Skip to main content

Arizona Counter Terrorism Information Center

0
  • Home
  • About
    • Definitions
    • Operation
    • Mission and Vision Statements
    • Privacy Policy
  • Terrorism: What To Look For
  • Community Liaison Program
  • Links
  • Report Suspicious Activity
  • Security
  • PSA
Arizona Counter Terrorism Information Center Logo
Arizona Counter Terrorism Information Center
Arizona's Fusion Center
  • Home
  • About
    • Definitions
    • Operation
    • Mission and Vision Statements
    • Privacy Policy
  • Terrorism: What To Look For
  • Community Liaison Program
  • Links
  • Report Suspicious Activity
  • Security
  • PSA
  • Home
  • Cutting Through the Cybersecurity Noise

Important message regarding COVID-19 potential scams.

Submit a Tip

If this is an emergency, or a crime, please dial 911 immediately. 

 

You can play an important role in homeland security by being vigilant and watching for signs of terrorist, criminal or suspicious activity.

Submit a Tip

Cutting Through the Cybersecurity Noise

Subheadline: 
Here's what's important this week: July 17, 2019
Original Release Date: 
Wednesday, July 17, 2019
Details: 

Arizona Incidents

An Arizona small business was recently infected with Sodinokibi ransom ware. At this time, we're unsure of the initial threat vector (in general, email/phishing is the greatest risk). It appears the attacker gained network access and performed reconnaissance, as the business' IT guy tried to negotiate the ransom with the attacker. The attacker responded that the business could pay a larger ransom and named some of the network connected devices. The business did not pay ransom (as we always advise). 

Note that I'm hearing more reports of small businesses around the country getting hit with ransom ware (source is the National Fusion Center Association's Cyber Intel Network).

Please continue to educate your employees to verify email requests (and to not click). I'll share more information and any indicators of compromise that I receive. 

I also want to thank the business for posting the tip to notify the ACTIC about the incident (see instructions below). Sharing information from their incident may help protect other Arizona entities. 

Take Action

As always, please patch promptly. Sodinokibi ransom ware elevates its privileges on a victim machine by exploiting the the vulnerability, CVE-2018-8453 on Windows 7 through 10 and Server editions. A Sodinokibi campaign has targeted managed and cloud service providers. Also, evidence suggests that the bad guys behind GandCrab ransom ware are behind a Revil / Sodin / Sodinokibi ransomware-as-a-service offering (which may be why more small businesses are getting attacked).

References:

  1. https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-exploits-windows-bug-to-elevate-privileges/
  2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453
  3. https://www.secplicity.org/2019/07/08/msps-beware-attackers-targeting-msp-infrastructure-to-install-ransomware/ https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/

Be Aware

Attackers have created a fake Office 365 site that is distributing the TrickBot password stealing Trojan disguised as Chrome and Firefox browser updates. 

Reference: 

  1. https://www.bleepingcomputer.com/news/security/fake-office-365-site-pushes-trickbot-trojan-as-browser-update/

 

Do you know what’s in your cyber insurance policy? Here’s a good, short article with four tips from an attorney. And when you’re negotiating with your insurance carrier, please ensure any non-disclosure clause allows you to share (anonymous) indicators of compromise from your incident!

Reference:

  1. https://www.darkreading.com/risk/a-lawyers-guide-to-cyber-insurance-4-basic-tips/a/d-id/1335205

 

What are some of the things weakening your security posture? The first few in the list referenced below are expected, but the later ones are good reminders.

Reference:

  1. https://www.sentinelone.com/blog/11-bad-habits-destroy-cybersecurity-efforts/

Reminder

The Arizona Counter Terrorism Information Center (ACTIC) and Urban Area Security Initiative issue this product to increase Arizona’s awareness and cyber resilience. It’s up to you to make sure you take the proper steps to secure your networks and devices. Although vendors, products, and/or services may be mentioned, we do not endorse any specific one.

Contact [email protected] with any questions, to provide feedback, or to be added/removed from this distribution. Please note that this email address is not monitored 24x7.

Report potential, suspected, and/or confirmed cyber threats to the ACTIC via: 

  • https://www.azactic.gov/Tips
  • [email protected]
  • (602) 644-5805 or (877) 2 S A V E A Z (272-8329)
Arizona State Seal

footer-text

©2018 Arizona Department of Public Safety (DPS) All rights reserved.

Footer Nav

  • Statewide Policies
  • PRIVACY POLICY
  • Site Map
  • CONTACT
  • Website Supported by CSU