As sure as fireflies and fireworks mean summer, so do Cybersecurity and Infrastructure Security Agency (CISA) warnings and alerts. With parents shuttling kids to day camps, pool parties, and Disney World, summer is a prime time for cybercriminals to make mischief, knowing that people’s attention is often focused elsewhere.
Summer is always a good time to monitor CISA for their alerts and advisories. To make it easier for you to do that, here are some key ones you should be watching out for:
Black Basta
Just what we need; another ransomware to watch out for! Black Basta has impacted over 500 organizations worldwide and seems to have a special affinity for healthcare verticals.
Some of the highlights include:
Black Basta affiliates use common initial access techniques—such as phishing and exploiting known vulnerabilities—and then employ a double-extortion model, both encrypting systems and exfiltrating data.
The alert goes on to say that the ransom notes do not generally include an initial ransom demand or payment instructions. Instead, they provide victims with a unique code and instruct them to contact the ransomware group. If the victim doesn’t respond within ten days to two weeks, their data will be published, making this a double ransomware extortion plot.
You can read the full Black Basta CISA alert here.
Manufacturing alerts
Manufacturers increasingly find themselves in the crosshairs of various vulnerabilities. CISA released four Industrial Control Systems (ICS) advisories on June 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. The risks are niche, related just to Mitsubishi Electric or Fuji Electric.
According to CISA, an attacker could send a user a URL that, if clicked on, could execute malicious JavaScript in their browser.
Snowflakes in summer
For many who use the cloud data platform Snowflake, there are some issues to proactively watch for. According to a CISA-Snowflake alert:
Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts. We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data.
CISA recommends that users hunt for any malicious activity and report positive findings to CISA. Read the full alert here.
Canadian Cybersecurity Centre
Cybercrime knows no boundaries, and summer is an active time elsewhere for hackers.
The Canadian Cybersecurity Centre issued an alert recently for Android devices, the alert reads in part:
The most severe of these issues is a high-security vulnerability in the system component that could lead to local escalation of privileges with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
World-wide alert
Meanwhile, the Canadian Centre for Cyber Security (Cyber Centre), Australian Signals Directorate’s Australian Cyber Security Centre, and The UK’s National Cyber Security Centre (NCSC) issued an alert about possible malicious cyber activity targeting virtual private network (VPN) services used by government and critical national infrastructure networks globally.
The formal alert describes the threat as sophisticated. Possibly fomented by a nation-state, the threat employs some novel and multi-layer techniques.
Since VPN services are essential components of computer network security, vulnerabilities in such services are particularly consequential, and public disclosure of critical vulnerabilities can enable their use by a wide variety of threat actors. We emphasize the need to patch devices quickly and to have a comprehensive defense in-depth strategy.
Summer reading
CISA recently published guidance to help agencies meet requirements related to DNS traffic encryption and enhance their IT networks’ cybersecurity posture. This is part of moving the U.S. Government Toward Zero Trust Cybersecurity Principles and the National Cybersecurity Strategy. This guidance is meant for companies that do business with the government or wish to implement federal-level standards.
The guidance, known as memorandum 22-09, specifically calls for agencies to encrypt DNS traffic where technically feasible, while statutory mandates require agencies to use CISA’s Protective DNS capability for egress DNS resolution. This guide will assist agencies with the implementation of currently feasible technical capabilities for agency networks, DNS infrastructure, on-premises endpoints, cloud deployments, and roaming, nomadic, and mobile endpoints.
The new guidance can be read here.
You should be all set for summer, and hopefully, cybercriminals won’t be!
Photo: Suzanne Tucker / Shutterstock
This post originally appeared on Smarter MSP.