12% ICS security incidents by nation-state actors, Ransomware gangs return, target healthcare, and more

Originally published at: https://cloudsek.com/threatintel/12-ics-security-incidents-by-nation-state-actors-ransomware-gangs-return-target-healthcare-and-more/

Round Up of Major Breaches and Scams

Over 12% of ICS Security Incidents Attributed to Nation-State Hackers: Survey

The Control System Cyber Security Association International (CS)2AI and KPMG on Monday announced their first annual cybersecurity report focusing on industrial control systems (ICS) and operational technology (OT). (CS)2AI, a non-profit organization, has more than 16,000 members worldwide and the report is based on information provided by 600 of them. Respondents represent all continents and a wide range of industries and organization sizes. More than 80% of respondents are decision makers when it comes to OT security expenditure.

Russian hacker jailed over botnet data scraping scheme that drained victim bank accounts

A Russian cybercriminal has been jailed for eight years for participating in a botnet scheme that caused at least $100 million in financial damage. According to the US Department of Justice (DoJ), Aleksandr Brovko was an active member of “several elite, online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services.”

Round Up of Major Malware and Ransomware Incidents

Hospital ransomware: Gangs are back to target healthcare

With some countries and states heading back in to lockdown due to rising rates of COVID-19 infections, it seems horrible timing that hospital ransomware is back in the news. Healthcare is not in a good place right now. With some countries and states deciding to go back in to lockdown due to the continued rise of reported COVID-19 infections—and several garnering record-high numbers compared to when almost every country initially went into lockdown—it seems horrible timing that hospital ransomware is back in the news.

Protecting the NHS: NCSC fended off lots of meddling aimed at UK health orgs while ransomware ramped up

The National Cyber Security Centre fended off more than 700 cyber attacks directed against the British state over the last year, of which about a quarter were COVID-19 related. Of the 723 incidents, the GCHQ offshoot handled between 1 September 2019 and 31 August this year, 194 were related to the coronavirus pandemic – with a significant number targeting the NHS and wider public sector healthcare organisations, as well as academia and government.

Ransomware Alert as Emotet Detections Surge 1200%

Detected attacks using the Emotet Trojan soared by over 1200% from Q2 to the third quarter of this year, supporting a surge in ransomware campaigns, according to the latest data from HP Inc. Powered by its acquisition of Bromium, the firm’s HP Sure Click unit captures malware at the endpoint and runs it inside secure containers. These installations picked out a “large and sustained increase in malicious spam campaigns” spreading Emotet, especially in August. Emotet is often used as a loader, providing access to third-party threat groups to deploy secondary TrickBot and QakBot infections as well as human-operated ransomware.

Round Up of Major Vulnerabilities and Patches

Tripwire Patch Priority Index for October 2020

Tripwire‘s October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle. First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vulnerability is within the Console component of Oracle WebLogic Server, and it can be exploited without authentication and requires no user interaction. Proof-of-concept code is available and does not require significant expertise in order to exploit a vulnerable server. Supported versions of Oracle WebLogic Server that are affected include,,, and

FireEye releases ThreatPursuit, a Windows VM for threat intel analysts

FireEye, one of today’s top cybersecurity companies, has released a new pre-configured virtual machine (VM) that was specifically set up to help threat intelligence analysts hunt down adversaries. Named the ThreatPursuit VM, this is a Windows 10 installation that comes with more than 50 software programs that are commonly used by threat intel analysts. The idea behind ThreatPursuit is to provide companies with a ready-made OS that can be deployed to new workstations before, during, or after a security incident.

Malicious npm library removed from the repository due to backdoor capabilities

The npm security team has removed a malicious JavaScript library named “twilio-npm” from its repository because contained malicious code. The npm security team has removed a malicious JavaScript library named “twilio-npm” from its repository because contained a code for establishing backdoors on the computers of the programmers. Npm is the largest package repository for any programming language. Google fixes the second zero-day in Chrome in 2 weeks actively exploited.

1 Like