Steve Stavridis’ Post

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Who can you trust to combat the growing number of AI-generated election deepfake threats? That was just one of the questions addressed during roundtable discussions this past week at the inaugural Billington State and Local Cybersecurity Summit held on March 19-20 at the National Press Club in Washington, D.C. The event included nationwide experts from local, state and federal government agencies, as well as private-sector companies and nonprofit groups. #beyondtrust #cybersecurity #pam #publicsector

With a focus on public-private partnerships, @CyberUSA is equipping organizations with tools and strategies to safeguard against ransomware, data breaches, and advanced persistent threats. New training modules and real-time threat intelligence platforms have been introduced to address the rapidly evolving digital threat landscape.

Hot off the press! 📰🗞️🔥 Trustwave #SpiderLabs' newest report – specifically on the challenges, threat actors, and attack trends facing the public sector – has just published! 📄 With the sector being a hot target for criminals, hacktivists, and nation-state sponsored organizations, it’s imperative that a strong sense of defense is in place. After all, breaches can erode public trust, disrupt daily life, and even endanger lives in the case of attacks on critical infrastructure. 🔒🛡️ Discover a sneak peek of the intel you’ll find within the pages of the new threat briefing in the link below: https://hubs.ly/Q02x3VBq0 #publicsector #government #federal #SLED #cybersecurity

In the 2024 Threat Hunter Perspective released by OpenText today, concerning trends of collaboration among US adversaries, China, Russia, and cybercrime groups targeting global supply chains are highlighted. The upcoming election has intensified cyberattacks amidst rising geopolitical tensions. A projection indicates that cybercrime is projected to rise to $9.5 trillion in 2024, with a significant surge to $10.5 trillion in 2025. This places immense pressure on CISO's, who face the challenge of identifying attackers, predicting attack timings, understanding motives, and discerning execution methods. The focus has shifted from the possibility of an attack to preparing for the inevitable and swiftly adapting to mitigate impacts. #cyberattacks #ciso #geopolitical #OpenText

Crimson Palace returns: New Tools, Tactics, and Targets Team Cymru #DNB - 11/09/2024 (Source: Sophos) After a brief break in activity, Sophos X-Ops continues to observe and respond to what we assess with high confidence as a Chinese state-directed cyberespionage operation targeting a prominent agency within the government of a Southeast Asian nation.  In the process of investigating that activity, which we track as Operation Crimson Palace, Sophos Managed Detection and Response (MDR) found telemetry indicating the compromise of additional government organizations in the region, and has detected related activity from these existing threat clusters in other organizations in the same region. The attackers consistently used other compromised organizational and public service networks in that region to deliver malware and tools under the guise of a trusted access point. Our previous report covered activity from three associated security threat activity clusters (STACs) connected to the cyberespionage activity: Cluster Alpha (STAC1248), Cluster Bravo (STAC1870), and Cluster Charlie (STAC1305), all seen between March and August 2023. All three threat clusters operating inside the estate of the targeted agency went dormant in August 2023.

The Earth Krahang APT group has been found using a lesser-known RESHELL backdoor, alongside the XDealer backdoor, to infect organizations across the globe. The malware are dropped via spear-phishing emails related to geopolitical affairs. Modus operandi As part of the campaign, the attackers use compromised email addresses to send malicious attachments to users in the same organization.  The emails are sent under the pretext of geopolitical topics, such as "Malaysian Ministry of Defense Circular," "ICJ public hearings- Guyana vs. Venezuela," or "Malaysian defense minister visits Hungary," to lure users. The malicious attachment includes a RAR archive containing an LNK file that executes the installers for backdoor malware onto the victims' system.  In some cases, the backdoors were found being delivered via web shell on compromised servers. Researchers highlighted that the threat actor compromised a government web server and leveraged it to scan vulnerabilities in other government targets. Targeted victims So far, seventy organizations spread across 23 countries have been targeted in the campaign. A majority of these organizations are in the government sector, with maximum targets aimed at foreign affairs ministries. Other impacted organizations belong to the education, telecommunications, logistics, finance, healthcare, and manufacturing sectors. Connections with Earth Lusca Based on the IP address and domain names (such as googledata[.]com) used in the campaign, Trend Micro speculates a strong link between Earth Krahang and Earth Lusca.   Moreover, the attackers were found targeting a similar range of victims to achieve their goals. Conclusion Given the importance of Earth Krahang’s targets and its preference for using compromised email accounts, organizations are advised to adhere to security best practices. This includes educating employees on how to identify phishing activity. Moreover, they can leverage IOCs attached to the campaign to understand the attack pattern and implement the required measures.

