by... |
Malware Industrial | ★★ | |
|
2024-12-12 22:03:04 | Hacktivist Alliances Target France Amidst Political Crisis (lien direct) | #### Targeted Geolocations - France ## Snapshot Cyble Research & Intelligence Labs (CRIL) observed that hacktivist groups have targeted France amidst political instability, using a coordinated cyber campaign. The "Holy League" alliance -- comprised of ideologically diverse groups like pro-Russian NoName057(16), pro-Islamic Mr. Hamza, and pro-Palestinian Anonymous Guys -- launched these attacks in response to France\'s support for Ukraine and Israel. ## Description Between December 7 and December 10, 2024, the "Holy League" executed a series of cyberattacks, including DDoS operations, defacements, unauthorized access to ICS and CCTV systems, and data breaches targeting French governmental and industrial entities. NoName057(16) and the People\'s Cyber Army concentrated their efforts on the official websites of French cities and private organizations, including the major financial corporation AXA. Mr. Hamza targeted high-value governmental institutions like the Ministry of Foreign Affairs, while Anonymous Guys focused on several ministries. These attacks disrupted critical infrastructure and governmental operations, demonstrating the alliance\'s unified strategy. The campaign leveraged France\'s political crisis, marked by a no-confidence vote against Prime Minister Michel Barnier and increasing pressure on President Macron. Pro-Russian and pro-Islamic actors worked together, breaching SCADA systems, defacing websites, and exfiltrating sensitive data. The Holy League has threatened to launch additional attacks against other countries, including Germany. ## Microsoft Analysis and Additional OSINT Context Hacktivists and DDoS attacks have emerged as increasingly potent tools in geopolitical struggles, often used to disrupt services and amplify political messages. These attacks, frequently accompanied by influence operations, target governments and private entities alike to exert psychological pressure and provoke unrest. For instance, the Russian hacktivist group NoName057(16), alongside pro-Russian groups like the Cyber Army of Russia Reborn, [launched DDoS campaigns against South Korean government agencies](https://sip.security.microsoft.com/intel-explorer/articles/8eac574e) in November 2024. These operations retaliated against South Korea\'s political stance on weapon supplies to Ukraine. Similarly, Russian operators like [UNC5812](https://sip.security.microsoft.com/intel-explorer/articles/bfdf1409) and campaigns such as [Operation Undercut](https://sip.security.microsoft.com/intel-explorer/articles/ca4c0b91) extend these efforts into influence domains, using malware, AI-generated disinformation, and hybrid tactics to erode trust in institutions and exploit societal divisions. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of the threats of DDoS attacks. - Avoid having a single virtual machine backend so that it is less likely to get overwhelmed. [Azure DDoS Protection](https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview?ocid=magicti_ta_learndoc "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview?ocid=magicti_ta_learndoc") covers scaled-out costs incurred for all resources during an attack, so configure autoscaling to absorb the initial burst of attack traffic while mitigation kicks in. - Use [Azure Web Application Firewall](https://learn.microsoft.com/azure/web-application-firewall/overview?ocid=magicti_ta_learndoc "https://learn.microsoft.com/azure/web-application-firewall/overview?ocid=magicti_ta_learndoc") to protect web applications. When using Azure WAF: 1. Use the bot protection managed rule set for additional protections. See the article on [configuring bot protection](https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection "https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection"). 2. Create custom rules to block traffic from IP addresses and ranges that you identify as malicious; block, rate l | Malware Tool Threat Industrial | ★★★ | |
 |
2024-12-12 15:46:32 | New IOCONTROL malware used in critical infrastructure attacks (lien direct) | Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...]
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...] |
Malware Threat Industrial | ★★★ | |
|
2024-12-12 13:00:19 | DeNexus expands DeRISK solution to boost physical security for data centers, justifying cybersecurity investments (lien direct) | DeNexus, a vendor of end-to-end cyber risk management for OT (operational technology), announced the expansion of its cyber...
