blog.digitalhands.com Open in urlscan Pro
2606:2c40::c73c:6702  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * How it Works
 * CyGuard Maestro™
 * Solutions
   * SecureShield - Cybersecurity-as-a-Service
   * Managed Detection & Response
   * SIEM-as-a-Service
   * SOC-as-a-Service
   * Proactive Threat Blocking
   * Breach & Attack Security Posture Assessment
   * Managed Firewall
   * Collaboration & Email Security
   * Vulnerability Management
   * Digital Risk & Dark Web
   * Compliance
   * Risk Recon Assessments
 * Resources
   * Blog
 * Company
   * About
   * Customer Stories
   * Careers
 * Contact Us


TOP CYBER ATTACKS OF SEPTEMBER 2022



Our 24x7x365 security operations team closely monitors all cyber news and
related cyber attacks through our own insider sources to ensure our customers
Get There First™- every time. Here are our SOC's top cyber attack picks from
September 2022:


SECOND LARGEST SCHOOL DISTRICT IN THE U.S. SUFFERS RANSOMWARE ATTACK



 

The Los Angeles Unified School District (LAUSD) has confirmed it had been a
victim of a ransomware attack. The attack appears to have interfered with the
LAUSD’s 75,000 employees access to many systems including email. The LAUSD is
working with the FBI and the Department of Homeland Security's Cybersecurity and
Infrastructure Security Agency, along with local law enforcement agencies to
provide incident response support. The LAUSD has said that it will not
capitulate to the hacker’s demands for ransom, and in response the hackers are
threatening to release confidential information on students and employees. 

Industry: Education 

Key takeaway: Ransomware attacks have become a serious threat to local
governments. To mitigate your risk, you should backup data, system images, and
configurations. Make sure that this data is offline and not connected to your
business networks, as many ransomwares will try and delete and encrypt this back
up data. 


SUFFOLK COUNTY SERVICES CRIPPLED BY CYBERATTACK 



 

The Suffolk County Government suffered a devastating cyberattack early in
September. The ransomware team ALPHV or “Black Cat” claims to be responsible for
the attack. The attack appears to have originated from a phishing email but has
now spread through the entire system. The attack has left residents unable to
pay tickets, purchase real estate, or even call the Suffolk County Police
Department. Because of the attack, almost all operations are being done on pen
and paper causing slow progress and disorganization. The county executive's
office says they are coordinating with the state Division of Homeland Security
and Emergency Services Cyber Incident Response Team and other law enforcement to
fix the breach.  

Industry: Municipality 

Key takeaway: Because local governments have outdated systems, small IT budgets,
and pressing responsibilities they are becoming prime targets for ransomware
attacks.  It is imperative for local governments to see what is happening in
Suffolk and make changes to strengthen their cybersecurity before it is too
late. This can do through employee awareness training at minimum and an email
security solution with machine learning to prevent phishing emails from ever
hitting the inbox in the first place.


FORMER CONTI CYBERCRIME GANG MEMBERS NOW TARGETING UKRAINE  



According to Google, former Conti ransomware gang members are targeting
Ukrainian organizations and European NGO’s. The ex-gang members, now part of a
threat group called UAC-0098, are known for using IcedID banking trojan to
provide access to compromised systems within enterprise networks. The group has
been observed targeting Ukrainian businesses and impersonating representatives
of Starlink and the National Cyber Police of Ukraine. UAC-0098 also frequently
changes its tactics, techniques, and procedures making it hard to implement
security. They also are most likely aligned with Russian government-backed
attackers making them especially dangerous. The news is not all bad, because of
Conti’s open support of Russia an anonymous actor leaked over a year’s worth of
the group's internal chats. 

Industry: Non-governmental organizations 

Key takeaway: The best way to mitigate phishing attacks is awareness and
education. Never open attachments or links from unsolicited emails. Another way
to prevent phishing is through email security, for example, Digital Hand's Cloud
collaboration and email security solution has a 99.2% catch rate. Combining
these two practices assures that you and your business will remain secure. 


LORENZ RANSOMWARE BREACHES CORPORATE NETWORK VIA PHONE SYSTEMS  



The Lorenz ransomware gang is exploiting a vulnerability in Mitel Mivoice VOIP
appliances. The gang uses the vulnerability in Mitel phone systems for initial
access to the company's corporate networks to obtain a reverse shell. The gang
members then downloaded an open-source TCP tunneling tool (Chisel) to pivot into
the environment. After waiting a month, Lorenz used CrackMapExec to dump
credentials on the system, giving them two privileged administrator accounts.
With these accounts, they were easily able to move laterally through the
environment to a domain controller. Finally, the gang was able to exfil
the targeted data and encrypt the chosen files.

CVE ID: CVE-2022-29499 

CVSS score: 9.8/10 💥

Industry: Telecommunications

Key takeaway: Always be vigilant for critical vulnerability announcements of
your business systems. As soon as you are notified so are all the hackers. If
the simple software update was downloaded the breach would have been prevented
and the vulnerability would have been mitigated.


NORTH KOREAN HACKERS ARE USING TROJANIZED VERSIONS OF THE PUTTY SSH CLIENT TO
DEPLOY BACKDOORS ON TARGETS  

While running proactive threat hunting Mandiant Managed Defense found a new
spear phishing methodology employed by North Korean hackers. The method uses a
trojanized version of PuTTY SSH to deploy backdoors through fake Amazon job
assessments and Crypto.com job offers. This is thought to be a continuation of
Operation Dream Job, a North Korean hacking campaign focused on hacking people
through emails offering them their dream job. These attacks have been primarily
in the defense industry but as of now seem to be targeting people in the media
industry. 

Industry: Media 

Key takeaway: The future of war is cyber warfare. A modern-day company must not
only protect itself from malicious people looking to exploit cyber
vulnerabilities but also malicious governments looking to cripple infrastructure
and economies. Many companies do not realize how at risk they are from highly
sophisticated entities looking to create trouble.

 



About Digital Hands

As a new kind of MSSP, Digital Hands is how organizations are getting ahead of
the bad guys in a world where compliance alone is no guarantee of protection.
Too many companies invest in cybersecurity solutions, follow the
recommendations, achieve compliance … and then still get breached. You’ve got to
get to your exposures before the bad guys do.

To help you do just that, we've outlined the most common types of threat actors,
how they impact you, and controls you can implement to ensure you get ahead of
every threat in our latest guide!

Guide: Cybersecurity Threat Actors

We’re more than just a Managed Security Service Provider. We’re an extension of
your security team and strive to provide you with unparalleled service,
protection, and support. Get ahead of every threat. Get There First™.

 * Main Office: 813-229-8324
 * Digital Hands HQ
   4211 W Boy Scout Blvd, Suite 700
   Tampa, FL 33607

 * 



What We Do

 * How it Works
 * SOC-as-a-Service
 * SIEM-as-a-Service
 * Endpoint Detection Response
 * CyGuard® Risk Recon Assessments

Get To Know Us

 * About
 * Customer Stories
 * Careers

© 2024 Digital Hands. All rights reserved.  Privacy Policy  Terms of Use