Russian-aligned cyber groups are seeking to target Western infrastructure, including Russian cyber spy group APT28 backdoors Cisco routers via SNMP

The UK's National Cyber Security Centre (NCSC) has warned that Russian-aligned cyber groups are seeking to target critical infrastructure in the West. The NCSC said that these groups are motivated more by ideology than by money, and that they pose a potential risk to crucial infrastructure systems in Western countries, especially those that are "poorly protected."

The NCSC said that the groups often focus on denial-of-service attacks, defacing websites and spreading misinformation. However, some of the groups have stated a desire to achieve a more disruptive and destructive impact against Western critical national infrastructure, including in the UK.

Without outside assistance, it is unlikely that the groups "have the capability to deliberately cause a destructive, rather than disruptive, impact in the short term." However, the NCSC warns that the groups may become more effective over time, and that organizations "act now to manage the risk against successful future attacks."

The NCSC has issued a number of recommendations to organizations to help them protect themselves from these threats. These include:

• Keeping software up to date

• Using strong passwords and multi-factor authentication

• Implementing a robust incident response plan

• Raising awareness of cyber security threats among employees

The NCSC also encourages organizations to report any suspicious activity to the NCSC or their local law enforcement agency.

The NCSC's warning comes as the UK and its allies continue to impose sanctions on Russia in response to its invasion of Ukraine. The NCSC said that the sanctions are likely to further motivate Russian-aligned cyber groups to target Western infrastructure.

The NCSC's warning is a reminder that cyber security is a top priority for organizations of all sizes. By taking steps to protect themselves from cyber threats, organizations can help to mitigate the risk of disruption and damage.

In addition to the NCSC's warning, it has also been reported that Russian cyber spy group APT28 has been backdooring Cisco routers via SNMP. APT28, also known as Fancy Bear or Sednit, is a Russian state-sponsored hacking group that has been linked to a number of high-profile cyberattacks, including the 2016 Democratic National Committee email hack.

The backdoor in Cisco routers is believed to have been used by APT28 to gain access to networks and steal sensitive data. The backdoor was discovered by researchers at Cisco Talos, who have released a report on the vulnerability.

The vulnerability is a remote code execution (RCE) vulnerability that affects Cisco IOS 15.2 and earlier versions. The vulnerability can be exploited by an attacker who can send a specially crafted packet to a vulnerable router.

Cisco has released a patch for the vulnerability. Organizations that are using Cisco IOS 15.2 or earlier versions should apply the patch as soon as possible.

The discovery of the backdoor in Cisco routers is a reminder that cyber threats are constantly evolving. Organizations need to be aware of the latest threats and take steps to protect themselves.

This vulnerability is one of several SNMP flaws that Cisco patched on June 29, 2017. Its exploitation requires an attacker to be able to access the vulnerable SNMP OID. For this, they first need to know the SNMP read-only credential, but these are not always hard to find.

Here are some tips for protecting your Cisco routers from this vulnerability:

• Keep your software up to date. Cisco has released a patch for this vulnerability. Organizations that are using Cisco IOS 15.2 or earlier versions should apply the patch as soon as possible.

• Use strong passwords and multi-factor authentication. Make sure that your SNMP credentials are strong and that you are using multi-factor authentication.

• Implement a robust incident response plan. Have a plan in place in case your network is compromised. This plan should include steps for containing the breach, notifying affected parties, and recovering from the attack.

• Raise awareness of cyber security threats among employees. Make sure that your employees are aware of the latest cyber threats and how to protect themselves.

In conclusion, the discovery of the backdoor in Cisco routers is a reminder that cyber threats are constantly evolving. Organizations need to be aware of the latest threats and take steps to protect themselves. By taking steps to protect yourself from cyber threats, you can help to mitigate the risk of disruption and damage.

Databricks is a unified analytics platform that helps businesses accelerate time to insights with data engineering, data science, and machine learning. Databricks is at the front and center of machine learning, and its capabilities are vast.

