Cybersecurity Research

ICIT Analysis – Carbanak Threatens Critical Infrastructure: Cybercriminal APTs Merit Significant Investigation and Discussion

Carbanak, currently one of the most effective advanced persistent threats (APTs) active, poses a serious threat to critical infrastructure organizations such as banks, government, and data brokers such as Equifax. The Carbanak APT demonstrates how criminal collectives can adapt, divide, and evolve as their tools, techniques, and procedures advance. In this analysis, entitled “Carbanak Threatens .. read more

Dragonfly is Nothing New:  An Objective Assessment of this Energy Sector APT

by James Scott, Sr. Fellow, ICIT Show-of-force intelligence gathering and cyber-kinetic sabotage malware attacks against United States Energy infrastructure are neither novel nor warrant mass-hysteria attempts by fear mongers seeking to exploit the incident for personal gain.  They are deliberate campaigns meant to demonstrate capabilities while offering no real threat to the distributed U.S. energy .. read more

There’s Proof That North Korea Launched the WannaCry Attack? Not So Fast! – A Warning Against Premature, Inconclusive, and Distracting Attribution

By James Scott, Sr. Fellow, ICIT Last week, ICIT urged responsible news outlets to focus on meaningful aspects of the May 12, 2017 WannaCry attack on over 230,000 systems in over 150 countries, such as the desperate need for security-by-design in software and technology, the perpetual failure of organizations across the globe to secure their .. read more

ICIT Analysis: America Exposed – Who’s Watching You Through your Computer’s Camera?

Virtually every computer, smartphone, and internet-enabled mobile device has a camera and microphone that can be used by malicious threat actors to surveil and spy on the user. Using malware such as NanoCore RAT and Nuclear RAT 2.0, Cyber Criminals, Script Kiddies, and Nation State APTs can compromise devices and remotely monitor the activities of .. read more

WannaCry Ransomware & The Perils of Shoddy Attribution: It’s the Russians! No Wait, It’s the North Koreans!

By James Scott, Sr. Fellow, ICIT Baseless Attribution Discussions Distract From Meaningful Dialogue It’s the Russians! No, wait, it’s the North Koreans! No, wait it’s…cyber mercenaries posing as PLA hackers moonlighting as cyber mercenaries for the North Korean nation-state? It’s interesting to watch faux experts take such authoritative positions in sinking sand arguments with virtually .. read more

DYN Attacks Exploit Old and Well Known Vulnerabilities

by James Scott, Sr. Fellow, ICIT and Drew Spaniel, Researcher, ICIT Throughout the morning, DYN has released statements indicating that the issue has been resolved only to have the servers crash within the following hour. Without inside information, two hypotheticals exist to explain the heat map and the disruption. First, it is possible that DYN .. read more

ICIT Bulletin: Cerber and KeRanger

Cerber and KeRanger are two of the latest Ransomware debacles to catastrophically affect the ill prepared. Once again we are confronted with the reality of our Nation’s lack of cybersecurity hygiene and the need for a more security-centric  culture among technology users. This ICIT Bulletin entitled, “Cerber & KeRanger: The Latest Weaponized Encryption” consolidates an explanation .. read more

ICIT Bulletin: Anonsec

This Bulletin is an analysis of the hacktivist group Anonsec, which claimed to have exfiltrated data from NASA servers and drones on January 31, 2016.   On January 31, 2016, Default Virusa, an administrator of the hacktivist group Anonsec, contacted journalist Mikael Thalen, claiming to have exfiltrated between 100-276GB of data from NASA servers and .. read more

On February 5th, 2016, posted in: Cybersecurity Research by Tags: , , , , , , , , ,