DeNexus, a vendor of end-to-end cyber risk management for OT (operational technology), announced the expansion of its cyber... |
Industrial | ★★★ | |
|
2024-12-11 10:36:52 | Securing the Future: A Comprehensive Guide to Industrial Cyber Risk Management (lien direct) | >Rising convergence of OT and IT in today’s interconnected industrial landscape evidently brings about heightened innovation and efficiency...
>Rising convergence of OT and IT in today’s interconnected industrial landscape evidently brings about heightened innovation and efficiency... |
Industrial | ★★★ | |
 |
2024-12-11 10:18:33 | STCC : la montée en puissance d\'un service de look-up à l\'échelle industrielle (lien direct) | Le service pirate STCC propose des capacités de look-up industriel avancées, gagnant en popularité sur les forums cybercriminels....
Le service pirate STCC propose des capacités de look-up industriel avancées, gagnant en popularité sur les forums cybercriminels.... |
Industrial | ★★★ | |
|
2024-12-11 10:14:18 | Nozomi detects 12 security flaws in Phoenix Contact mGuard industrial router, risking remote code execution (lien direct) | Researchers from Nozomi Networks Labs analyzed a Phoenix Contact mGuard industrial router, uncovering 12 vulnerabilities during a comprehensive...
Researchers from Nozomi Networks Labs analyzed a Phoenix Contact mGuard industrial router, uncovering 12 vulnerabilities during a comprehensive... |
Vulnerability Industrial | ★★★ | |
|
2024-12-10 14:45:00 | Utility Companies Face 42% Surge in Ransomware Attacks (lien direct) | The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems
The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems |
Ransomware Industrial | ★★ | |
|
2024-12-09 19:14:09 | Exploring the Use of Multi-Vendor Firewalls in OT Network Security (lien direct) | >The use of multiple firewall products from different vendors in operational technology (OT) networks has sparked significant debate in the...
The post Exploring the Use of Multi-Vendor Firewalls in OT Network Security first appeared on Dragos.
>The use of multiple firewall products from different vendors in operational technology (OT) networks has sparked significant debate in the... The post Exploring the Use of Multi-Vendor Firewalls in OT Network Security first appeared on Dragos. |
Industrial | ★★★ | |
|
2024-12-09 15:40:00 | Targeted cyberattacks UAC-0185 against the Defense Forces and enterprises of the defense industry of Ukraine (lien direct) | #### Targeted Geolocations - Ukraine ## Snapshot Ukrainian authorities have uncovered a cyber campaign by UAC-0185 (UNC4221), targeting Ukrainian defense and industrial sectors with malicious emails impersonating the Ukrainian Union of Industrialists and Entrepreneurs (ULIE). The campaign leverages phishing emails containing malicious hyperlinks that lead to the deployment of the remote management tool MeshAgent, aiming to steal credentials and establish unauthorized access to military and enterprise systems. ## Description On December 4, 2024, the Computer Emergency Response Team of Ukraine (CERT-UA) received reports of phishing emails sent under the guise of ULIE, promoting a conference on transitioning Ukrainian defense industry products to NATO technical standards. These emails contained a hyperlink that, when clicked, downloaded a malicious LNK file, which executed an HTA file through mshta.exe. The HTA file utilized PowerShell commands to download and execute additional files, including a ZIP archive with three components: a batch file (Main.bat), another HTA file (Registry.hta), and an executable (update.exe). This sequence culminated in the execution of "update.exe," identified as MESHAGENT, a remote management tool. ## Microsoft Analysis and Additional OSINT Context The abuse of remote monitoring and management (RMM) tools by both cybercriminals and nation-state actors represents a significant and growing threat. MeshAgent is an open-source [remote management tool](https://sip.security.microsoft.com/intel-explorer/articles/9782a9ef) that has been exploited by various threat actors to gain unauthorized access to victims\' computers. It can gather essential system information for remote management and offers features like power and account management, chat or message pop-ups, file transfer, and command execution. Additionally, it supports web-based remote desktop capabilities such as RDP and VNC. While users can utilize this tool for legitimate remote system management, these features are also highly attractive to malicious actors. For example, in August, [CERT-UA reported](https://sip.security.microsoft.com/intel-explorer/articles/560ec243) on a mass phishing campaign that led to the delivery of AnonVNC malware, which is derived from MeshAgent. