DHS Releases Analysis of ELECTRICFISH Malware

Infosecurity Magazine | May 10, 2019

DHS Releases Analysis of ELECTRICFISH Malware
In an attempt to reduce exposure and enable network security, the Department of Homeland Security (DHS) in collaboration with the Federal Bureau of Investigation (FBI) has released a report analyzing a North Korean traffic tunneling tool named ELECTRICFISH. The DHS and FBI have identified a malware variant used by the North Korean government, yet another indication of the continued threat from nation-state actors, particularly the malicious cyber activity of the North Korean government, also known as HIDDEN COBRA. “This alert by US-CERT reveals a simple piece of malware which creates a backdoor to provide the attacker direct access to the affected system. Using a custom protocol, likely to help it evade detection from typical network monitoring tools, ELECTRICFISH can pass data or accept an inbound connection that bypasses all system authentication,” said Nathan Wenzler, senior director of cybersecurity at Moss Adams. According to the analysis, ELECTRICFISH is a command-line tool that accepts arguments for configuring the destination and source IPs and ports, a proxy IP, and a username and password for authenticating with a proxy server.

Spotlight

"For Boston Properties, the network is more than just a communications tool. It’s the nervous system responsible for all of the firm’s property development and management systems from coast to coast. The Boston Properties network hosts everything from construction specifications and bid documents to outdoor lighting systems and video cameras. All requiring segmented systems and endpoints, elevated monitoring capabilities, and better limits on remote access. With so many important assets on its network, this need drove the firm to strengthen security across the entire enterprise. “Security became a higher priority driven by several incidents within the environment, e.g., well-designed phishing attacks against the management team and the obvious press coverage of major compromises,” says Rich Peirce, Director of Infrastructure Services at Boston Properties. “Our security strategy and planning was already well underway, but these factors elevated the conversation and attention.”

Spotlight

"For Boston Properties, the network is more than just a communications tool. It’s the nervous system responsible for all of the firm’s property development and management systems from coast to coast. The Boston Properties network hosts everything from construction specifications and bid documents to outdoor lighting systems and video cameras. All requiring segmented systems and endpoints, elevated monitoring capabilities, and better limits on remote access. With so many important assets on its network, this need drove the firm to strengthen security across the entire enterprise. “Security became a higher priority driven by several incidents within the environment, e.g., well-designed phishing attacks against the management team and the obvious press coverage of major compromises,” says Rich Peirce, Director of Infrastructure Services at Boston Properties. “Our security strategy and planning was already well underway, but these factors elevated the conversation and attention.”

Related News

DATA SECURITY

With $500,000 in Liability Coverage, Transmosis's Small Business Cybersecurity Service Expands Globally

Transmosis | July 09, 2021

Transmosis, a cybersecurity workforce developer, has today declared $500,000 of extended digital risk inclusion and worldwide development of its endeavor grade online security-as-a-service, transmosis ONE. Intended for the profoundly weak private company area and far-off workplace, transmosis ONE (previously CyberOPS) will presently be accessible to broad accomplice networks in New Zealand, Canada, Australia, and South America through essential wholesalers. Viewed by specialists as the most complete and wholly outsourced small company and cybersecurity solution for work-from-home available today, transmosis ONE gives essential assurance and digital risk inclusion, all included in the monthly membership. Conveyed in minutes, the ground-breaking service removes lengthy approval processes and complicated setup, empowering private companies to get to the world's first-class cybersecurity technology without marking six-figure multi-year contracts. The military-grade cybersecurity platform of Transmosis ONE combines an Artificial Intelligence-powered Extended Detection and Response platform (XDR) with a 24/7 live virtual Security Operations Center (vSOC) utilizing U.S.-based security experts to screen and proactively remove cyber-attacks from susceptible customer endpoints. In addition, its next-generation technology is thoroughly combined with $500,000 of cyber obligation coverage, the only small business cyber security-as-a-service that confirms full compliance and rapid compensations. Transmosis CEO Chase Norlin said they are excited to offer their exclusive service to global networks, filling this severe need with classy cybersecurity naturally reserved for companies with huge budgets to secure their devices and files. About Transmosis Nationally recognized cybersecurity workforce developer, Transmosis, was founded in Silicon Valley, enabling American workers to develop new careers in the rapidly growing information security industry. In addition, Transmosis's proprietary virtual cybersecurity security analyst training model serves as the foundation of transmosis ONE, a Fortune 5000 cybersecurity platform designed to protect small businesses from cyber attacks.

