A recent news report has shed light on the Russian-made CosmicEnergy malware, which has become a subject of interest for cybersecurity experts worldwide. While it is not entirely clear whether this malware was developed for red teaming or for actual attacks against critical infrastructure and operational technology (OT) systems, the potential risks associated with this software are quite significant.
The malware, which was uncovered by researchers from cybersecurity firms Group-IB and PT ESC, has been designed to target Windows systems. It uses a unique approach for malware delivery, which involves bypassing various security measures put in place by IT departments. The malware can infect OT systems, such as those used in power grids and water treatment plants, and disrupt their functionality.
According to the researchers, CosmicEnergy shares many similarities with another Russian-made malware called Responder, which was discovered earlier this year. Responder was primarily used for reconnaissance purposes and was deployed against industrial control systems (ICS). Researchers believe that CosmicEnergy may also have been developed for similar purposes, but with additional capabilities.
Another significant update in the cybersecurity world is related to the Volt Typhoon, which is reportedly a Chinese cyber-espionage group that has been active since at least 2015. Recently, it has been revealed that they have been conducting extensive battlespace preparation in Guam and elsewhere, which suggests that their cyber-espionage activities have expanded beyond China’s immediate vicinity. The group is known for conducting attacks against high-value targets, including military and government organizations.
Meanwhile, in the criminal underworld, the Legion malware has been upgraded for the cloud, enabling threat actors to carry out attacks against organizations that rely heavily on cloud-based infrastructure. This development is of particular concern since cloud infrastructure is becoming increasingly prevalent, and enterprises are more reliant on the cloud than ever before.
Johannes Ullrich from SANS has described the importance of logging and the time gaps that occur while monitoring systems. While logs are essential for detecting security incidents and suspicious activity, the time gaps in monitoring can allow malicious actors to carry out their activities unnoticed. Businesses need to ensure that their systems have adequate logging capabilities and that these logs are being monitored regularly.
In an exclusive interview, Kevin Kirkwood from LogRhythm spoke about the rise of extortion attempts and ransomware. Cybercriminals are increasingly using these tactics to extort money from businesses, and the problem has become so significant that many businesses are now considering paying the ransom to avoid the financial losses associated with downtime and data loss.
With the Atlantic hurricane season officially opening next week, cybersecurity professionals are warning businesses to batten down their digital hatches. Recent years have seen an increase in cyber-attacks targeting critical infrastructure during severe weather events. With more people working remotely due to the pandemic, organizations need to ensure that their employees are equipped to work securely from home and that their infrastructure is protected from potential threats.
In conclusion, the cybersecurity landscape is constantly evolving, and organizations need to remain vigilant to stay ahead of potential threats. CosmicEnergy, Volt Typhoon, and Legion malware are just a few examples of the latest threats that businesses need to be aware of. Furthermore, businesses must ensure that their logging capabilities are adequate, prepare for the possibility of ransomware attacks, and take measures to secure their infrastructure during natural disasters.