DHS Releases Analysis of ELECTRICFISH Malware

Infosecurity Magazine | May 10, 2019

In an attempt to reduce exposure and enable network security, the Department of Homeland Security (DHS) in collaboration with the Federal Bureau of Investigation (FBI) has released a report analyzing a North Korean traffic tunneling tool named ELECTRICFISH. The DHS and FBI have identified a malware variant used by the North Korean government, yet another indication of the continued threat from nation-state actors, particularly the malicious cyber activity of the North Korean government, also known as HIDDEN COBRA. “This alert by US-CERT reveals a simple piece of malware which creates a backdoor to provide the attacker direct access to the affected system. Using a custom protocol, likely to help it evade detection from typical network monitoring tools, ELECTRICFISH can pass data or accept an inbound connection that bypasses all system authentication,” said Nathan Wenzler, senior director of cybersecurity at Moss Adams. According to the analysis, ELECTRICFISH is a command-line tool that accepts arguments for configuring the destination and source IPs and ports, a proxy IP, and a username and password for authenticating with a proxy server.

Spotlight

The SWAT Checklist provides an easy to reference set of best practices that raise awareness and help development teams create more secure applications. It’s a  rst step toward building a base of security knowledge around web application security. Use this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications.

Spotlight

The SWAT Checklist provides an easy to reference set of best practices that raise awareness and help development teams create more secure applications. It’s a  rst step toward building a base of security knowledge around web application security. Use this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications.

Related News

PLATFORM SECURITY

SecurityScorecard Helps CISOs See, Resolve and Communicate Cyber Risks Clearly with Integration of Ratings Platform and Suite of Professional Services

SecurityScorecard | August 10, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced the integration of its Professional Services offering with its ratings platform to provide a single point of orchestration to manage cybersecurity risks. SecurityScorecard’s Professional Services team can help any customer manage cybersecurity risk in concert with the industry’s largest and most comprehensive global, cyber risk data set, setting the industry standard for how cyber risk is quantified, measured and reduced. SecurityScorecard delivers strategic, proactive and acute-scenario services paired with its industry-leading ratings platform that together provide end-to-end cyber risk management from monitoring to remediation. “CISOs are under pressure to protect their organizations, and are now accountable to the Board of Directors, but they lack a single-point of orchestration for cybersecurity workflow and to define success. “Our services and software platform provides CISOs with peace of mind that they have the broad visibility to take action quickly, hold their vendors accountable and communicate those actions promptly.” Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard SecurityScorecard’s Professional Services team utilizes the combined data and dynamic risk intelligence from the SecurityScorecard platform together with customized data derived from dark web mining to give each customer a holistic, full-spectrum view of their risk posture that is continuously assessed and triaged. SecurityScorecard’s suite of Professional Services is supported by a team of 24/7 Digital Forensic Incident Response (DFIR) experts and include: Cyber Risk Intelligence-as-a-Service provides organizations with tailored, actionable intelligence via SecurityScorecard’s threat intelligence team. Third-Party Risk Management (TPRM) Program includes workshops and customized roadmaps to help organizations mature their programs. Tabletop Exercises help test teams’ cyber readiness against a real-world cyber incident by practicing incident response scenarios. Penetration Testing and Red Team Exercises engage covert teams of ethical hackers to identify weaknesses. Digital Forensics & Incident Response (DFIR) support helps to collect, preserve and analyze digital evidence when responding to an incident, whether that be an insider threat situation or a nation state attack. SecurityScorecard’s team of experts regularly testify in court and collaborate with law enforcement. Incident Response support is also available 24/7 and onsite during a crisis, such as a ransomware incident, to help contain attacks, identify the threat actors and safely progress to the eradication phase. SecurityScorecard’s Professional Services team also helps prevent churn across internal security and TPRM teams by giving them the expertise to maintain program integrity and business uptime, particularly for under-resourced teams, regardless of cyber or third-party risk maturity. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

PLATFORM SECURITY

Morganfranklin Launches Cybersecurity Innovation Center

Morganfranklin | June 14, 2022

MorganFranklin Consulting, a management consulting business located in Washington, DC, has opened a new cybersecurity innovation center (CIC). Customers will be able to obtain insight into how security technologies will perform in their environment and how cyberattacks will influence their systems thanks to the bespoke, interactive lab environment. “As ever-increasing and more sophisticated attacks combine with rapid digital transformation, cybersecurity preparation has never been more challenging or more important. The MorganFranklin Cybersecurity Innovation Center is a powerful new way to help our clients answer essential questions that improve their security operations, upskill their teams, and address their most pressing threats.” John Fung, a director in MorganFranklin’s cybersecurity operations practice area Clients can duplicate their live systems and troubleshoot countermeasures to the most recent attack vectors prior to deployment. Customers can also assess how different security products from different vendors perform alone and together in order to optimize program spending. The CIC will enable MorganFranklin to produce continual threat information and optimize its cybersecurity practices. The extended cybersecurity practice of the consultancy offers services in program planning, governance, risk, and compliance; identity and access management; cybersecurity operations; incident response; business and technology resilience; risk intelligence; and managed security. MorganFranklin offers accounting and risk advisory services, strategic transformation and program execution, supply chain and retail management, technological enablement, and cybersecurity consultancy. The company employs over 600 workers across eight locations in the United States.

