Latest News Articles



--- TLP:WHITE ---

News

− Major Water Supplier Suffers Nine-Month Long Breach

One of Australia’s largest regional water suppliers was allegedly breached for several months before detecting unauthorized access to systems. For security professionals, this marks another worrying sign of weakness in critical infrastructure security, an ongoing issue in Australia. The water supplier, which has not been named, suffered from the breach

https://www.infosecurity-magazine.com/news/major-water-supplier-breach/

− Emotet malware is back and rebuilding its botnet via TrickBot

The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware.

https://www.bleepingcomputer.com/news/security/emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/

− New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks

CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.

https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability

Vulnerabilities

− QAKBOT Loader Returns With New Techniques and Tools

QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using. QAKBOT Loader Returns With New Techniques and Tools

https://www.trendmicro.com/en_us/research/21/k/qakbot-loader-returns-with-new-techniques-and-tools.html

− Exploited Exchange Servers Leading to Ransomware

Multiple threat researchers including CIRCL and CERT-SE have recently highlighted ongoing criminal campaigns involving Microsoft Exchange servers. Attackers have been observed making use of compromised Exchange servers to perform Email Conversation Thread Hijacking1 in order to distribute a number of malware loaders.

https://www.ncsc.gov.ie/pdfs/Exchange-ExploitationNov21.pdf

Community News

NCSC Annual Review 2021

This review of its fifth year looks at some of the key developments and highlights between 1 September 2020 and 31 August 2021. As part of a national security agency not all its work can be disclosed publicly but the review seeks to describe the year with insights and facts from colleagues inside and outside of the organisation.

https://www.ncsc.gov.uk/collection/ncsc-annual-review-2021

--- TLP:WHITE ---