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Review our technique profile on [abuse of remote monitoring and management tools](https://sip.security.microsoft.com/intel-explorer/articles/9782a9ef) for blocking and hunting for tools like MeshAgent. - Pilot and deploy [phishing-resistant authentication methods for users.](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods?ocid=magicti_ta_learndoc) - Configure Microsoft Defender for Office 365 to [recheck links on click.](https://learn.microsoft.com/en-us/defender-office-365/safe-links-about?ocid=magicti_ta_learndoc) Safe Links provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages, other Microsoft 365 applications such as Teams, and other locations such as SharePoint Online. Safe Links scanning occurs in addition to the regular [anti-spam](https://learn.microsoft.com/en-us/defender-office-365/anti-spam-protection-about?ocid=magicti_ta_learndoc) and [anti-malware](https://learn.microsoft.com/en-us/defender-office-365/anti-malware-protection-about?ocid=magicti_ta_learndoc) protection in inbound email messages in Microsoft Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links used in phishing and other attacks. - Encourage users to use Microsoft Edge and other web browsers that support [Microsoft Defender SmartScreen](https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-smartscreen?ocid=magicti_ta_learndoc), which identifies and blocks malicious websites, including phishing sites, sca | Malware Tool Threat Industrial Conference Technical | ★★★ | |
|
2024-12-09 14:01:21 | New Ordr report reveals rising threat of unmanaged IoT and OT devices endangers enterprises (lien direct) | >A recent report from Ordr has revealed the increasing dangers posed by unmanaged, agentless assets. The report emphasizes...
>A recent report from Ordr has revealed the increasing dangers posed by unmanaged, agentless assets. The report emphasizes... |
Threat Industrial | ★★★ | |
|
2024-12-09 12:22:03 | Weekly OSINT Highlights, 9 December 2024 (lien direct) | ## Snapshot Last week\'s OSINT reporting highlights a diverse range of cyber threats spanning ransomware, espionage, supply chain attacks, and disinformation campaigns. Espionage activity remains prominent, with Chinese and Russian actors targeting organizations for geopolitical and industrial intelligence. Key trends include the exploitation of vulnerabilities in widely used software, such as Apache ActiveMQ (CVE-2023-46604) and Docker APIs, and advanced malware like SmokeLoader and MOONSHINE to target industries ranging from manufacturing to financial services. Ransomware groups, including Howling Scorpius and Venom Spider, leverage sophisticated techniques like double extortion and hybrid encryption, focusing on SMBs and enterprises. Targets span global industries, including sensitive infrastructure, while attack vectors predominantly involve phishing, misconfigured systems, and supply chain manipulation, underscoring the adaptability and persistence of modern threat actors. ## Description 1. [Manufacturing Sector Cyberattack](https://sip.security.microsoft.com/intel-explorer/articles/d976ecc3): Cyble Research and Intelligence Labs uncovered a campaign targeting the manufacturing sector with malicious LNK files masquerading as PDFs. The attack employs LOLBins, DLL sideloading, and advanced obfuscation techniques, using tools like Lumma stealer and Amadey bot to exfiltrate data and establish persistence. 1. [Phishing Malware Impersonating the National Tax Service (NTS)](https://sip.security.microsoft.com/intel-explorer/articles/6542e5a4): AhnLab has observed a significant increase in phishing emails impersonating the National Tax Service (NTS), particularly during tax filing periods. These phishing attempts involve emails with manipulated sender addresses to appear as if they are from the NTS, and they contain malicious attachments in various formats or hyperlinks leading to malware-hosting websites and the ultimate deployment of XWorm malware. 1. [Solana Web3.js library backdoored to steal secret, private keys](https://sip.security.microsoft.com/intel-explorer/articles/04dd6cf6): Socket security firm reported that versions 1.95.6 and 1.95.7 of the Solana Web3.js library contained code designed to exfiltrate private and secret keys, which could allow attackers to drain funds from wallets. The attack is believed to be the result of a social engineering/phishing attack targeting maintainers of the official Web3.js open-source library maintained by Solana. 