The Cyberwire.com Newsletters.

"An analysis of cyberattacks against Danish energy infrastructure."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 16 January 2024, 1526 UTC.

Content and Source:  https://thecyberwire.com/newsletters/daily-briefing/13/9 ("The Cyberwire.com Newsletters").

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

V13 | Issue 9 | 1.12.24

Daily Briefing for 01.12.24

SUMMARY
By the CyberWire staff

At a glance.

  • An analysis of cyberattacks against Danish energy infrastructure.
  • Cryptomining campaign targets weak SSH passwords.
  • Akira ransomware gang ramps up operations.
  • FBot targets cloud services.

An analysis of cyberattacks against Danish energy infrastructure.

Forescout has published an analysis of two waves of cyberattacks that hit Denmark's energy sector in May 2023. While the Danish CERT for critical infrastructure, SektorCERT, attributes the incidents to Russia's Sandworm threat actor, Forescout thinks the evidence for this is lacking. The researchers write, "Evidence suggests that the two waves of attacks on Danish infrastructure reported by SektorCERT were unrelated. It also suggests that the second wave was simply part of a mass exploitation campaign against unpatched firewalls, not part of a targeted attack by Sandworm or another state-sponsored actor. Our data reveals that the campaign described as the 'second wave' of attacks on Denmark, started before, and continued after, the period reported by SektorCERT, targeting firewalls indiscriminately in a very similar manner, only changing staging servers periodically. We see a prevalence of exploitation attempts in Europe, where nearly 80% of publicly identifiable and potentially vulnerable firewalls are located."

Optimize the value of your biggest investment – your cyber talent.

Gain actionable insights to continuously build and maintain high-performance teams, climb the knowledge curve, and stay ahead in a rapidly changing world. N2K’s Strategic Cyber Workforce Intelligence is a comprehensive solution designed to identify current capabilities and develop a data-driven framework to enrich hiring, upskilling, and career mobility efforts in your people strategy that evolves with ongoing organizational transformation. Learn more.

Cybersecurity and IT practice tests - now just $39 each.

Make 2024 the year you earn a new professional certification. For a limited time, N2K is offering our full catalog of certification practice tests for just $39 each. Choose from our extensive library of certification titles from leading vendors like AWS, CompTIA, Microsoft, CISCO, and more. Visit n2k.com/certify. to view our practice test catalog and get started today.

Cryptomining campaign targets weak SSH passwords.

Researchers at Akamai are tracking a cryptocurrency campaign that's spreading via a Mirai botnet variant called "NoaBot." The malware has been active since the beginning of 2023, and targets Linux systems with weak SSH passwords in order to install the XMRig miner. The researchers note, "The malware obfuscation and custom code show a high level of operation security, which usually indicates mature threat actors, but the naming of the malware’s binaries and some its included strings are quite childish. This complicates attribution."

Akira ransomware gang ramps up operations.

Sophos has published an update on the Akira ransomware, noting that the group's activities increased toward the end of 2023: "Following our initial report on Akira ransomware, Sophos has responded to over a dozen incidents involving Akira impacting various sectors and regions. According to our dataset, Akira has primarily targeted organizations located in Europe, North America, and Australia, and operating in the government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunication sectors." The researchers add, "The most common mode of initial access leveraged by Akira ransomware actors was unauthorized logon to VPNs by accounts lacking multi-factor authentication (MFA). Typically, Sophos observed Akira actors specifically targeting Cisco VPN products without MFA enabled, such as Cisco ASA SSL VPN or Cisco AnyConnect."

The Finnish National Cybersecurity Center (NCSC-FI) has also issued a warning on Akira, noting that the ransomware hit at least twelve organizations in Finland last year, three of which occurred during Christmas vacations, Help Net Security reports. The NCSC-FI stated, "The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year....Of the ransomware malware cases reported to the Cybersecurity Center in December, six out of seven involved Akira family malware."

Share your message with our audience of security leaders.

N2K Cyber’s 2024 sponsorship packages are now available. If you're looking to reach the eyes and ears of our influential security professionals, let's talk and see how we can build a program that meets your goals.

FBot targets cloud services.

SentinelOne describes "FBot," a Python-based hacking tool that's being used to target "web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio." The researchers note, "FBot is unique in that it does not apparently adapt the Androxgh0st code so common among similar hacktools, though the earliest reference to FBot is one year more recent than the first sighting of Androxgh0st. However, there are several connections to the Legion cloud infostealer, making it likely the Legion maintainer adapted code from FBot into their tool."

Notes.

Today's issue includes events affecting Australia, Denmark, Finland, Russia, and the United States.

A note to our readers and listeners.

The CyberWire won't be publishing on Monday, in observance of the US holiday of Martin Luther King, Jr. Day. We'll be back as usual on Tuesday.

SPONSORED EVENTS
RSA Conference 2024 Ι May 6 – 9 Ι San Francisco (San Francisco, CA, USA, May 6 - 9, 2024) Join the cybersecurity community at RSAC 2024 for cutting-edge innovation, expert-led sessions, inspiring Keynotes, networking, and more. Register now!
SELECTED READING

Attacks, Threats, and Vulnerabilities

Further analysis of Denmark attacks leads to warning about unpatched network gear (The Record) Waves of incidents that seemed like a highly-targeted effort by a nation-state actor might have been less connected than originally thought, according to a new report by Forescout.

