This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).
Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly to prepare and position themselves for possible future of cyber warfare, using Energy and Utilities as important elements.
Typically over the course of several months the attackers patiently use already installed tools on systems, living off the land, to grab documentation and observe operator behaviors. Performing lateral movement to expand access, while take care to not set of common alarm bells.
United States DHS computer emergency readiness team released an alert known as TA18-074A in March 2018 regarding this.
Top 5 Security links
- Actively Exploited High Impact DoS Vulnerability Found In Cisco ASA And FTD
- Armis Discovers “BLEEDINGBIT,” Two Critical Chip-Level Vulnerabilities That Expose Millions of Enterprise Access Points to Undetectable Attack
- Windows Defender Antivirus can now run in a sandbox
- Demonbot targets cloud servers as base of DDoS attacks
- Kernel RCE caused by buffer overflow in Apple’s ICMP packet-handling code (CVE-2018-4407)