DOCSLIB.ORG

Supply Chain Disruptions and Cyber Security in the Logistics Industry 2021 Table of Contents

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Supply Chain Disruptions and Cyber Security in the Logistics Industry 2021 Table of Contents BLUEVOYANT REVIEW Supply Chain Disruptions and Cyber Security in the Logistics Industry 2021 Table of Contents 3 Introduction 4 Key Findings 5 Threat Landscape 5 Cyber Attacks on Supply Chain 7 Dark Web 9 Ransomware 11 Threat Intelligence Findings 11 Findings: Threat Targeting 11 Findings: Potential Compromise 12 IT Hygiene and Email Security 13 Conclusion BLUEVOYANT: SUPPLY CHAIN DISRUPTIONS AND CYBER SECURITY IN THE LOGISTICS INDUSTRY 2 Introduction With global health dependent on immediate, In order to manage these complicated, high-volume safe, and effective vaccine distribution, and with networks, logistics companies are increasingly reliant economies operating by the grace of the global on highly automated systems4 that ensure ‘just-in-time’ shipping sector, logistics firms are, quite literally, delivery across roads, ports, airports, and through responsible for carrying the world through the rail, air, and maritime freight. These systems make current crisis. With timely operations at a premium, logistics as a sector incredibly vulnerable to cyber these firms are highly sensitive to disruption and attacks. Logistics and cyber security have a history: especially vulnerable to ransomware - malware the global NotPetya ransomware attack in 2017 that can bring operations to a standstill and hold famously infiltrated the Danish shipping firm Maersk. companies to hostage until demands are met. The attack froze Maersk’s worldwide logistics operations in place and eventually cost the firm Logistics companies have undergone a tumultuous between US $250-300 million5. and transformative year. In the immediate aftermath of COVID-19, air and maritime freight crashed - only to Four years on from NotPetya, and with the logistics rebound in 2021 as work-from-home economies drove of the vaccine supply chain in the global spotlight, people to ship more necessities and goods directly to BlueVoyant reviewed the cyber security readiness of their homes. While many major logistics companies the logistics sector, asking three questions: are well-known - DHS, FedEx, UPS - the infrastructure How is ransomware affecting the supply 1 supporting this change is a tightly-woven network of chain industry? many huge, but lesser-known, businesses: logistics How prepared are major logistics firms to software and solutions companies, shipping giants, 2 freight forwarders. Many of these companies weather ransomware attacks? are experiencing different rates of rebound1,2 and What can logistics firms do to succeed 3 3 capacity , just when they are needed most. despite an aggressive threat landscape? The vaccine distribution effort has placed an Others are also taking note: additional burden and emphasis on the sector. At present, vaccines are shipped by air from The Biden administration has signed manufacturers in Europe to European member into effect an Executive Order on Supply states, the U.S., and abroad. Again, the vaccine effort Chains6, with a focus on securing and draws in many different partners, including not only bolstering the American supply chain logistics solutions providers but also specialized against vulnerability to attack. businesses, like AmeriCold, that can manage the ‘cold chain’ required for preserving vaccine doses in This follows on from a new National Maritime Cyber low temperatures. BlueVoyant’s previous Report on security Plan7 to govern shipping. This report, drawn from Biotechnology & Pharma disclosed the aggression proprietary and open-source datasets, shows that logistics and volume of attacks targeting businesses involved firms still have a lot to learn from NotPetya. We note our in vaccine development. findings, as well as our thoughts on what the sector can do to create a safer future, below. BLUEVOYANT: SUPPLY CHAIN DISRUPTIONS AND CYBER SECURITY IN THE LOGISTICS INDUSTRY 3 In 2017, the global NotPetya ransomware attack froze Danish shipping firm Maersk’s worldwide logistics operations and COST THE FIRM BETWEEN $250-300M Key Findings In light of current concerns over global supply chains, BlueVoyant analysts reviewed the cyber security issues facing the logistics industry. BlueVoyant chose to assess the