1. [Exploitation of CVE-2023-46604 in Korea](https://sip.security.microsoft.com/intel-explorer/articles/ccb7bd15): AhnLab identified active exploitation of Apache ActiveMQ vulnerability CVE-2023-46604, enabling remote code execution on unpatched Korean systems. Threat actors, including Andariel and Mauri ransomware groups, used tools like Quasar RAT and AnyDesk to exfiltrate data and control compromised environments. 1. [China-Linked Espionage on U.S.-China Organization](https://sip.security.microsoft.com/intel-explorer/articles/9c09d15e): Symantec reported a four-month-long intrusion by suspected Chinese threat actors targeting a U.S. organization with a Chinese presence. The attackers used DLL sideloading, Impacket, and credential-dumping tactics to exfiltrate data, leveraging tools like FileZilla and PSCP for intelligence gathering. 1. [Earth Minotaur\'s MOONSHINE Campaign](https://sip.security.microsoft.com/intel-explorer/articles/699406a4): Trend Micro detailed Earth Minotaur\'s use of the MOONSHINE exploit kit to target vulnerabilities in Android apps like WeChat, delivering the DarkNimbus backdoor. The campaign, likely linked to Chinese actors, focuses on Uyghur and Tibetan communities, employing phishing and Chromium browser exploits to monitor devices. 1. [Vulnerabilities in RAG Systems](https://sip.security.microsoft.com/intel-explorer/articles/53083f3e): Trend Micro exposed critical vulnerabilities in Retrieval-Augmented Generation (RAG) systems, including vector stores and LLM hosting platforms like l | Ransomware Malware Tool Vulnerability Threat Mobile Industrial Prediction | APT 45 | ★★★ |
|
2024-12-08 07:31:25 | Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience (lien direct) | Aligning risk and consequence-based approaches across IT and OT environments is crucial for robust cybersecurity. In assessing risk...
Aligning risk and consequence-based approaches across IT and OT environments is crucial for robust cybersecurity. In assessing risk... |
Industrial | ★★ | |
|
2024-12-06 18:35:45 | 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity (lien direct) | >Operational technology (OT) environments are vital systems that keep industries like manufacturing, energy, and transportation running. These systems are facing...
The post 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity first appeared on Dragos.
>Operational technology (OT) environments are vital systems that keep industries like manufacturing, energy, and transportation running. These systems are facing... The post 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity first appeared on Dragos. |
Threat Industrial | ★★ | |
|
2024-12-06 11:58:33 | Nozomi detects security vulnerabilities in Wago PLC; firmware updated to prevent privilege escalation (lien direct) | Nozomi Networks Labs identified several security vulnerabilities in the Wago PLC 750-8216/025-001, a programmable logic controller used in...
Nozomi Networks Labs identified several security vulnerabilities in the Wago PLC 750-8216/025-001, a programmable logic controller used in... |
Data Breach Vulnerability Industrial | ★★★★ | |
 |
2024-12-05 15:00:00 | Vulnerability Management Challenges in IoT & OT Environments (lien direct) | By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.
By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats. |
Vulnerability Industrial | ★★ | |
|
2024-12-05 13:59:47 | Nozomi Networks, Advens team to deliver cybersecurity services to industrial and critical infrastructure environments (lien direct) | Nozomi Networks, a provider of OT (operational technology) and IoT security, and Advens announced they have partnered to...
Nozomi Networks, a provider of OT (operational technology) and IoT security, and Advens announced they have partnered to... |
Industrial | ★★ | |
|
2024-12-05 11:01:25 | CRI, FDD, Microsoft publish resiliency for water utilities pilot interim report, launch Phase 2 (lien direct) | The Cyber Readiness Institute (CRI), Foundation for Defense of Democracies (FDD), and Microsoft published on Wednesday an interim...
The Cyber Readiness Institute (CRI), Foundation for Defense of Democracies (FDD), and Microsoft published on Wednesday an interim... |
Industrial | ★★★ | |
 |
2024-12-04 18:08:23 | Federal transportation officials aim to \\'bridge gaps\\' in OT cybersecurity (lien direct) | >In a post-Colonial Pipeline world, DOT and TSA leaders say they\'re pursuing a cross-sector approach to protecting operational technology.