Read More

Small and Medium Businesses Need to Improve Their Cybersecurity Post COVID-19 Lockdown

BullGuard | June 09, 2020

Given the sheer quantity of SMBs, their cybersecurity directly affects local resiliency in the face of cyber threats, SMBs must embrace their importance and scale up their cybersecurity appropriately. Published research showing that one third of small and medium businesses (SMBs) use free, consumer-grade cybersecurity tools . The government and major financial services players alike tout the digitization of SMBs. Increased use of information technology and digital assets offer companies new sources. COVID-19 showed the world that widespread business failure affects communities. When businesses fail, business owners and workers can suffer heightened mental health issues and economic insecurity. Business failure increases the demand on local government for public assistance for unemployment benefits, small business loans, and more. Businesses that survive have fewer customers, and customers have fewer dollars to spend. As a result, more businesses fail. As more businesses fail, more people suffer. Alternatively, business success strengthens communities. Thriving businesses encouraging the creation of community identify and get involved in local events. They contribute to their localities’ long-term economic growth by increasing the tax base, providing local jobs and products, building infrastructure, and encouraging competition. The government and major financial services players alike tout the digitization of SMBs. Increased use of information technology and digital assets offer companies new sources of revenue and growth, which companies desperately need in the midst of the current economic collapse. Even as digitization increases, 66 percent of small-business senior decision makers believe that cyber-attacks will not affect them. However, 67 percent of businesses suffered a cyber-attack in 2019. Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS Finding online resources to boost cybersecurity is easy. Plenty of private companies publish lists of best practices. On its website, the Small Business Administration offers free access to planning tools, business assessments. ~ Business Administration Since the beginning of the COVID-19 pandemic, one in seven SMBs have experienced a cyber-attack. Due to their general absence of awareness regarding best cybersecurity practices and their indifference toward the problem, small businesses have insufficient personnel dedicated to protecting their networks and their digital assets. Their staff lack necessary technical skills, and they do not have the budgets required to acquire or purchase adequate protection. The result is a self-defeating cycle. A small business hit by a cyber-attack can fail, like the California-based Efficient Services Escrow Group, which closed and laid off all employees following a cyber heist. When businesses fail, their employees lose their jobs and no longer have enough money to purchase goods and services from other small businesses. Those businesses lose money as a result, and their owners, stressed about their economic prospects and already apathetic toward the importance of prioritizing cybersecurity, spend less on network and digital asset protection. The lack of proper spending and prioritization leads to worse cybersecurity practices, which in turn open the door to more cyber-attacks and more business failure. As SMBs prioritize their time and spending during the long process of reopening, they need to take advantage of these free tools and take their cybersecurity at least one step further. Cyber resiliency is the ability to anticipate cyber-attacks or stresses on digital and cyber resources, withstand them, and recover from them. As cyber-attacks on SMBs systematically weaken local communities, they lose their ability to withstand and recover. This strains public resources. Taxes comprise the largest source of revenue for local governments, but when businesses fail, their tax dollars dry up. Local governments, already lacking requisite cybersecurity resources, lose their ability to secure themselves and their communities. Failure is not inevitable. SMBs can take steps to increase their cyber resilience and boost their chances of success. Owners should lead by example and pay attention to their employees’ online habits. They can demonstrate good cyber hygiene and teach their employees to do the same. Owners should identify business-critical assets and data to prioritize their protection. They should be proactive, rather than reactive, when planning protection against cyber-attacks. Finding online resources to boost cybersecurity is easy. Plenty of private companies publish lists of best practices. On its website, the Small Business Administration offers free access to planning tools, business assessments, cyber hygiene vulnerability scanning, and best practices. As SMBs prioritize their time and spending during the long process of reopening, they need to take advantage of these free tools and take their cybersecurity at least one step further. Read more: REDSCAN WARNS OF AN INFLUX OF CYBERATTACKS WHEN BUSINESSES RETURN TO THE OFFICE

Read More

New Honeywell Forge Features Help Protect Facilities From Cyber Threats Associated With Remote Operations

Honeywell | June 25, 2020

Honeywell (NYSE: HON) today announced the latest release of its Forge Cybersecurity Suite that includes several enhancements to help ensure business continuity in the face of mounting cyberthreats, uncertain global business conditions and continued supply chain disruption associated with remote operations.The new Honeywell Forge Cybersecurity Suite release (R200) incorporates new features such as enhanced industrial-grade remote access, increased asset discovery capabilities with active and passive functionality and improved cybersecurity risk monitoring.The enhancements come as more industrial organizations are embracing remote operations to effectively manage facilities with reduced numbers of onsite personnel due to current safety restrictions. A new Honeywell report indicates that the severity of cyber threats detected to operational technology (OT) systems has risen by significant amounts in a 12-month period.

Read More