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin (Wordfence) On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view ...Read More

Akira, again: The ransomware that keeps on taking (SC Media) Seven months after our first investigation, a fuller portrait of the criminal gang and its tactics emerges

FBot Hacking Tool Targets Cloud, Payment Platforms (Decipher) A new Python-based hacking tool is leveraged by cybercriminals to target cloud and SaaS platforms, and payment services, like AWS, Office365, PayPal and Twilio.

Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

Security Patches, Mitigations, and Software Updates

Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP (The Hacker News) GitLab patches critical vulnerabilities! CVE-2023-7028 scores a perfect 10 on severity.

Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved | CISA (Cybersecurity and Infrastructure Security Agency CISA) Juniper Networks has released a security advisory to address a vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.

Five key trends for data protection in 2024 (Bangkok Post) 2024 promises to be a dynamic year. As we integrate artificial intelligence (AI) technology into businesses, the importance of responsible practices, vigilant oversight and continuous learning cannot be overstated.

Marketplace

Synagex Acquires Ascentek, Bolstering Managed IT Services (ChannelE2E) Synagex, a provider of managed IT and cybersecurity services, today announced the acquisition of Ascentek, a western Massachusetts information technology firm. Financial information was not disclosed.

Most Technology Fund Dollars Going to Cybersecurity (FEDweek) Cybersecurity initiatives were the focus of most of the grants from the Technology Modernization Fund in fiscal 2023, accounting for 10 of 18 awards and

Ballistic Ventures Adds Renowned Security Researchers Jaime Blasco and Marshall Heilman as Threat Intelligence Advisors (PR Newswire) /PRNewswire/ -- Ballistic Ventures, the venture capital firm dedicated exclusively to funding and incubating entrepreneurs and innovations in cybersecurity,...

Peraton Appoints New Advisory Board Members (PR Newswire) /PRNewswire/ -- Peraton today announced the appointment of four new Advisory Board members: Lt. Gen. Bob Ashley, retired, U.S. Army, and former director,...

Products, Services, and Solutions

Keeper Security enhances Granular Sharing for enterprise compliance (SecurityBrief Asia) Keeper Security enhances its Granular Sharing Enforcements in a move that will heighten visibility and control over how staff use and share credentials, aiding businesses in better meeting stringent security directives.

Cisco Recognized for IoT Security and Smart Manufacturing Innovation in 2024 IoT Breakthrough Awards Program (GlobeNewswire News Room) Prestigious Annual IoT Breakthrough Awards Program Honors Standout Internet-of-Things Companies and Products...

23 Best Free Spyware Removal Tools in 2024 (GeeksMint: Computers, How-to's, Internet, Tips and Tricks) In this article, we will talk about the best free spyware removal tools that can reliably detect, eliminate, and prevent spyware from infiltrating your devices.

Legislation, Policy, and Regulation

UK government accused of being misleading over new laws affecting encryption (The Record) The trade association techUK says the laws essentially grant a de facto power to the British government to "indefinitely veto companies from making changes to their products and services offered in the UK.”

Companies likely to incur significant costs to meet cyber agency’s standard for mobile app safety (www.singaporelawwatch.sg) Cybersecurity experts warned the costs incurred by companies to make their mobile applications safe could pile up, as malware and other malicious threats become more sophisticated. This comes after the Cyber Security Agency of Singapore on Wednesday (Jan 10) published a recommended standard for mobile apps, particularly for those that perform high-risk transactions, such as banking and e-commerce apps.

NSA says cybersecurity will gain many benefits with generative AI (ReadWrite) Will the use of generative AI in Cybersecurity help countries and nations combat threats in cyber wars? The NSA thinks so.

Litigation, Investigation, and Law Enforcement

French hacker from ‘ShinyHunters’ group sentenced to three years in US prison (The Record) Sebastien Raoult, also known as “Sezyo Kaizen,” was extradited to the U.S. in January 2023 after his arrest in Morocco the year before.

INDUSTRY EVENTS

For a complete running list of events, please visit the Event Tracker.

Events

SANS Cloud Defender 2024 (Virtual, Jan 8 - 13, 2024) At SANS Cloud Defender 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

SANS Classic 2024 (Virtual, Jan 15 - 20, 2024) At SANS Classic 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Insider Threat Program Development, Management & Optimization Live Web Based Training Course (Virtual, Jan 17 - 18, 2024) This highly sought after and very comprehensive 1 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.

SANS Cyber Security Mountain: January 2024 (Virtual, Jan 22 - 27, 2024) At SANS Cyber Security Mountain: January 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Insider Threat Program Development, Management & Optimization Training Course (Laurel, Maryland, USA, Jan 30 - 31, 2024) This highly sought after and very comprehensive 2 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.

SPONSOR & SUPPORT
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Comments

Popular posts from this blog

SecurityWeek Briefing.

SecurityWeek Briefing.

Cyber War News Wire.