>In a post-Colonial Pipeline world, DOT and TSA leaders say they\'re pursuing a cross-sector approach to protecting operational technology. |
Industrial | ★★★ | |
|
2024-12-04 14:40:13 | Nozomi Networks et Advens s\'associent pour offrir des services de cybersécurité aux environnements industriels et d\'infrastructures critiques (lien direct) | Nozomi Networks et Advens s\'associent pour offrir des services de cybersécurité avancés aux environnements industriels et d\'infrastructures critiques
•
• La visibilité OT et IoT, la détection des menaces et la gestion des risques de Nozomi Networks sont désormais intégrées aux services managés de sécurité d\'Advens, disponibles à travers toute l\'Europe.
• Parmi les clients bénéficiant de ce partenariat MSSP figurent Les Jeux olympiques de Paris
-
Business
Nozomi Networks et Advens s\'associent pour offrir des services de cybersécurité avancés aux environnements industriels et d\'infrastructures critiques • • La visibilité OT et IoT, la détection des menaces et la gestion des risques de Nozomi Networks sont désormais intégrées aux services managés de sécurité d\'Advens, disponibles à travers toute l\'Europe. • Parmi les clients bénéficiant de ce partenariat MSSP figurent Les Jeux olympiques de Paris - Business |
Threat Industrial | ★★★ | |
 |
2024-12-04 14:00:00 | How Regional Service Providers Can Grab a Larger Share of the Cybersecurity Market (lien direct) | Security leaders continue to be under intense pressure. Increasingly, they are turning toward third parties for support and expertise as their cybersecurity woes become more dire and it becomes harder to recruit and retain talent. This is reflected in the projected growth for cybersecurity services through 20281 (managed security services, managed detection and response, security consulting, and security professional services). According to Gartner1, end-user spending for all security services will grow from $77.4 billion in 2024 to $116.9 billion in 2028, with a compound annual growth rate (CAGR) of 11.4 percent. Managed detection and response (MDR) is forecasted to be the highest growth area of security services, with a projected 17.1 percent CAGR through 2028. This is in part due to the continued, acute need for support with threat monitoring, detection, and response. However, it’s also due to a growing need for help with risk identification, management and governance, exposure and vulnerability management, and incident readiness due to increasingly stringent requirements by regulators for reporting in these areas. Let’s compare that to the forecasted growth rate of network security products (a 9.9 percent 5-year CAGR, 2023-28, projected to reach $32.8 billion) and security software spending (a 13.4 percent 5-year CAGR, 2023-28, projected to reach $132.0 billion). What’s the storyline? The desire for help and expertise within security is as critical as the need for security products themselves. And, as the threat landscape grows ever-more formidable, especially with adversaries leveraging new AI tech, that need is likely not going to wane. With this growing demand, many, many different (and very large) providers have realized the opportunity in security services and are diving into the security services market for their piece of the “cyber money pie.” This includes everyone from software vendors, telecom companies, cloud service providers, IT service providers and traditional IT consulting firms to global MSPs (managed service providers) and MSSPs (managed security service providers). This is creating a very crowded market, and one in which business models are quickly changing so providers can better compete. For example, many organizations now see some of the big consultancies as a “one-stop shop,” for everything from consulting to MDR. In managed security services, for example, the top 10 MSSPs include (alphabetically): Accenture, Atos, AT&T (LevelBlue), Deloitte, Fortinet, Leidos, HCL Tech, NTT Data, PwC, and Tata Consultancy Services. Together, these providers hold 49 percent of MSS market share worldwide. Extending beyond the top 10 to top the 30 global MSS providers, the total “owned” market share jumps to 88 percent, leaving just 12 percent for the smaller, regional players. The raises several questions. Can the smaller, regional players compete against these big guns? Or, do they have to remain satisfied with fighting over the remaining 12 percent market share globally (which equates to approximately $3.5 million worldwide for MSS in 2025). Is it possible for smaller players to take a portion of the $26 million projected 2025 market share from the top 30? How can smaller, regional players win the security service game? Yes, smaller, regional service providers are going to be the most challenged as the services market continues its rapid evolution, especially as they try to keep up with technology changes, AI’s impact on service delivery, cyber skills shortages, and more. However, they also have an advantage, including the ability to: Specialize in industry or specific tech environments such as OT, cloud, or edge Provide regional context (including culture and language support) Partner with the larger players who can’t be everything to everyone This is wh | Vulnerability Threat Industrial Cloud | Deloitte | ★★ |
|
2024-12-03 18:51:02 | How to Prioritize Vulnerabilities in Your OT Environment with Risk-Based Vulnerability Management (lien direct) | >Operational technology (OT) systems in electric utilities, manufacturing organizations, and oil and gas companies face unique cybersecurity challenges. Traditional IT-focused...