Researchers from security firm Sophos detailed Operation #CrimsonPalace threat clusters of Chinese state-sponsored activity targeting a Southeast Asian government agency for #cyberespionage in a campaign that had precursors dating back to early 2022. The clusters were observed using tools and infrastructure that overlap with other researchers’ public reporting on Chinese threat actors BackdoorDiplomacy, REF5961, Worok, TA428, the recently-designated Unfading Sea Haze, and the APT41 subgroup Earth Longzhi. “In May 2023, in a threat hunt across Sophos Managed Detection and Response telemetry, Sophos MDR’s Mark Parsons uncovered a complex, long-running Chinese state-sponsored cyberespionage operation we have dubbed ‘Crimson Palace’ targeting a high-profile government organization in Southeast Asia,” Paul Jaramillo, Morgan Demboski, and Mark Parsons wrote in a Wednesday blog post. “MDR launched the hunt after the discovery of a DLL sideloading technique that exploited VMNat.exe, a VMware component. In the investigation that followed, we tracked at least three clusters of intrusion activity from March 2023 to December 2023. The hunt also uncovered previously unreported malware associated with the threat clusters, as well as a new, improved variant of the previously-reported EAGERBEE malware.” https://lnkd.in/gVRDg7G7

The world is upset. It is vetting its outrage at the impact of the most significant disruption to the lives of its dominant species since the Siege of Leningrad. And at whom is this outrage directed, CrowdStrike the most innovative and influential cybersecurity company on earth? While mindful of the unprecedented damage caused by last week’s incident, I’m obliged to convey some of this company's unparalleled contributions to thwarting malicious attacks on systems whose viability depends on the availability of its technology resources. CriwdStrike has been using AI and ML on its Falcon platform since 2013 to detect and thwart malware attacks before they make the signature lists. This is actual 0-day protection, folks! Most security pundits who credit McAafee as the first security company to do this fail to mention that Crowdstrike co-founders George Kurtz and Dmitri Alperovitch conceived of and drove this effort during their tenure at McAfee. CrowdStrike was the first to incorporate Threat Intelligence into Falcon. The Emotet Trojan, WannaCry, the Solar Winds Supply Chain Attacks, and Operation Poison Hurricane? All of them stopped in their tracks by this feature alone. We’ll never know the true impact of CrowdStrike’s contributions to the integrity, reliability, and availability of the technology upon which we’ve become so reliant. Perhaps we should view this incident through the lens that demonstrates the fragility of our critical infrastructure. What is certain is we’ll name this incident something catchy and use it for decades as the hallmark of @CrowdStrike’s legacy.

Enhancing national security: The four pillars of the National Framework for Action: In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of technology and social media by threat actors. Cohen argues that a coordinated, whole-of-society approach is essential to empower communities and counter integrated threats to national security. Can you walk us through the four pillars of … More → The post Enhancing national security: The four pillars of the National Framework for Action appeared first on Help Net Security.

Darktrace released its "First 6: Half-Year Threat Report 2024," identifying key threats and attack methods facing businesses across 2024's first half. It revealed that Information-stealing malware (29%), Trojans (15%) and Remote Access Trojans (12%) were the most common. https://lnkd.in/d8CirrgG #TechNews #StayInformed #StayAhead #dailydose #followus #staytuned #stayconnected #technews #technology #trending #trendingnow #trendingnews #explore #explorepage #techdogs