New APT Could Signal Reemergence of Notorious Comment Crew

A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew’s proprietary code.

Link: https://threatpost.com/new-apt-could-signal-reemergence-of-notorious-comment-crew/138440/

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

The group is a successor to BlackEnergy and a subset of the TeleBots gang–and its activity is potentially a prelude to a much more destructive attack.

Link: https://threatpost.com/greyenergy-spy-apt-mounts-sophisticated-effort-against-critical-infrastructure/138421/

Podcast: A Utility Ransomware Attack Post-Hurricane

A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data […]

Link: https://threatpost.com/podcast-a-utility-ransomware-attack-post-hurricane/138391/

In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack

The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority.

Link: https://threatpost.com/in-county-crippled-by-hurricane-water-utility-targeted-in-ransomware-attack/138327/

ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident

Deloitte estimates cybercrime costs to reach $6 trillion annually — but companies still lag in preparedness.

Link: https://threatpost.com/threatlist-half-of-execs-feel-unprepared-to-respond-to-a-cyber-incident/138320/

NotPetya Linked to Industroyer Attack on Ukraine Energy Grid

Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT.

Link: https://threatpost.com/notpetya-linked-to-industroyer-attack-on-ukraine-energy-grid/138287/

ICS Security Plagued with Basic, Avoidable Mistakes

A survey of ICS security posture found outdated firewalls, improper segmentation password mistakes and more.

Link: https://threatpost.com/ics-security-plagued-with-basic-avoidable-mistakes/138273/

ThreatList: Credential Theft Spikes by Triple Digits in U.S.

Meanwhile, the LokiPWS (a.k.a. Lokibot) malware family distribution is surging.

Link: https://threatpost.com/threatlist-credential-theft-spikes-by-triple-digits-in-u-s/138221/

Adaptable, All-in-One Android Trojan Shows the Future of Malware

GPlayed may be the new face of malware — flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone.

Link: https://threatpost.com/adaptable-all-in-one-android-trojan-shows-the-future-of-malware/138215/

FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw

This is the second local privilege-escalation zero-day this APT group has exploited.

Link: https://threatpost.com/fruityarmor-apt-exploits-yet-another-windows-graphics-kernel-flaw/138192/