leading twenty logistics companies by market capitalization in order to assess their vulnerability to ransomware and other disruptive attacks. The following is a summary of our findings: Ransomware attacks are common Malicious actors are interested BlueVoyant’s datasets revealed that and on the rise. Consistent with in logistics companies. many of the companies surveyed a spike in ransomware attacks Every company’s network saw are vulnerable. Despite the risk across all sectors8, reported attacks some evidence of threat targeting. from ransomware, most were found on shipping and logistics firms to have open remote desktop or tripled between 2019 and 2020. administration ports and insufficient Almost all of these attacks occurred email security. through phishing or exploitation of open remote desktop ports.9 Given that these companies, which make up the bulk of the logistics industry, were vulnerable to key avenues of attack from ransomware - and given that ransomware is the number one threat to logistics companies today - these findings suggest a situation of imminent and extreme risk. BLUEVOYANT: SUPPLY CHAIN DISRUPTIONS AND CYBER SECURITY IN THE LOGISTICS INDUSTRY 4 Threat Landscape Cyber Attacks on Supply Chain A recent study found the Covid-19 pandemic to be the decade’s single most disruptive event for global manufacturing supply chains10. Even without the pandemic, however, evidence from multiple sources indicates that cyber attacks on supply chain companies are experiencing a precipitous increase; furthermore, much of that activity is driven by ransomware11,12. A ransomware attack on a supply chain business can be extremely disruptive. Wired’s coverage of the 2017 NotPetya incident’s consequences for shipping conglomerate Maersk (discussed at greater length below) depicts the issue quite compellingly: Businesses suffer ...customers faced a set of bleak options: They could try to get their precious cargo onto disruptions lasting other ships at premium, last-minute rates, at one month every often traveling the equivalent of standby. Or, if their cargo was part of a tight supply chain, like components for a factory, Maersk’s outage 3.7 YRS could mean shelling out for exorbitant air freight delivery or risk stalling manufacturing processes, where a single day of downtime costs hundreds of thousands of dollars. Many of the containers, known as reefers, were electrified and full of perishable goods that required refrigeration. 72% They’d have to be plugged in somewhere or their Companies studied contents would rot.13 have suffered supply Supply chain disruptions are increasingly common: chain disruptions a recent McKinsey study estimated businesses will, on average, suffer disruptions lasting at least one month every 3.7 years even without an increase in the frequency of malicious cyber activity.14 A 2020 3D Hubs report revealed that 72% of companies studied have suffered supply chain disruptions due to cyber attacks over the past decade.15 While a June 2020 survey 290 cited in that report found that only 9% of respondents cyber attacks ranked cyber attacks the top supply chain disruption against supply chain of the last 10 years, the report also notes that other companies in 2019 researchers recorded 290 cyber attacks against supply chain companies in 2019 alone.16 Other factors could, moreover, increase the frequency of cyber attacks that disrupt supply chains. BLUEVOYANT: SUPPLY CHAIN DISRUPTIONS AND CYBER SECURITY IN THE LOGISTICS INDUSTRY 5 Attacks on shipping in particular have been on the rise. “ At present, a series of cyber attacks have plagued the shipping industry. Israeli cyber security company Naval Dome reports that since February this year, the number of attacks on the shipping industry has soared by 400%. Over the past three years, cyber attacks against operational technology (OT) systems in the maritime industry have increased by 900%, and by the end of this year, the number of reported incidents will reach a record number. Among them, there were 50 major OT attacks reported in 2017, increased to 120 in 2018, more than 310 in 2019, and more than 500 in 2020.”17 Shipping and logistics is vulnerable as a sector than was foreseeable.19 Although Maersk and other because it is targeted both by nation-state groups as businesses in the logistics sector, including Deutsche well as cybercriminals. Geopolitical tensions can be Bahn, may have been