This Joint Indicator Bulletin from the Department of Homeland Security provides indicators such as IP addresses and domain names associated with ongoing malicious cyber activity, including intellectual property theft. Recipients are advised to examine network logs and deploy protections. Additional information may be provided to US-CERT to help address such threats. The document provides context on the threat actors and techniques, and lists technical indicators for detection.
This Cyber Security Survey carried out by
Entersoft Security is a high level survey of
Hong Kong Fintech businesses as on
2018. The survey was carried out in July
2018 against the top HongKong based
Fintech’s in 2017 and early 2018. It helps
these Fintech organisations understand the
nature and significance of the cyber security
threats that they may face and what they
would need to do improve security.
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...ERPScan
This research includes detailed attack timeline, discovers what kind of vulnerability was exploited and provides the recommendations how to avoid data breaches in SAP systems.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
Heartbleed 2017. 3 years later, still bleedingTom Hofmann
This report is not only about the numbers of servers affected but takes a holistic view on the duality of cybersecurity threats. Why should you bother about Heartbleed, even when the software in your organisation is patched.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
2011 Annual Study - U.S. Cost of a Data Breach - March 2012Symantec
Symantec’s 2011 Annual Study: U.S. Cost of a Data Breach reveals negligent insiders are the top cause of data breaches while malicious attacks are 25 percent more costly than other types. The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record. The seventh annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
This Cyber Security Survey carried out by
Entersoft Security is a high level survey of
Hong Kong Fintech businesses as on
2018. The survey was carried out in July
2018 against the top HongKong based
Fintech’s in 2017 and early 2018. It helps
these Fintech organisations understand the
nature and significance of the cyber security
threats that they may face and what they
would need to do improve security.
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...ERPScan
This research includes detailed attack timeline, discovers what kind of vulnerability was exploited and provides the recommendations how to avoid data breaches in SAP systems.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
Heartbleed 2017. 3 years later, still bleedingTom Hofmann
This report is not only about the numbers of servers affected but takes a holistic view on the duality of cybersecurity threats. Why should you bother about Heartbleed, even when the software in your organisation is patched.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
2011 Annual Study - U.S. Cost of a Data Breach - March 2012Symantec
Symantec’s 2011 Annual Study: U.S. Cost of a Data Breach reveals negligent insiders are the top cause of data breaches while malicious attacks are 25 percent more costly than other types. The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record. The seventh annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
Combating Software Piracy Using Code Encryption Techniquetheijes
Computer security is of great concern to users and corporate bodies now ever than before due to activities of criminals and hackers on the Internet. Software piracy and the breach of the copyright laws, intentionally or unintentionally is very common these days. Software piracy is a menace to software developers and computer users all over the world. Software hackers have become nuisance to many organizations, corporate bodies and government alike. Pirating software has caused lost of several billions US Dollars and the problem continued unabated. There have been a lot of security threats in recent past due to the activities of hackers. Several financial organizations and national securities have been threatened and even some have been compromised. In this paper, we proposed the code encryption technique for combating software piracy. Using C++ programming language to develop the code, the technique converts plain code to an encrypted form that cannot be understood by the hacker or intended hacker unless he has the key to encrypt or decode the encrypted data. Our result shows that using this technique, it will be difficult to pirate software after it has been released to intended user(s)..
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
Data breach events result in significant losses each year. Our partners at Bonahoom & Bobilya, LLC, created a presentation about understanding the hidden regulatory risks of a data breach so you can keep your company from going out of business.
This presentation has been shared with permission.
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
Get an overview the threat groups targeting the legal and professional services industries, as well as the top 5 malware and crimewave families detected.
In December 2012, Yahoo! Inc. suffered a high profile data breach at the hands of a lone hacker. Using SQL injection attacks, the hacker gained full access for the server of the affected domain. Alarmingly, the exploited vulnerability likely belonged to a third party application that was neither coded nor hosted by Yahoo!. Yahoo! was responsible for the third party application's security, yet it only had limited control of the code. This presentation will analyze the tools and methodology employed by the attacker to bypass security, explore the dangers of hosting third party code inherited from partners, vendors, or via acquisitions, and provide procedural and technical steps for securing third party code.
In the most recent Hacker Intelligence Initiative report, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
Asian American Premium Brand Consumer - US - June 2013:Industry Trends, Size...michalgilly
Asian American consumers control substantial collective buying power, but cannot be addressed as one group. Because there are multiple languages and multiple generations to address, promoters of luxury goods to Asian audiences would do well to focus on a particular Asian subgroup.