The post How to Prioritize Vulnerabilities in Your OT Environment with Risk-Based Vulnerability Management first appeared on Dragos.
>Operational technology (OT) systems in electric utilities, manufacturing organizations, and oil and gas companies face unique cybersecurity challenges. Traditional IT-focused... The post How to Prioritize Vulnerabilities in Your OT Environment with Risk-Based Vulnerability Management first appeared on Dragos. |
Vulnerability Industrial | ★★ | |
|
2024-12-03 09:29:45 | Integrity360 launches Managed ASM (lien direct) | Integrity360 launches Managed ASM to address complex attack surfaces and strengthen OT and IoT cyber resilience
-
Product Reviews
Integrity360 launches Managed ASM to address complex attack surfaces and strengthen OT and IoT cyber resilience - Product Reviews |
Industrial | ★★ | |
 |
2024-12-02 15:40:00 | I finally found a wireless Android Auto adapter that\\'s reliable and affordable - and it\\'s in stock again (lien direct) | The AAWireless Two won\'t charm you with a ground-breaking industrial design or an edgy name, but it\'s as good as these adapters get - and back in stock for Cyber Monday.
The AAWireless Two won\'t charm you with a ground-breaking industrial design or an edgy name, but it\'s as good as these adapters get - and back in stock for Cyber Monday. |
Mobile Industrial | ★ | |
|
2024-12-01 10:10:24 | Leveling the playing field: Developing technical expertise and strategic role for women in ICS (lien direct) | >With the rapid transformation in industrial cybersecurity, opportunities are becoming more and more open to women in technical...
>With the rapid transformation in industrial cybersecurity, opportunities are becoming more and more open to women in technical... |
Industrial Technical | ★★★ | |
|
2024-11-29 18:36:23 | CISA issues urgent ICS advisories on hardware flaws in Schneider Electric, Hitachi Energy, Philips Vue equipment (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published this week five ICS (industrial control systems) advisories and...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published this week five ICS (industrial control systems) advisories and... |
Industrial | ★★★★ | |
 |
2024-11-29 12:53:00 | Month in security with Tony Anscombe – November 2024 edition (lien direct) | Zero days under attack, a new advisory from \'Five Eyes\', thousands of ICS units left exposed, and mandatory MFA for all – it\'s a wrap on another month filled with impactful cybersecurity news
Zero days under attack, a new advisory from \'Five Eyes\', thousands of ICS units left exposed, and mandatory MFA for all – it\'s a wrap on another month filled with impactful cybersecurity news |
Industrial | ★★ | |
|
2024-11-28 22:27:00 | Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP (lien direct) | Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.
"These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, |
Vulnerability Industrial | ★★ | |
|
2024-11-28 11:15:00 | Critical Vulnerabilities Discovered in Industrial Wireless Access Point (lien direct) | Customers of Advantech\'s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions
Customers of Advantech\'s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions |
Vulnerability Industrial | ★★ | |
|
2024-11-28 10:52:22 | Waterfall Security, ADAPTIT join forces to boost cybersecurity for critical operations across Europe (lien direct) | >Waterfall Security, a vendor of cybersecurity solutions for protecting industrial control systems and operational technology (OT) environments, and...