Some of the key capabilities of Databricks include:

• Data engineering: Databricks makes it easy to ingest, clean, and prepare data for analysis. Databricks also provides a variety of tools for data transformation and data modeling.

• Data science: Databricks provides a complete environment for data scientists to build, train, and deploy machine learning models. Databricks also provides a variety of tools for data visualization and model evaluation.

• Machine learning: Databricks provides a variety of machine learning algorithms and frameworks. Databricks also provides a variety of tools for model deployment and monitoring.

In addition to its core capabilities, Databricks also offers a number of additional features, such as:

• Collaboration: Databricks makes it easy for teams to collaborate on data projects. Databricks provides a variety of tools for sharing data, code, and notebooks.

• Security: Databricks is built on a secure foundation. Databricks provides a variety of features for data security, such as role-based access control, data encryption, and audit logging.

• Governance: Databricks provides a variety of features for data governance, such as data lineage tracking, data quality checks, and data policy enforcement.

Databricks is a powerful platform that can help businesses accelerate time to insights with data engineering, data science, and machine learning. If you are looking for a platform to help you with your data projects, Databricks is a great option.

Here are some additional thoughts on the potential dangers of AI, as raised by Ian Hogarth:

• AI could become so intelligent that it surpasses human intelligence. This could lead to a situation where AI is able to make decisions that are better than humans, but which humans do not understand. This could have a profound impact on society, as humans would no longer be in control of their own destiny.

• AI could become so powerful that it could pose a threat to humanity. This could happen if AI is used for malicious purposes, such as developing autonomous weapons or creating surveillance systems that are too powerful to be controlled by humans.

• AI could become so ubiquitous that it could become difficult to distinguish between humans and machines. This could lead to a situation where humans are no longer unique or special.

It is important to be aware of the potential dangers of AI, and to take steps to mitigate these risks. One way to do this is to ensure that AI is developed and used in a responsible manner. This means ensuring that AI is aligned with human values, and that it is used for good rather than for evil.

It is also important to remember that AI is a tool, and like any tool, it can be used for good or for evil. It is up to us to decide how AI is used, and to ensure that it is used for the benefit of humanity.

The United States is facing an increasing threat from China in cyberspace. China is becoming more aggressive in its use of cyber attacks and developing new and more sophisticated capabilities. The U.S. government and private sector need to take steps to improve their cyber security in order to protect against these threats.

One of the biggest challenges facing the U.S. is the growing use of artificial intelligence (AI) by China. AI is being used by China to develop new cyber weapons and to automate its cyber attacks. This is making it more difficult for the U.S. to defend against these attacks.

The U.S. government and the private sector need to work together to develop new AI-based cyber defenses. They also need to invest in research and development to stay ahead of China in developing AI-based cyber weapons.

In addition, the U.S. needs to work with its allies to share information about cyber threats and to coordinate responses to these threats. This will help to protect the U.S. and its allies from Chinese cyber-attacks.

The U.S. is facing a serious threat from China in cyberspace. However, the U.S. can take steps to protect itself from these threats by improving its cyber security, developing new AI-based cyber defenses, and working with its allies.

Here are some additional details about the threat from China:

• China is believed to be responsible for a number of high-profile cyber-attacks, including the 2017 WannaCry ransomware attack and the 2020 SolarWinds hack.

• China is also believed to be developing a number of new cyber weapons, including AI-based weapons that can automate attacks and make them more difficult to defend against.

• The U.S. government and private sector have been working to improve their cyber security, but China's growing capabilities pose a serious challenge.

• The U.S. and its allies need to continue to work together to share information about cyber threats and to coordinate responses to these threats.

• China is believed to be responsible for a number of high-profile cyber-attacks, including the 2017 WannaCry ransomware attack and the 2020 SolarWinds hack.

