- Principia Raid
THE DEFRAG - January 2022
CISA CSA on Russian Ukraine conflict
As the ongoing tension caused by Russia's preparations for possible military action against Ukraine spills into Cyberspace, the actions of the historically prolific state-sponsored actor has given rise to a number of Cybersecurity warning and events. CISA, along with its partners the FBI and NSA, has issued a joint Cybersecurity Advisory to network defenders. The CSA contains significant technical details on Russia's APT capabilities, as well as incident response recommendations. If you haven't read it yet, it is eye opening.
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure | CISA
GCHQ Advisory to Ukraine-based UK organizations
The UK's GCHQ issued a similar advisory to UK organizations operating in Ukraine. The advisory comes after NCSC indicated it was investigating reports of malicious Cyber activity in the region similar that observed prior to the NotPetya Attacks in 2017.
Press Release on current Ukraine situation - NCSC.GOV.UK
Ukraine suffers Cyberattack
Speaking of Wiper Malware, the Ukrainian Government suffered a Cyberattack which compromised 22 Organizations as Microsoft observes the targeting of Ukrainian organizations using Whispergate Malware which a number of security researchers indicated that the Ukrainian Cyber Police and Ukrainian Security Service suspected the attackers had leveraged multiple attack methods, one which included use of the Log4j Exploit.
Destructive malware targeting Ukrainian organizations - Microsoft Security Blog
Russia Arrests REvil ransomware gang
And in a coincidentally timed sweep, the Russian FSB took into custody the 14 alleged members of the REvil ransomware group on the same day as the ransomware flavored Cyberattacks targeting the Ukrainian Government.
REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums (darkreading.com)
IDENTITY & SOCIAL MEDIA
IRS to require photo-based ID verification
The IRS confirmed that it would begin using a photographic-based identity verification system to facilitate online access. Get those selfie sticks ready! The service will be provided by ID.me which has already been leveraged by some jurisdictions to provide vaccine verification.
IRS unveils new online identity verification process for accessing self-help tools | Internal Revenue Service
Microsoft alerts to Azure multi-stage phishing scheme
Microsoft reported on a phishing scheme targeting users in AsiaPAC who do not have multifactor enabled (Shame!) and leverages a fake Office 365 login. Once the Phishers have the login credentials, they use the trusted emails to facilitate further phishing attempts within the company and avoid safeguards that would be triggered by outside emails.
Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)
Leading brands used in phishing campaigns
Checkpoint Software issued its Q4 list of most used brands in Phishing attempts. Spoiler Alert! Watch out for those unexpected DHL deliveries or Microsoft customer service emails.
DHL Replaces Microsoft as Most Imitated Brand in Phishing Attempts in Q4 2021 - Check Point Software
Intezer security researchers discovered a multiplatform backdoor, which they dubbed “SysJoker”. SysJoker was undetected by malware scanners and successfully targets macOs, Windows, and Linux.
New SysJoker Backdoor Targets Windows, Linux, and macOS - Intezer
Apple iOS 15.3
Apple released IOS 15.3, a critical update which fixed 10 security bugs, including and patching a 0-Day under active exploit.
About the security content of macOS Monterey 12.2 - Apple Support
Cisco CLI command injection
Cisco released a software update for a critical fix that addressed an RCM and StarOS Bug that grants Root Access.
Multiple Cisco Products CLI Command Injection Vulnerability
January Patch Tuesday, Part 2
January Windows patch addressed 96 Security issues, 6 of them O-days under active exploit. The original version of the January Patch release had a few hiccups and an Out of Bound patch was subsequently released to address several VPN and DC-related issues that the patch has caused.
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days | Threatpost
Cybersecurity Maturity Model Certification Updates
For our customers in the Defense Industrial Base, the continued evolution of the mandated CMMC compliance standard is a critically important subject, and for those not directly impacted still represents the target level for an effective Cybersecurity Maturity program.
CMMC Accreditation Board - January Town Hall Meeting
The CMMC-AB hosted the January Town Hall Meeting on Tuesday, January 25th. The session included a Welcome and Update from CEO Matthew Travis followed by A "Chairman's Message" from Jeff Dalton. This was then followed by a CMMC Assessment Process (CAP) Overview. Next, was a Training and Certification update from Vice President for Training and Certification concluded by a CMMC 2.0 Q/A segment.
Click here for January Town Hall Video and Slides
What is the 'CAP'? CMMC Accreditation Process
The CAP (CMMC Assessment Process) provides the overarching procedures and guidance for C3PAOs (certified 3rd-party assessment organizations) and OSCs (organizations seeking certification) on how CMMC Assessments should be conducted. Subject to DoD approval, the CAP is now being finalized and is currently under review.
CMMC 2.0 or NIST 800-171 - either one, you are on the hook!
If you missed our earlier discussion of CMMC version 2.0, watch principia/RAID co-Founder Jeff Roberts speaking on a panel hosted by our operational compliance toolset partners Hyperproof discussing the latest CMMC developments and the current NIST 800-171 requirements.