collateral damage in the particular disruptive and spark attacks or interference in shipping case of NotPetya, similar activity could presumably have businesses, such as incidents resulting from issues an even more severe impact on supply chains if nation- like Brexit and ongoing US-China trade disputes.18 state actors set out to disable logistics companies The boundary between cyber activity and geopolitical specifically. Indeed, some such incidents may already contestation is quite porous and private businesses have occurred: Deutsche Bahn also suffered an infection are often softer targets for such activity than state with the WannaCry strain of ransomware, which analysts institutions. NotPetya’s rapid spread is a particularly attribute to the North Korea-linked Lazarus Group, in powerful example of this, as the available evidence May 2017.20 More recently, analysts have attributed a indicates that threat actors initially deployed NotPetya to days-long service interruption
Load more

Recommended publications
  • Enisa Etl2020
    EN From January 2019 to April 2020 Spam ENISA Threat Landscape Overview The first spam message was sent in 1978 by a marketing manager to 393 people via ARPANET. It was an advertising campaign for a new product from the company he worked for, the Digital Equipment Corporation. For those first 393 spammed people it was as annoying as it would be today, regardless of the novelty of the idea.1 Receiving spam is an inconvenience, but it may also create an opportunity for a malicious actor to steal personal information or install malware.2 Spam consists of sending unsolicited messages in bulk. It is considered a cybersecurity threat when used as an attack vector to distribute or enable other threats. Another noteworthy aspect is how spam may sometimes be confused or misclassified as a phishing campaign. The main difference between the two is the fact that phishing is a targeted action using social engineering tactics, actively aiming to steal users’ data. In contrast spam is a tactic for sending unsolicited e-mails to a bulk list. Phishing campaigns can use spam tactics to distribute messages while spam can link the user to a compromised website to install malware and steal personal data. Spam campaigns, during these last 41 years have taken advantage of many popular global social and sports events such as UEFA Europa League Final, US Open, among others. Even so, nothing compared with the spam activity seen this year with the COVID-19 pandemic.8 2 __Findings 85%_of all e-mails exchanged in April 2019 were spam, a 15-month high1 14_million
    [Show full text]
  • 2020 Trends & 2021 Outlook
    2020 trends w/ & 2021 outlook THREAT REPORT Q4 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents 3 FOREWORD 4 FEATURED STORY 7 NEWS FROM THE LAB 9 APT GROUP ACTIVITY 15 STATISTICS & TRENDS 16 Top 10 malware detections 17 Downloaders 19 Banking malware 21 Ransomware 23 Cryptominers 25 Spyware & backdoors 27 Exploits 29 Mac threats 31 Android threats 33 Web threats 35 Email threats 38 IoT security 40 ESET RESEARCH CONTRIBUTIONS ESET THREAT REPORT Q4 2020 | 2 Foreword Welcome to the Q4 2020 issue of the ESET Threat Report! 2020 was many things (“typical” not being one of them), and it sure feels good to be writing The growth of ransomware might have been an important factor in the decline of banking about it in the past tense. malware; a decline that only intensified over the last quarter of the year. Ransomware and other malicious activities are simply more profitable than banking malware, the operators of As if really trying to prove a point, the pandemic picked up new steam in the last quarter, which already have to grapple with the heightening security in the banking sector. There was, bringing the largest waves of infections and further lockdowns around the world. Amid the — however, one exception to this trend: Android banking malware registered the highest detection chaos, the long-anticipated vaccine rollouts brought a collective sigh of relief or, at least, levels of 2020 in Q4, fueled by the source code leak of the trojan Cerberus. a glimmer of hope somewhere in the not-too-far-distant future. With the pandemic creating fertile ground for all kinds of malicious activities, it is all but In cyberspace, events also took a dramatic turn towards the end of the year, as news of the obvious that email scammers would not want to be left out.