The WannaCry ransomware attack was a global cyberattack that affected over 200,000 computers in over 150 countries. The attack was carried out using a worm that exploited a vulnerability in the Windows operating system. The worm was able to spread from computer to computer, encrypting files and demanding a ransom payment in Bitcoin.

The SolarWinds hack was a sophisticated cyberattack that targeted the U.S. government and private sector. The attack was carried out by using a malicious update to the SolarWinds Orion software. The update was installed on computers at over 100 organizations, including the U.S. Department of State, the Department of Homeland Security, and the National Security Agency. The attackers were able to use the access they gained to these organizations to steal sensitive data.

• China is also believed to be developing a number of new cyber weapons, including AI-based weapons that can automate attacks and make them more difficult to defend against.

AI-based cyber weapons are weapons that use artificial intelligence to automate attacks. These weapons can be used to launch large-scale attacks that would be difficult for humans to carry out. They can also be used to target specific individuals or organizations.

• The U.S. government and private sector have been working to improve their cyber security, but China's growing capabilities pose a serious challenge.

The U.S. government and private sector have been working to improve their cyber security in recent years. They have invested in new technologies and training to defend against cyber-attacks. However, China's growing capabilities pose a serious challenge. China is investing heavily in cyber security and is developing new technologies that could be used to launch attacks on the U.S.

• The U.S. and its allies need to continue to work together to share information about cyber threats and to coordinate responses to these threats.

The U.S. and its allies need to continue to work together to share information about cyber threats and to coordinate responses to these threats. This will help to protect the U.S. and its allies from Chinese cyber-attacks.

In conclusion,

the U.S. faces a severe threat from China in cyberspace. China is developing new cyber weapons and is using artificial intelligence to automate attacks. The U.S. government and the private sector must work together to improve their cyber security and develop new AI-based cyber defenses. The U.S. also needs to work with its allies to share information about cyber threats and to coordinate responses to these threats.

The U.S. and China are engaged in a cyber arms race, and the U.S. needs to take steps to stay ahead of China. The U.S. must invest in research and development and work with its allies to share information and coordinate responses. The U.S. also needs to educate its citizens about cyber security and how to protect themselves from attacks.

The cyber threat from China is real and severe, but the U.S. can take steps to protect itself. By working together, the U.S. and its allies can deter China from carrying out attacks and protect themselves from those occurring.

The U.S. Securities and Exchange Commission (SEC) is proposing new cybersecurity regulations that would require public companies to report cybersecurity incidents within four business days and to have a board-approved cybersecurity policy in place. The regulations are designed to protect investors from the risks of cybercrime and to hold public companies accountable for their cybersecurity practices.

Company CISOs (chief information security officers) and boards are bracing for the new regulations, which they believe will be costly and burdensome to implement. However, they also recognize that the regulations are necessary to protect companies and their investors from the ever-growing threat of cybercrime.

In this blog post, we will discuss the SEC's proposed cybersecurity regulations and what they mean for company CISOs and boards. We will also provide tips for companies on how to prepare for the regulations.

The SEC's Proposed Cybersecurity Regulations

The SEC's proposed cybersecurity regulations would require public companies to do the following:

• Report cybersecurity incidents within four business days. Companies would be required to report any cybersecurity incidents that have a material impact on the company or its investors.

• Have a board-approved cybersecurity policy in place. The policy should address the company's cybersecurity risks and how it will manage those risks.

• Conduct regular cybersecurity assessments. The assessments should identify and fix vulnerabilities in the company's systems and networks.

• Have a plan in place to respond to a cyberattack. The plan should include steps to contain the damage, notify regulators and customers, and restore operations.

The SEC's proposed regulations are based on the Cybersecurity Framework, a voluntary framework developed by the National Institute of Standards and Technology (NIST). The Cybersecurity Framework provides a set of best practices for organizations to follow to improve their cybersecurity posture.

