current-activity

CISA and ACSC Release Top 2021 Malware Strains

August 4, 2022

Original release date: August 2, 2022 | Last revised: August 4, 2022

CISA and the Australian Cyber Security Centre (ACSC) have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been using most of these top malware strains for more than five years, organizations have opportunities to better prepare, identify, and mitigate attacks from these strains.

CISA and ACSC encourage organizations to apply the recommendations in the Mitigations sections of the joint CSA. These mitigations include prioritizing patching all systems with known exploited vulnerabilities, enforcing multifactor authentication (MFA), securing remote desktop protocol (RDP) and other risky services, making offline backups of your data, and providing end-user awareness and training about social engineering and phishing. The appendix contains detection signatures organizations can employ in defending their networks. For more information on preventing malicious cyber actors from using 2021 top malware strains to exploit vulnerabilities, see:

•   CISA’s Known Exploited Vulnerabilities Catalog
•   CISA’s Cyber Hygiene Services
•   CISA’s Choosing and Protecting Passwords
•   ACSC’s Implementing Multi-Factor Authentication

This product is provided subject to this Notification and this Privacy & Use policy.

Related Posts

CISA Releases One Industrial Control Systems Advisory

current-activity

CISA Releases One Industrial Control Systems Advisory

CISA released one Critical Industrial Control Systems (ICS) advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-193-01 Rockwell Automation Select Communication Modules
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

current-activity

CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments.
In June 2023, a Federal Civilian Executive Branch (FCEB) agency observed unexpected events in Microsoft 365 (M365) audit logs. After reporting the incident to Microsoft, network defenders deemed the activity malicious. The goal of this CSA is to enhance organizational cybersecurity posture and position organizations to detect similar malicious activity via implementing the listed logging recommendations.
Organizations that identify suspicious, anomalous activity should contact Microsoft for proceeding with mitigation actions due to the cloud-based infrastructure affected, as well as report to CISA and the FBI. For mitigations that are classified as preventative measures (e.g., steps to take to reduce the risk of network categorized exposure), CISA and FBI strongly encourage that FCEB agencies and critical infrastructure organizations ensure Audit Logging is enabled. Note: See CISA’s Microsoft Exchange Online Microsoft 365 Minimum Viable Secure Configuration Baselines. These minimum viable secure configuration baselines are part of CISA’s Secure Cloud Business Applications (SCuBA) project.
For additional information and guidance, CISA and the FBI encourage network defenders to take the measures listed in this CSA to reduce the likelihood of similar activity and posture for detection.