    [Show full text]
  • CYBER RISK MANAGEMENT Be Cyber Ready
    CYBER RISK MANAGEMENT Be Cyber Ready QUICK FACTS – TOKIO MARINE HCC – CYBER & PROFESSIONAL LINES GROUP • $250M GWP for cyber and professional lines • Underwriting cyber for 10+ years • $150M GWP Cyber • Insure and reinsurance entities across the US • Experienced Claims Dept handling over 2,000 cyber matters per year • Superior Financial Strength Our Offices NATIONAL ASSOCIATION OF MUTUAL INSURANCE COMPANIES [ 2 ] 2021 NAMIC Farm Mutual Forum - Khoury Page 1 of 9 WE KNOW RISK… • Laser focus on Specialty products and services • Highly specialized underwriting and claims teams with deep technical knowledge • Lean and decentralized business structure • Consistent high‐quality performance • Global capabilities and local expertise • Diversified portfolio NATIONAL ASSOCIATION OF MUTUAL INSURANCE COMPANIES [ 3 ] Why is Cyber important? NATIONAL ASSOCIATION OF MUTUAL INSURANCE COMPANIES [ 4 ] 2021 NAMIC Farm Mutual Forum - Khoury Page 2 of 9 CYBER THREATS TO FARMS New vulnerabilities to crop and livestock Some potential threats: sectors that was once mechanical: • Cyber attacks can inhibit the planting and • Data collection cultivation of crops • Crop sensors and measurement status • Auto steering and guidance • Compromised data could interfere with the • Yield monitor transportation and processing of ag • Variable rate technology • Ransomware could shut down farming • Bio sensing technology for livestock systems and operations for an unknown • Automated feeders period of time • On‐board computer and navigation tracking • Drone surveillance • A phishing attack allows a bad actor to steal • Precision agriculture and publish internal data • Growing dependence on IoT NATIONAL ASSOCIATION OF MUTUAL INSURANCE COMPANIES [ 5 ] ANATOMY OF A RANSOMWARE ATTACK • Emotet > Trickbot > Ryuk Attack • Emotet provides a beach head in the victim’s system to launch the more elaborate attack.
    [Show full text]
  • Banking Trojans: from Stone Age to Space Era
    Europol Public Information Europol Public Information Banking Trojans: From Stone Age to Space Era A Joint Report by Check Point and Europol The Hague, 21/03/2017 Europol Public Information 1 / 16 Europol Public Information Contents 1 Introduction .............................................................................................................. 3 2 The Founding Fathers ................................................................................................ 3 3 The Current Top Tier ................................................................................................. 5 4 The Latest .................................................................................................................. 9 5 Mobile Threat .......................................................................................................... 10 6 Evolutionary Timeline ............................................................................................. 11 7 Impressions/Current Trends ................................................................................... 11 8 Banking Trojans: The Law Enforcement View ......................................................... 12 9 How are Banking Trojans used by Criminals? ......................................................... 13 10 How are the Criminals Structured? ......................................................................... 14 11 Building on Public-Private-Partnerships - The Law Enforcement Response ........... 15 12 How to Protect Yourself .........................................................................................
