ISA is recommending US companies and Canadian companies that have operations in the US to reassess their cybersecurity controls following warnings from the bulletin distributed by the Department of Homeland Security (DHS). Homeland security issues and threats information was provided by the National Terrorism Advisory System (NTAS). CISA Alert AA20-006A
These threat actors are known to use the following tools, including and limited to, Mimikatz, EternalBlue, NBTScan, Empire, DroidJack, Nanocore, njRAT, Netwire, QuasarRAT, Remcos, SHAMOON. These threat actors are also known to use the techniques such as spearphishing with malicious URLs, .hta or .vbe attachments, bruteforcing credentials, dropping commodity malware, base64 encoded payloads, DNS tunneling for C2, customized LNK shortcuts, WinRAR and 7-Zip for compression and access to OWA. For a full list of tools, techniques and procedures, please refer to the reference section of this advisory.
HOW ISA CAN HELP
ISA’s digital forensics and incident response team with over 2 decades of experience, will analyze multiple data sources to determine the initial attack vector. We establish a timeline of activity and identify extent of compromise and risk to the business. This includes:
- Log analysis
- Host analysis
- Forensics analysis
- Memory analysis
- Network traffic analysis
- Malicious code analysis
Once indicators of terrorism related cyberattack are determined, our investigators collect the evidence and work with our clients to report the incident to law enforcement.
- Report suspicious activity to local law enforcement for Canada incidents, contact the RCMP. For US incidents, FBI, who are best to offer specific details on terroristic indicators.
- Be prepared for cyber disruptions, suspicious emails, and network delays.
- Be ready to preserve evidence
- Implement basic cyber hygiene practices such as effecting data backups and employing multi-factor authentication.
RISKS AND IMPACT AT A GLANCE
Financial reporting delays
Loss of life
Loss of product
Loss of equipment
Loss of productivity
Loss of data
Financial, Regulatory and Litigative losses
Loss of reputation
Loss of productivity
Loss of revenue
Target Industries by ADVANCED PERSISTENT THREATS
Industry or Sector
Aviation, Defense, Energy, Petrochemical
Chemical, Energy, Financial, Government and Telecommunications
Energy, Government and Technology
Airlines, Airports, Engineering, Government, High-Tech, IT, Shipping and Logistics, Telecommunications and Transportation
SAMPLE INDICATORS OF COMPROMISE