In today’s marketing environment, follow the status quo and, simply, you lose. Long gone are the days of mass marketing and advertising blitzes touting millions of “advertising impressions.”
What you need is a new marketing strategy – one nurturing interactive relationships within targeted niches to build unique products/services and loyal supporters.
This presentation introduces you to tools and techniques organizations like Harley Davidson, Apple Computer, and even homeschoolers, use to build their vibrant business tribes.
It explores word-of-mouth and word-of-mouse strategies proven to create these marketing “movements.” This requires creativity, transparency to the marketplace, and a fully committed community.
It provides concrete, usable tactics to create high success by doing what's unique and interactive.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
Combating Software Piracy Using Code Encryption Techniquetheijes
Computer security is of great concern to users and corporate bodies now ever than before due to activities of criminals and hackers on the Internet. Software piracy and the breach of the copyright laws, intentionally or unintentionally is very common these days. Software piracy is a menace to software developers and computer users all over the world. Software hackers have become nuisance to many organizations, corporate bodies and government alike. Pirating software has caused lost of several billions US Dollars and the problem continued unabated. There have been a lot of security threats in recent past due to the activities of hackers. Several financial organizations and national securities have been threatened and even some have been compromised. In this paper, we proposed the code encryption technique for combating software piracy. Using C++ programming language to develop the code, the technique converts plain code to an encrypted form that cannot be understood by the hacker or intended hacker unless he has the key to encrypt or decode the encrypted data. Our result shows that using this technique, it will be difficult to pirate software after it has been released to intended user(s)..
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
Data breach events result in significant losses each year. Our partners at Bonahoom & Bobilya, LLC, created a presentation about understanding the hidden regulatory risks of a data breach so you can keep your company from going out of business.
This presentation has been shared with permission.
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
Get an overview the threat groups targeting the legal and professional services industries, as well as the top 5 malware and crimewave families detected.
In December 2012, Yahoo! Inc. suffered a high profile data breach at the hands of a lone hacker. Using SQL injection attacks, the hacker gained full access for the server of the affected domain. Alarmingly, the exploited vulnerability likely belonged to a third party application that was neither coded nor hosted by Yahoo!. Yahoo! was responsible for the third party application's security, yet it only had limited control of the code. This presentation will analyze the tools and methodology employed by the attacker to bypass security, explore the dangers of hosting third party code inherited from partners, vendors, or via acquisitions, and provide procedural and technical steps for securing third party code.
In the most recent Hacker Intelligence Initiative report, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
Asian American Premium Brand Consumer - US - June 2013:Industry Trends, Size...michalgilly
Asian American consumers control substantial collective buying power, but cannot be addressed as one group. Because there are multiple languages and multiple generations to address, promoters of luxury goods to Asian audiences would do well to focus on a particular Asian subgroup.
In today’s marketing environment, follow the status quo and, simply, you lose. Long gone are the days of mass marketing and advertising blitzes touting millions of “advertising impressions.”
What you need is a new marketing strategy – one nurturing interactive relationships within targeted niches to build unique products/services and loyal supporters.
This presentation introduces you to tools and techniques organizations like Harley Davidson, Apple Computer, and even homeschoolers, use to build their vibrant business tribes.
It explores word-of-mouth and word-of-mouse strategies proven to create these marketing “movements.” This requires creativity, transparency to the marketplace, and a fully committed community.
It provides concrete, usable tactics to create high success by doing what's unique and interactive.
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
Module 02 Performance Risk-based Analytics
With all the advancements in technology and encryption levels, some methods are faster or slower than others. In most cases a cybersecurity professional must weigh cost, performance, and security. Risk is a powerful tool used by all cybersecurity professionals to assist in making these decisions, and in influencing appropriate stakeholders by providing appropriate information with regard to these three elements.
Risk analysis or risk base analytics helps determine the level of risk to an organization. The first step in this process is to determine the sensitivity of the data being processed. The example below is a common data classification for many organizations; however, depending on how the data will be used, these data fields may vary due to classification levels.
· Public: Data available to the general public and approved for distribution outside the organization.
· Examples: press releases, directory information (not subject to a government regulations or blocks), product catalogs, application and request forms, and other general information that is openly shared. The type of information an organization would choose to post on its website offers a good example of Public data.
· Internal: Data necessary for the operation of the business and generally available to all internal users, users of that particular customer, and potentially interested third-parties if appropriate and when authorized.