    [Show full text]
  • Ryuk 04/08/2021
    The Evolution of Ryuk 04/08/2021 TLP: WHITE, ID# 202104081030 Agenda • What is Ryuk? • A New Ryuk Variant Emerges in 2021 • Progression of a Ryuk Infection • Infection Chains • Incident: Late September Attack on a Major US Hospital Network • Incident: Late October Attack on US Hospitals • UNC1878 – WIZARD SPIDER • Danger to the HPH Sector • Mitigations and Best Practices • References Slides Key: Non-Technical: Managerial, strategic and high- level (general audience) Technical: Tactical / IOCs; requiring in-depth knowledge (sysadmins, IRT) 2 What is Ryuk? • A form of ransomware and a common payload for banking Trojans (like TrickBot) • First observed in 2017 • Originally based on Hermes(e) 2.1 malware but mutated since then • Ryuk actors use commercial “off-the-shelf” products to navigate victim networks o Cobalt Strike, Powershell Empire • SonicWall researchers claimed that Ryuk represented a third of all ransomware attacks in 2020 • In March 2020, threat actor group WIZARD SPIDER ceased deploying Ryuk and switched to using Conti ransomware, then resumed using Ryuk in mid-September • As of November 2020, the US Federal Bureau of Investigation (FBI) estimated that victims paid over USD $61 million to recover files encrypted by Ryuk 3 A New Ryuk Variant Emerges in 2021 • Previous versions of Ryuk could not automatically move laterally through a network o Required a dropper and then manual movement • A new version with “worm-like” capabilities was identified in January 2021 o A computer worm can spread copies of itself from device to device
    [Show full text]
  • Pandemic Chaos Unleashes Malware Disaster
    Pandemic Chaos Unleashes Malware Disaster 2020 cyber THREAT LANDSCAPE Report 1 table of CONTENts Executive Summary 3 Foreword 3 Top Takeaways 4 The Top Malware Trends of 2020 5 Top 5: Malware Families 6 Top 5: Ransomware Families 7 Top 5: Banking Trojan Families 8 Malware Trends by OS: Documents 9 Malware Trends by OS: Mac 11 Malware Trends by OS: Android 12 Malware Trends by Campaign: Emotet 13 Malware Trends by Campaign: Ransomware 15 Malware Trends by Campaign: Financial Trojans 18 Malware Trends by Campaign: PowerShell 20 Year’s Most Interesting Discoveries 21 Cyber Insights: Effect of COVID-19 on Cybersecurity 23 Cyber Insights: SolarWinds Attack 24 Cyber Insights: Risks Present at US Elections 25 Cyber Insights: Adversarial Machine Learning 26 Cyber Insights: A Look Back at Our 2020 Predictions 27 Cyber Insights: 2021 Predictions 28 Cyber Insights: The Cost of an Attack in 2020 30 About Deep Instinct 31 2 Executive Summary Virtual reality always appears to mirror the reality that’s in many phishing campaigns. The dropper documents on the ground, and unfortunately, the turbulent year of accompanying these phishing campaigns were used to 2020 was no exception. From 2019 to 2020 there was a distribute secondary malware samples, such as worms, distinct rise in the amount of malware in the wild, which spyware and ransomware. Their objective was often the is all the more visible when analyzing the progression theft of Personally Identifiable Information (PII), and from month to month. This rise was seen across their efforts proved to be successful, potentially even all different malware types; from ransomware and beyond the expectations of hackers themselves.
    [Show full text]
  • Example of Trojan Horse
    Example Of Trojan Horse Hassan fled his motherliness jumps saliently or next after Gerhardt premises and clabber heroically, unicolor and catenate. Maury usually mangling flirtingly or clamour unmeaningly when genteel Kurtis brutify lest and languishingly. Lex influencing kitty-cornered if xerophilous Lucio hocus or centrifuging. And according to experts, it remains so. As with protecting against most common cybersecurity threats, effective cybersecurity software should be your front line of protection. But what if you need to form an allegiance with this person? Another type of the virus, Mydoom. Wonder Friends to read. When first developed, Gozi used rootkit components to hide its processes. What appearsto have been correctly uninstalled or malware that i get the date, or following paper describes the horse of! Please enter your password! Adware is often known for being an aggressive advertising software that puts unwanted advertising on your computer screen. In as far as events are concerned; the central Intelligence Agency has been conducting searches for people who engage in activities such as drug trafficking and other criminal activities. If someone tries to use your computer, they have to know your password. No matter whether a company favors innovation or not, today innovation is key not only to high productivity and growth, but to the mere survival in the highly competitive environment. The fields may be disguised as added security questions that could give the criminal needed information to gain access to the account later on. It is surprising how far hackers have come to attack people, eh? Run script if the backdoor is found, it will disconnect you from the server, and write to the console the name of the backdoor that you can use later.
