McCrary Institute for Cyber & Critical Infrastructure Security’s Post

“Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack.    "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a report shared with The Hacker News.    Andariel is a threat actor that's assessed to be a sub-cluster within the infamous Lazarus Group. It's also tracked as APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly. It's been active since at least 2009.”    A North Korean hacking group, part of the country's military intelligence, is known for using ransomware like SHATTEREDGLASS and Maui, and developing custom backdoor tools like Dtrack, TigerRAT, and Black RAT. They also use lesser-known tools, such as a data wiper called Jokra and an advanced implant named Prioxer, which helps them communicate with their control servers. In July 2024, a member was charged by the U.S. for healthcare attacks, using stolen funds to further target defense, technology, and government sectors globally.    Discover more about the news article and share your insights with us! https://lnkd.in/e24s2_E7     #cybertronium #cybertroniummalaysia #cyberthreat #malware 

🗞️ In CyberScoop: "Chinese-linked cyberespionage campaigns are increasingly deploying ransomware as the final stage in operations to either make money, distract their adversaries or make it more difficult to attribute their work, researchers with SentinelLabs and Recorded Future said Wednesday." "Historically, cyberespionage groups working on behalf of states have mostly eschewed the use of ransomware, but that appears to now be changing as state-backed hackers are increasingly using the epidemic of ransomware to hide their operations." To learn more, read the full article by AJ Vicens: https://s1.ai/CS-Chamel

From Techopedia, key highlights related to the Seattle Port and Airport Ransomware attack- The Rhysida ransomware used in the attack is more advanced than traditional ransomware, employing techniques like Living off the Land (LoL) and persistence. The attack on a major transportation hub like the Seattle Port and Airport highlights the growing risk of ransomware targeting critical infrastructure. The Port of Seattle made the decision not to pay the ransom, which is a significant move that could discourage other ransomware groups from targeting critical infrastructure. While the extent of data exfiltration is still under investigation, the potential for sensitive information to be leaked poses a significant risk. Full Article- https://lnkd.in/eCKEpxiX

Mega Glasses/Contacts/Optics Giant Hoya gets ransomwared for $10 Million dollars! #Cyber #cyberawareness #cisoseries Check out the following for Daily Briefing on current cyber threats and exposure surfaces!SimplyCyber barricade cyber solutions #ransomware #trending #informationsecurity #informationsecurityawareness

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection https://lnkd.in/e7Cp5Kxd <- defence evasion has more ATT&CK Techniques in it than any of the other 13 Tactics. If you think your protections and detections are 100% effective, in time you’ll be proved wrong

Great article by Denzil Wessels and Glenn Ignazio on the topic of data security. Timely, as it's even more critical than ever to address who, when and how are internal and external users accessing your data. Dymium, Inc.

Given the recent attack on 911 services in the U.S., Emergency Managers and pseudo-preppers in general should pay attention to geopolitical-conflict linked cyber disasters as a clear and present danger. Sure, we can dismiss some attempts at unsophisticated, but it is just practice until the big guns show up, especially as AI power is increasingly being brought to bear. Nothing is off limits to some players: not power, not even water. Everything can be weaponized. 1: Hackers interfere with water tower, causing it to overflow. https://lnkd.in/giFcikzB 2. Hacking and ransomware against hospitals. https://lnkd.in/gHerqxzS

🔒💻 Elated to dive into the latest cybersecurity cornucopia! 🚀🛡️ 🔍💰 The eternal conundrum: can the attack slowdown trend continue? 💭 Security sleuths remain flummoxed, leaving us all on the edge of our seats! 🎭 🛠️💣 In July, ransomware renegades showered critical industrial players with cyber-chaos! 🚨 It seems these cyber-pirates are sailing with more swagger, confident that the long arm of the law won't spoil their plundering ⚓. But are they right, or is their overconfidence their Achilles' heel? 🤔 💡✨ As our digital battleground evolves, we witness a clash of titans: tech defenders vs. cyber marauders! 🗡️⚔️ Will this ever-changing landscape empower the attackers or embolden the guardians of the virtual realm? 🛡️💪 🔮📈 Predicting the cyber future is like gazing into a crystal ball! 🔮✨ Strap in as we ride the waves of uncertainty, armed with knowledge and wit! 💬💡 🌐🛠️ Let's discuss these digital musings! What do you foresee on the horizon of cybersecurity? Join the conversation with #ainews and #automatorsolutions. Let's unlock the mysteries of the cyber realm together! 🌐🔒 #AINews #AutomatorSolutions #Cybersecurity #TechTrends #DigitalDefense #Ransomware #IndustryInsights #CyberSecurityAINews ----- Original Publish Date: 2024-08-22 05:34

Given what we know about threats to critical infrastructure and supply chain, I give the Congressman from NY kudos for his insistence on a thorough cyber investigation. "We cannot rule out foul play or malicious interference until every single component from that ship's electrical switchboards and computer networks is torn down and inspected for malicious code," Williams stated. "It's the 21st century—if this was a cyber attack, we have to get to the bottom of it." #dglawny #cybersecurity #privacylaw #privacylawyer #criticalinfrastructure #supplychain

Ransomware penetrates through attacking companies and their vendors. Cyber experts are doing their best to protect your company. What are you doing for reducing risk posed by your third and fourth party vendors? Are you monitoring their controls continuously? You should. Are you looking for their name on the dark web to see if they're under attack? You should. Ransomware is more expensive and more disabling than traditional hacking and release of NPPI. If you read my previous article - the McKinsey article - most organizations are still not spending sufficiently for the risk that's posed. https://lnkd.in/gBtdBF_R