>Waterfall Security, a vendor of cybersecurity solutions for protecting industrial control systems and operational technology (OT) environments, and... |
Industrial | ★★ | |
|
2024-11-28 08:52:32 | Critical vulnerabilities in Advantech industrial wireless access points expose critical infrastructure to cyber threats (lien direct) | Researchers at Nozomi Networks Labs analyzed version 1.6.2 of the EKI-6333AC-2G, an industrial-grade wireless access point, uncovering 20...
Researchers at Nozomi Networks Labs analyzed version 1.6.2 of the EKI-6333AC-2G, an industrial-grade wireless access point, uncovering 20... |
Vulnerability Industrial | ★★★★ | |
|
2024-11-28 08:51:56 | Xona Systems expands into Middle East to enhance cybersecurity for critical infrastructure (lien direct) | >Xona Systems, a provider of secure access solutions for critical infrastructure and OT (operational technology) environments, announced its...
>Xona Systems, a provider of secure access solutions for critical infrastructure and OT (operational technology) environments, announced its... |
Industrial | ★★★ | |
 |
2024-11-28 07:35:32 | What is CMMC 2.0? And Why is Compliance Crucial? (lien direct) | In an era of increasingly sophisticated cyber threats, the U.S. Department of Defense (DoD) has introduced the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) to bolster the cybersecurity posture of its Defense Industrial Base (DIB). This updated framework aims to ensure that contractors and subcontractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) [...]
In an era of increasingly sophisticated cyber threats, the U.S. Department of Defense (DoD) has introduced the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) to bolster the cybersecurity posture of its Defense Industrial Base (DIB). This updated framework aims to ensure that contractors and subcontractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) [...] |
Industrial | ★★★ | |
|
2024-11-26 21:02:38 | CyberVolk: A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks (lien direct) | ## Snapshot CyberVolk, also known as GLORIAMIST, is a pro-Russia hacktivist collective that has been targeting entities in multiple countries with ransomware attacks since May 2024. The group, which has ties to other hacktivist groups such as [LAPSUS$](https://sip.security.microsoft.com/intel-profiles/d8a488ebb705e1b6bf64d3bd0c6e67344faf89546a63c30035b2cf9a250de421), Anonymous, Moroccan Dragons, and NONAME057(16), primarily aims to exploit geopolitical tensions to justify and carry out attacks on public and governmental organizations, serving the interests of the Russian government. ## Description CyberVolk launched its [Ransomware-as-a-Service (RaaS)](https://sip.security.microsoft.com/intel-explorer/articles/f61c0dea) in June 2024. Their ransomware, derived from [AzzaSec](https://sip.security.microsoft.com/intel-explorer/articles/a8648a54)\'s code, is written in C++ and uses encryption algorithms like AES, RSA, and quantum-resistant algorithms. It is designed to terminate processes related to system management tools before encrypting files and demanding a ransom in cryptocurrency with a 5-hour deadline. CyberVolk is associated with ransomware families like HexaLocker and Parano. HexaLocker, developed by a former LAPSUS$ associate, ZZART3XX, targets Windows systems and is known for its advanced evasion techniques, including anti-debugging capabilities, EDR/XDR/AV-Killer, and UAC bypass improvements. Parano Ransomware, promoted in October 2024, also features advanced anti-analysis features and uses AES-128 and RSA-4096 for encryption. In addition to ransomware, CyberVolk develops [infostealer](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6) malware and webshells, which allow attackers to manipulate files and directories on compromised servers. In early November 2024, CyberVolk\'s presence on Telegram ended due to a mass ban of hacktivist groups, prompting them to move to the X platform for future communications. Despite the ban, CyberVolk continues to pose a significant threat due to their ability to leverage and enhance commodity tools, creating challenges for cybersecurity teams in tracking their activities. ## Microsoft Analysis and Additional OSINT Context Pro-Russian hacktivists have emerged as prominent actors in cyberattacks, targeting critical infrastructure and launching widespread DDoS campaigns to advance their political, social, or ideological agendas. These activities often blur the lines between independent hacktivism and state-sponsored operations, as Russia leverages and sometimes impersonates hacktivist and cybercriminal groups to obscure its cyber activities and amplify their effects. The Kremlin\'s tacit support and leniency toward cybercriminal groups operating within its borders further enable these actors to carry out attacks that align with Russian interests. For example, the Russian hacktivist group NoName057(16), along with pro-Russian groups Cyber Army of Russia Reborn and Alixsec, [launched DDoS attacks against South Korean government](https://sip.security.microsoft.com/intel-explorer/articles/8eac574e) agencies in November 2024. These attacks were in response to South Korean political statements regarding the supply of weapons to Ukraine. Additionally, in May 2024, CISA issued a joint statement highlighting ongoing [pro-Russia hacktivist activity targeting ICS and small-scale OT systems](https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity) across North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of RaaS threats. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus) in Microsoft Defender Antivirus or the equivalent for your antivir | Ransomware Malware Tool Threat Industrial | ★★★ | |