    [Show full text]
  • 2021 Threat Report
    Contents Foreword 2 Threat Intelligence Overview 3 Malware 4 Infected Consumer and Business PCs 4 A Tale of Two Systems 5 Infection Rates by Region 5 Infection Rates by Industry 7 Where Malware Hides 8 Ransomware 9 Rising Ransom Costs 9 Ransomware-as-a-Service Business Model 10 Multi-stage Malware Attacks 10 Thwarting Ransomware 11 High-Risk URLs 12 URL Classification 12 Geographical Distribution 14 Browser-Based Cryptojacking 15 Executable-Based Cryptojacking 17 Phishing Attacks 19 Phishing and COVID-19 19 Phishing URLs with HTTPS 20 The Most Impersonated Companies 21 Malicious IP Addresses 23 Performing Multiple Bad Behaviors 23 Frequency of Convictions 23 Geographic Breakdown 24 Harmful Mobile Apps 25 Security Awareness Training 27 Predictions for the Year to Come 28 Conclusion 29 Foreword By David Dufour | VP, Software Engineering “Zoom parties.” as they transitioned to a mostly online lifestyle. New social engineering Before 2020 happened, if you’d told me that Zoom parties would tactics, phishing campaigns, record- become one of the most exciting events on my social calendar, breaking ransomware payouts, and other I’d never have believed it. Yet here we are, with much of the developments emerged at astonishing rates. world having been in varying states of social restriction or lockdown for over a year. Although remote work wasn’t a new phenomenon Between February and March, our data when the COVID-19 pandemic began, little could have prepared us for the explosion in online activity that showed a 2000% spike in malicious files followed. It wasn’t just that more people started with ‘zoom’ in their filenames.
    [Show full text]
  • Trickbot Malware
    TRICKBOT MALWARE OVERVIEW TrickBot, initially developed as banking malware is now constantly evolving and aggregates powerful techniques to attack variety of organizations. Trickbot is often used with other malware in multistage attacks. www.sequretek.com TrickBot Malware OVERVIEW ▪ Banking Trojan TrickBot was developed in 2016, believed to be inspired by Dyre bot. It is distributed via malspam campaign containing malicious links and macro- enabled Word and Excel documents. If the attachment is opened, it will prompt the user to enable macros, which executes a VBScript to run a PowerShell script to download the malware. ▪ Some of the TrickBot campaign spreads malware via SMB protocol across the network. ▪ TrickBot’s main goal is to steal banking credentials and exfiltrate it to its command and control (C2) server. It can steal saved online account password in browsers, infected host’s login credentials, OpenSSH keys, Active Directory Services databases, cookies and web history. ▪ TrickBot’s modular nature provide flexibility to customization features and can drop additional malware like coin miner, Remote access tools, VNC or any ransomware on the infected system. TECHNICAL DETAILS ▪ TrickBot modules are delivered as Dynamic Link Libraries (DLLs), TrickBot loader loads TrickBot modules. ▪ Mainly TrickBot has two core modules Injectdll and systeminfo. ▪ Injectdll module is used to target banking and financial data, It monitors for banking website activity and uses web injects to steal financial information. Systeminfo is used to fingerprint
    [Show full text]
  • Ransomware a MULTI-HEADED MONSTER to BEAT
    Ransomware A MULTI-HEADED MONSTER TO BEAT ERIK HESKES MAY 2021 RANSOMWARE Ransomware Introduction Ransomware is a buzzword and a real threat. A sophisticated attack or a script kiddie may lead to this result: a complete lockdown of a company with the associated damage. This damage can be enormous. Not only because the systems are down and no work can be done, but also because restoring the system, either by paying the ransom or by hiring specialists is very expensive indeed. And then there's reputational damage. When asked how it got to this point, hardly anyone has a good answer.... With the resources available, the attacker has every chance of committing a successful attack. This white paper covers the history of this type of attacks, the reasons for the attacker to carry out such an attack, the various ways of ransomware attacks and, very important, it describes the key protection measures that need to be in place to reduce chances of becoming a victim of these attack. Understanding the variety in ransomware attacks from the recent past is necessary to be able to determine the best strategy to protect the company’s data systems. Although, as you will see, dealing with ransomware is like dealing with a multi-headed monster. What is Ransomware? Ransomware can be defined as a type of malware that can infect a system by the encryption of files, folders, or an entire system. The compromised system shows the victim that a ransom needs to be paid, often by means of transferring a set amount of cryptocurrency or a large sum of money to an account or crypto wallet controlled by the attacker.
