Posted on Wednesday October 03, 2018
This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover.
Posted on Wednesday October 03, 2018
The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.
Posted on Tuesday October 02, 2018
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme, referred to by the U.S. Government as "FASTCash." The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.
Posted on Friday July 20, 2018
Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.
Posted on Tuesday May 29, 2018
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:
Posted on Friday May 25, 2018
Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1]Â [2] [3]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.
Phone: +1-989-776-2080
Toll Free: +1-855-674-2968
Email: info (at) netservicesgroup dot com
DUNS 155892800
SPIN 143027933
100% Michigan
NSG is owned & operated, offering enterprise-level IT service & support, right in your own back yard.