|
2024-11-26 14:37:00 | What Are Computer Worms? (lien direct) | In today\'s interconnected digital world, businesses are constantly under threat from cybercriminals seeking to exploit vulnerabilities in systems, networks, and devices. One of the most persistent and silent threats that organizations face is computer worms. These malicious programs can spread across networks, infecting systems autonomously and wreaking havoc before a user even realizes something is wrong. Computer worms are a type of malware designed to replicate themselves and spread autonomously across networks and computer systems. Unlike traditional viruses that require user action to propagate, computer worms can self-replicate without needing to attach to a host file or program. This unique capability makes them especially dangerous, as they can spread rapidly and infect numerous devices before users are even aware of their presence. The impact of computer worms can range from reduced system performance to the complete loss of critical data. High-profile attacks, such as those by the infamous Code Red and WannaCry worms, have highlighted how severe and disruptive these threats can be. Despite the growing awareness of cybersecurity threats like viruses, ransomware, and phishing attacks, computer worms remain one of the most harmful types of malware. They can silently infiltrate your network, consume bandwidth, corrupt or steal data, and even open the door to additional attacks. Understanding what computer worms are, how they work, and how to defend against them is crucial for any business, large or small. In this article, we will explore the nature of computer worms, their risks and potential damage, and how to protect your organization against them. Let’s dive in! Computer Worm Definition At its core, a computer worm is a type of self-replicating malware that spreads across networks or systems without anyone doing anything. Unlike traditional viruses that require users to open infected files or click on malicious links, worms can propagate autonomously once they find an entry point into a system. Their primary purpose is to replicate themselves, often at an alarming rate, and spread from one computer to another, often exploiting vulnerabilities in network protocols, software, or operating systems. A worm virus is often distinguished by its ability to move freely across networks, infecting computers and servers, consuming resources, and in many cases, causing significant damage in the process. The worst part? Worms often don’t need a host file or a user action to activate; they spread automatically, which makes them far more dangerous and difficult to contain than traditional malware. To better understand what makes worms unique, let\'s define them more clearly: A computer worm is a standalone malicious program that can replicate and propagate across computer systems and networks. Unlike traditional viruses, worms do not attach themselves to files or require users to run them. They spread through network connections, exploiting vulnerabilities in software and hardware. Worms often carry out harmful actions such as data theft, system corruption, or creating backdoors for other types of malware like ransomware or Trojan horses. The main difference between worms and other malware (like viruses or spyware) is that worms focus specifically on self-replication and spreading across networks, whereas viruses typically need to attach themselves to an existing file or program. While all worms share common traits, there are various types based on how they spread or the methods they use to exploit systems: Email Worms: These worms spread through email systems, often by sending malicious attachments or links to everyone in a user’s contact list. The ILOVEYOU worm, one of the most infamous examples, spread via email attachments and wreaked havoc on millions of systems. Network Worms: These worms target security vulnerabilities in network protocols, services, | Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching Mobile Industrial Medical Technical | Wannacry | ★★ |
|
2024-11-25 13:00:00 | Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series (lien direct) | >We are excited to announce the launch of the new “Ask Dragos Intel” blog series, created to provide you with...
The post Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series first appeared on Dragos.
>We are excited to announce the launch of the new “Ask Dragos Intel” blog series, created to provide you with... The post Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series first appeared on Dragos. |
Threat Industrial | ★★★ |
To see everything:
Our RSS (filtrered)