    [Show full text]
  • Cylance 2019 Threat Report Represents the Company’S Piece of the Overall Cybersecurity Puzzle
    2019 Threat Report Contents Executive Summary 3 Cryptominers . 20. A Look Back at Cylance's Successful File-Based Cryptominers . 20 Predictions from Last Year's Report . 4 Browser-Based Cryptominers . 21 . Methodology . 4 Mitigation . 21 What Is Predictive Advantage (PA)? . 4 . Cybersecurity Insights 22 New To This Year's Report: Execution, Virus Cleaning Conundrum . 23 . Identity, and DoS (E:I:D) Ratings . 5. The Year of Emotet . 23 Key Findings . .5 . Spotlight: Emotet and IcedID . .25 . Top Malware 6 Predictive Advantage vs . Emotet . 25. Top 10 Windows Threats 7 Attacks on Office365 - A View from Cylance’s MyWebSearch . 7 Incident Response and Containment Team . 26 . InstallCore . 8 . Microsoft Office 365 (O365) Overview . 26 . PolyRansom . .8 . Office 365 Attack Summary . 26. Neshta . 9 Direct Deposit and Payment Modifications . 26 Upatre . .10 . Wire Transfer Man-in-the-Middle . .26 . Ramnit . 10 Intellectual Property Theft . 27 Emotet . 11 Finance and eCommerce in the Crosshairs . 28 GandCrab . 11 Notable Malware Families . .28 . QUKART . 12 Emotet and IcedID . .28 . Ludbaruma . 13 Trickbot . 28 . Cobalt Group . 28 Top 5 OS X Threats 13 HIDDEN COBRA and FASTCash . 28 Cimpli . 13 . Direct Targeting of Transaction/ CoinMiner . 13 . Payment Infrastructure . .29 . Flashback . 14 . The Dark Web . .29 . Keyranger . 14 . Notable Credential-Based Hacks of 2018 — MacKontrol . 14. Why Authentication Matters . 31 APT Trends in 2018 15 Universities . 31 . Tools and Malware Based on Open Source Code . 16 . Reddit . 31 . Bespoke Malware . .16 . Marriott . 31. C2 Communications . .17 . Lord & Taylor . 31 Novel and Complex Techniques Used How Can the Security Industry Respond? . 31 . To Fly Under the Radar . 17 .
    [Show full text]
  • Best Practices for MITRE ATT&CK® Mapping
    TLP:WHITE Best Practices for MITRE ATT&CK® Mapping Publication: June 2021 DISCLAIMER: This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see http://www.cisa.gov/tlp/. TLP:WHITE TLP:WHITE INTRODUCTION For the Cybersecurity and Infrastructure Security Agency (CISA), understanding adversary behavior is often the first step in protecting networks and data. The success network defenders have in detecting and mitigating cyberattacks depends on this understanding. The MITRE ATT&CK® framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides details on 100+ threat actor groups, including the techniques and software they are known to use.1 ATT&CK can be used to identify defensive gaps, assess security tool capabilities, organize detections, hunt for threats, engage in red team activities, or validate mitigation controls. CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. CISA created this guide with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned federally funded research and development center (FFRDC), which worked with the MITRE ATT&CK team. ATT&CK Levels ATT&CK describes behaviors across the adversary lifecycle, commonly known as tactics, techniques, and procedures (TTPs). In ATT&CK, these behaviors correspond to four increasingly granular levels: 1.
    [Show full text]