Read More

PLATFORM SECURITY

Cyber Security Innovator Coro Launches Incubiz, a Unique Incubator Program to Discover and Develop the Next-Generation of Cyber Security Entrepreneurs

Coro | July 28, 2022

Coro, the all-in-one cyber security platform for mid-market organizations, growing businesses, and lean IT teams, today announced the launch of its unique Incubiz program. This program is designed to help entrepreneurs build and grow a successful business in one of the hottest markets today - cyber security - with zero risk, upfront costs, or experience needed. Incubiz will debut in Chicago, Illinois, the location of Coro’s newest U.S. office. Small businesses account for 99.6% of Illinois' private enterprise, making them a vital part of the state's economy. Additionally, Illinois is the 7th largest tech employer in the country, employing over 318 thousand people. According to Zoominfo, Chicago and the surrounding suburbs are home to about 219,000 small to mid sized businesses and more than 4,000 mid-market companies. It is also one of the hottest startup markets in the U.S. With more than six thousand technology companies and 378 startups founded in the city in the past five years, these companies are all vying for cybersecurity help, making Chicago the perfect hub for the next step in Coro’s growth. Driven by a robust talent pipeline, the state of Illinois is on the way to achieving Tier-1 tech hub status. In 2021, it had the fourth largest increase in technology job postings, and only three states added more tech jobs than Illinois over the past decade. But with the state’s employment opportunities shifting away from manufacturing and toward service- and knowledge-based work, many medium-wage jobs have been eliminated and many workers do not have the skills or education to attain higher-wage employment. A recent Illinois Future of Work report found that there is a need to create “stronger on-ramps for high wage jobs” in the state, citing that not having a bachelor’s degree is holding many back from being considered for higher-earning positions. This is further polarizing the job market, given that only 35.5% of Illinois adults have a bachelor’s degree. In support of the state’s drive to make higher-earning jobs available for more workers, to build off Chicago’s tech momentum, and to close the cyber security skills gap our nation is facing, Coro has created an innovative, one-of-a-kind program to provide job opportunities in one of the hottest markets today, without any prior cyber security experience or college education. The Incubiz program is open to entrepreneurs looking to start a cyber security business, buy into a franchise, or start a managed service provider/managed security service provider (MSP/MSSP) that provides outsourced security monitoring and management. Incubiz provides the potential for employees to achieve higher earnings without the prerequisite of many similar job openings. Individuals accepted into Coro’s 18-month Incubiz program will be provided with the training, support, and infrastructure needed to build a valuable skill set and ultimately launch their own cyber security business. Not only are there no costs to participants, they will be paid a competitive salary as a Coro Authorized Security Consultant. Upon completion of the program, participants will be able to operate independently, but with access to continued support and residual income from any customers brought in during the incubation period. “Coro’s mission is to continually innovate and develop the best cyber security tools possible. We’re excited to offer our expertise and resources to help the next generation of cyber entrepreneurs through our new Incubiz program. “The Illinois job market is at a crossroad, and this program is a great opportunity for workers to attain a higher-paying job without needing a predefined skillset or degree. Chicago is the perfect market to launch IncuBiz, and we are eager to add to the city’s flourishing tech scene and offer more equitable employment opportunities within the state.” Jim Tarantino, Chief Revenue Officer at Coro Coro developed its powerful cyber security platform to address the noticeable cyber security gaps in the mid-market and SMB segments, making enterprise-grade security accessible to any business at a fraction of the cost of other solutions. Coro is one of the fastest growing cyber security companies today and has seen significant momentum with 300% year-over-year growth for each of the past three years and into 2022. Earlier this year, Coro announced $80M in funding and a rapid expansion in the Chicago market. About Coro Coro is one of the fastest growing security solutions for the mid-market, providing all-in-one protection that empowers organizations to defend against malware, ransomware, phishing, and bots across devices, users, and cloud applications. More than 5,000 businesses depend on Coro for holistic security protection, unrivaled ease of use, and unmatched affordability. Built on the principle of non-disruptive security, the Coro platform employs innovative AI technology to identify and remediate the many security threats that today's distributed businesses face, without IT teams having to worry, investigate, or fix issues themselves. Investors in Coro include Balderton Capital, JVP, MizMaa Ventures, and Ashton Kutcher’s Sound Ventures.

Read More