THE DEFRAG - January 2022

January 2022

STATE ACTORS

CISA CSA on Russian Ukraine conflict

As the ongoing tension caused by Russia's preparations for possible military action against Ukraine spills into Cyberspace, the actions of the historically prolific state-sponsored actor has given rise to a number of Cybersecurity warning and events. CISA, along with its partners the FBI and NSA, has issued a joint Cybersecurity Advisory to network defenders. The CSA contains significant technical details on Russia's APT capabilities, as well as incident response recommendations. If you haven't read it yet, it is eye opening.

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure | CISA

GCHQ Advisory to Ukraine-based UK organizations

The UK's GCHQ issued a similar advisory to UK organizations operating in Ukraine. The advisory comes after NCSC indicated it was investigating reports of malicious Cyber activity in the region similar that observed prior to the NotPetya Attacks in 2017.

Press Release on current Ukraine situation - NCSC.GOV.UK

Ukraine suffers Cyberattack

Speaking of Wiper Malware, the Ukrainian Government suffered a Cyberattack which compromised 22 Organizations as Microsoft observes the targeting of Ukrainian organizations using Whispergate Malware which a number of security researchers indicated that the Ukrainian Cyber Police and Ukrainian Security Service suspected the attackers had leveraged multiple attack methods, one which included use of the Log4j Exploit.

Destructive malware targeting Ukrainian organizations - Microsoft Security Blog

Russia Arrests REvil ransomware gang

And in a coincidentally timed sweep, the Russian FSB took into custody the 14 alleged members of the REvil ransomware group on the same day as the ransomware flavored Cyberattacks targeting the Ukrainian Government.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums (darkreading.com)

IDENTITY & SOCIAL MEDIA

IRS to require photo-based ID verification

The IRS confirmed that it would begin using a photographic-based identity verification system to facilitate online access. Get those selfie sticks ready! The service will be provided by ID.me which has already been leveraged by some jurisdictions to provide vaccine verification.

IRS unveils new online identity verification process for accessing self-help tools | Internal Revenue Service

PHISHING

Microsoft alerts to Azure multi-stage phishing scheme

Microsoft reported on a phishing scheme targeting users in AsiaPAC who do not have multifactor enabled (Shame!) and leverages a fake Office 365 login. Once the Phishers have the login credentials, they use the trusted emails to facilitate further phishing attempts within the company and avoid safeguards that would be triggered by outside emails.

Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)

Leading brands used in phishing campaigns

Checkpoint Software issued its Q4 list of most used brands in Phishing attempts. Spoiler Alert! Watch out for those unexpected DHL deliveries or Microsoft customer service emails.

DHL Replaces Microsoft as Most Imitated Brand in Phishing Attempts in Q4 2021 - Check Point Software

VULNS

SysJoker

Intezer security researchers discovered a multiplatform backdoor, which they dubbed “SysJoker”. SysJoker was undetected by malware scanners and successfully targets macOs, Windows, and Linux.

New SysJoker Backdoor Targets Windows, Linux, and macOS - Intezer

Apple iOS 15.3

Apple released IOS 15.3, a critical update which fixed 10 security bugs, including and patching a 0-Day under active exploit.

About the security content of macOS Monterey 12.2 - Apple Support

Cisco CLI command injection

Cisco released a software update for a critical fix that addressed an RCM and StarOS Bug that grants Root Access.

Multiple Cisco Products CLI Command Injection Vulnerability

January Patch Tuesday, Part 2

January Windows patch addressed 96 Security issues, 6 of them O-days under active exploit. The original version of the January Patch release had a few hiccups and an Out of Bound patch was subsequently released to address several VPN and DC-related issues that the patch has caused.

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days | Threatpost

CMMC

Cybersecurity Maturity Model Certification Updates

For our customers in the Defense Industrial Base, the continued evolution of the mandated CMMC compliance standard is a critically important subject, and for those not directly impacted still represents the target level for an effective Cybersecurity Maturity program.

CMMC Accreditation Board - January Town Hall Meeting

The CMMC-AB hosted the January Town Hall Meeting on Tuesday, January 25th. The session included a Welcome and Update from CEO Matthew Travis followed by A "Chairman's Message" from Jeff Dalton. This was then followed by a CMMC Assessment Process (CAP) Overview. Next, was a Training and Certification update from Vice President for Training and Certification concluded by a CMMC 2.0 Q/A segment.

Click here for January Town Hall Video and Slides

What is the 'CAP'? CMMC Accreditation Process

The CAP (CMMC Assessment Process) provides the overarching procedures and guidance for C3PAOs (certified 3rd-party assessment organizations) and OSCs (organizations seeking certification) on how CMMC Assessments should be conducted. Subject to DoD approval, the CAP is now being finalized and is currently under review.

Click for more info

CMMC 2.0 or NIST 800-171 - either one, you are on the hook!

If you missed our earlier discussion of CMMC version 2.0, watch principia/RAID co-Founder Jeff Roberts speaking on a panel hosted by our operational compliance toolset partners Hyperproof discussing the latest CMMC developments and the current NIST 800-171 requirements.