Threat Intelligence

12 04, 2018

Hackers Disrupt Critical Infrastructure Network Using Cisco Smart Install Flaw

By |2018-04-12T15:29:36-07:00April 12th, 2018|Threat Intelligence, Vulnerability & Threat Management|

During the past week, Cisco’s Smart Install Client tool had been compromised by attackers, causing disruptions of the communication infrastructure of approximately 200,000 Cisco routers worldwide. Cisco’s Smart Install Client is a piece of software which allows customers to deploy new switches remotely with no additional configuration requirements. The vulnerability allows for the misuse of [...]

29 03, 2018

The Cryptomining Malware Family

By |2018-03-29T11:54:39-07:00March 29th, 2018|Threat Intelligence|

Cryptominers have become their own class of malware, growing in popularity as a low-risk, high-reward way for cybercriminals to make an easy crypto-buck. In this post, we’ll look at the members of the cryptomining malware family and their techniques. Browser-Based Cryptomining Software CoinHive, Crypto-Loot and JSEcoin allow website owners to legitimately monetize website traffic. Favoring [...]

28 03, 2018

Cryptominers More Lucrative, Lower Risk Than Ransomware

By |2018-03-29T11:56:41-07:00March 28th, 2018|Threat Intelligence|

If 2017 was the year of high-profile data breaches and ransomware attacks, 2018 seems to be the year of cryptocurrency-related malware. Cryptominers managed to impact 23 percent of organizations globally. Cryptomining is relatively new, and not all of it is purely malicious. Some cryptominers are considered to be legitimate techniques to gain cryptocurrency, akin to [...]

20 02, 2018

Triton Malware Can Remotely Target Critical Infrastructure

By |2018-02-20T13:46:44-07:00February 20th, 2018|Threat Intelligence|

Triton malware (aka TRISIS) has joined the limited list of publicly identified malware targeted at operational technology (OT) networks. Other occupants of this small-but-mighty category include Stuxnet (2010), Shamoon (2012), Shamoon 2 (2016) and Industroyer (2016). In August of 2017, the Triton malware was observed to be targeting Schneider Electric’s Triconex safety instrumented system (SIS) [...]

14 02, 2018

Top Malware in 2018: What to watch for

By |2018-02-14T14:41:58-07:00February 14th, 2018|Threat Intelligence|

The new Vulnerability and Threat Trends Report released by Skybox includes security analyst research of the vulnerabilities, exploits and threats that in play today. The report includes the a list of the top malware in 2018 that businesses and critical infrastructure organizations should watch out for, including ransomware, OT malware and banking Trojans. To read [...]

6 02, 2018

North Korea Uses Adobe Flash Zero-Day to Target South

By |2019-03-08T12:51:50-07:00February 6th, 2018|Threat Intelligence|

On January 31, an Adobe Flash zero-day vulnerability was identified by the South Korea’s KISA (KrCERT/CC). North Korean threat actors were targeting South Korean entities. It was exploited in the wild since as early as November 14, 2017. Today, seven days after the publication of the Flash zero-day, Adobe published APSB18-03 that resolves this issue. Flash Zero-Day [...]