The SEC's proposed regulations are likely to face opposition from some companies, who argue that they are too burdensome and costly. However, the SEC is likely to move forward with the regulations, given the increasing risk of cybercrime.

What the Regulations Mean for Company CISOs and Boards

The SEC's proposed cybersecurity regulations will have a significant impact on company CISOs and boards. CISOs will need to ensure that their companies are in compliance with the regulations, which will require them to implement and maintain a robust cybersecurity program. Boards will need to oversee the company's cybersecurity program and ensure that it is effective.

The regulations will also have a financial impact on companies. Companies will need to invest in cybersecurity controls and staff to comply with the regulations. The costs of compliance will vary depending on the size and complexity of the company.

Tips for Companies on How to Prepare for the Regulations

Companies can take the following steps to prepare for the SEC's proposed cybersecurity regulations:

• Assess your cybersecurity risks. The first step is to assess your company's cybersecurity risks. This will help you to determine which areas need the most attention.

• Implement appropriate security controls. Once you know your risks, you can implement appropriate security controls to mitigate them. This could include things like firewalls, intrusion detection systems, and data encryption.

• Train your employees. Your employees are your first line of defense against cyberattacks. Make sure they are trained on cybersecurity best practices, such as how to identify and avoid phishing scams.

• Stay up-to-date on cybersecurity news and trends. The cybersecurity landscape is constantly changing. Make sure you stay up-to-date on the latest news and trends so you can protect your company from new threats.

• Conduct regular cybersecurity audits. Regular cybersecurity audits can help you to identify and fix vulnerabilities before they are exploited by attackers.

• Implement a cybersecurity awareness program. A cybersecurity awareness program can help your employees to understand the risks of cybercrime and how to protect themselves and the company.

By taking these steps, you can help your company to comply with the SEC's proposed cybersecurity regulations and protect itself from the ever-growing threat of cybercrime.

After being alerted by several security researchers of an ongoing supply chain attack in its 3CX DesktopApp, 3CX is currently working on a software update. According to the company's CEO, Nick Galea, the malware affects the Windows Electron client for customers running update 7. As an immediate response, the company has advised users to uninstall and reinstall the app, and in the meantime, use its PWA (progressive web application) client instead.

3CX is a Voice Over Internet Protocol (VoIP) IPBX software development company with over 600,000 customers and 12 million users in 190 countries. Its 3CX DesktopApp allows users to make calls, chat, video conference, and check voicemail using their desktop. Some of its customers include BMW, Honda, Ikea, Pepsi, and Toyota.

The ongoing attack was detected by security researchers at Sophos, Crowdstrike, and SentinelOne, who observed malicious activity originating from a trojanized version of the 3CX DesktopApp. Sophos reported that the software is a digitally signed version of the softphone desktop client for Windows and is packaged with a malicious payload. The application has been abused by the threat actor to add an installer that communicates with various command-and-control servers.

According to SentinelOne, the threat actor registered a massive attack infrastructure in February 2022 and is tracking the attack under the name SmoothOperator. Researchers noted that it is a chain attack that takes advantage of the DLL side-loading technique to load a malicious DLL that's designed to retrieve an icon file payload. The trojanized 3CX DesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from GitHub and ultimately leads to a third-stage infostealer DLL still being analyzed as of the time of writing.

Crowdstrike also found that the malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and hands-on-keyboard activity in a small number of cases. Sophos noted that the DLL side-loading is designed in such a way that users will not realize any difference while using the application. The information stealer can gather system information and sensitive data stored in Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox browsers.

In conclusion, the ongoing supply chain attack on the 3CX DesktopApp has prompted urgent action from the company, with a software update in progress and a recommendation for users to switch to its PWA client in the meantime. Security researchers have detected malicious activity originating from the trojanized version of the app, which has been abused by the threat actor to communicate with command-and-control servers and steal sensitive data. As always, it is important to stay vigilant and take immediate action in response to any security alerts or warnings.