TT-CSIRT has observed an uptick in local instances of the DoppelPaymer ransomware. According to Threatpost, DoppelPaymer is an emerging type of ransomware that not only locks companies out of their own computer systems by encrypting files—the hallmark of typical ransomware—but also can exfiltrate company data and use it as collateral. The threat actors have also …
The Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams during the current “stay-at-home” orders due to the COVID-19 crisis. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. TTCSIRT encourages everyone to review the IC3 Alert …
The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic …
The United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) did a joint alert talking to the exploitation by cyber criminal and Advanced Persistent Threat (APT) groups and a list of Indicators of Compromise (IOCs) for both detection and mitigation. Both …
Social distancing is one of the main ways to contain the spread of COVID-19 and “flatten the curve”. This means that a lot of companies and governments have started to instruct staff to work from home. However telework can create cybersecurity risks. It is with this in mind that TT-CSIRT has compiled a list of …
TT-CSIRT’s international partners have detected attempts to compromise and execute ransomware against key organizations and infrastructure required to assist in the global response to COVID-19. Attack Vectors Ransomware attacks can be initiated through multiple attack vectors. The prominent ones are: – Compromising system user credentials– Malicious emails with infected attachments– Exploiting a system vulnerability or …
As more organizations move towards telecommuting (work from home) in an attempt to curtail the spread of COVID-19, the U.S. Cyber and Infrastructure Security Agency (CISA) has issued guidelines for securing enterprise VPN systems. TT-CSIRT encourages all organizations to review the CISA Alert (AA20-073A) and take the necessary actions.