· Examples: Some memos, correspondence, and meeting minutes; contact lists that contain information that is not publicly available; and procedural documentation that should remain internal.
· Confidential: Data generally not made available outside the organization and the unauthorized access, use, disclosure, duplication, modification, or destruction of which could adversely impact the organization and/or customers. All confidential information is sensitive in nature and must be restricted to those with a legitimate business need to know.
· Examples:
· Information covered by the Family Educational Rights and Privacy Act (FERPA), which requires protection of records for current and former students. This includes pictures of students kept for official purposes.
· Personally identifiable information entrusted to the organization’s care that is not restricted use data, such as information regarding applicants, donors, potential donors, or competitive marketing research data.
· Information covered by the Gramm-Leach-Bliley Act (GLB), which requires protection of certain financial records.
· Individual employment information, including salary, benefits and performance appraisals for current, former, and prospective employees.
· Legally privileged information.
· Information that is the subject of a confidentiality agreement.
· Restricted: Data that MUST be specifically protected via various access, confidentiality, integrity and/or non-repudiation controls in order to comply with legislative, regulatory, con ...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...VMware Tanzu
SpringOne Platform 2017
Keith Rodwell, Raytheon
"Raytheon, a multinational Defense and Cybersecurity industry leader, is on a Digital Transformation journey including expanding its use of compliant Cloud based Service Providers. Embracing Digital Transformation requires cultural shifts, regulatory considerations and new approaches toward driving Regulatory Compliance. This presentation will cover several IT Security and Export/Import compliance challenges companies will likely face as they prepare for regulatory approval for the use of cloud based capabilities.
Ensuring you start dialogs with your governing partners, with the right tenor and focus, will support the adoption of durable solutions and configurations, regardless of any particular entity’s needs.
This presentation will cover architectural and service owner perspectives on navigating regulatory concerns for Digital Transformation and will include key talking points to ease your discussions with IT Security and Export/Import functions."
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
Please join us as we discuss the need for advanced authentication for Mainframe, as well as any concerns and expectations surrounding its use.
For more information, please visit http://cainc.to/Nv2VOe
The FBI obtained information regarding a group of Chinese Government affiliated cyber actors who routinely steal high value information from US commercial and government networks through cyber espionage. These state-sponsored hackers are exceedingly stealthy and agile by comparison with the People's Liberation Army Unit 61398 ("APT1") whose activity was publicly disclosed and attributed by security researchers in February 2013. This Chinese Government affiliated group previously documented by private sector reports by the names of Operation Deputy Dog, Snowman, Ephemeral Hydra, APT17, the Bit9 and Google security alerts and parts of Hidden Lynx, has heavily targeted the high tech information technology industry including microchip, digital storage and networking equipment manufacturers, as well as defense contractors in multiple countries and multinational corporations. These actors have deployed at least four zero-day exploits in the attacks which compromised legitimate websites to deliver malicious payloads. Any activity related to this group detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...James Bryce Clark
Thoughts as DHS takes STIX and TAXII through the open standards process - from the WorldBank / OASIS Borderless Cybersecurity conference. Author = Richard Struse
This presentation was given by Eric Vaughan to a meeting of the Security Special Interest Group (SIG) of the Software Developers (SD) Forum, in Palo Alto, CA, in July 2008.
1. Title
IT Security Risk Assessment
2. Introduction
You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations.
A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats.
In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive review of the agency’s information security controls and identified numerous issues.
The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations.
This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action.
Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to-date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive level manner that convincingly justifies the need to invest in IT security improvements. This learning demonstration is designed to strengthen these essential knowledge, skills, and abilities needed by IT professionals.
3. Steps to Completion
Your instructor will form the teams. Each member is expected to contribute to the team agreementwhich documents the members’ contact information and sets goals and expectations for the team.
1) Review the Setting and Situation
The primary mission of the Bureau of Research and Intelligence (BRI) is to provide multipl.
The user requirements of a new system for Railway reservation system may include:
1.Easy-to-use Interface: The new system should have a simple and intuitive user interface that allows users to quickly and easily access the web application and service providers to efficiently respond to requests.
2.Comprehensive Coverage: The new system should have an extensive coverage area that ensures drivers in all locations have access to timely and reliable assistance.
3.Integration with Modern Technologies: The new system should be fully integrated with modern communication channels and technologies, such as mobile devices and GPS, to allow for efficient and accurate communication between drivers and service providers.
4.Fast Response Times: The new system should ensure that service providers can quickly and efficiently respond to service requests, minimizing wait times for drivers in need of assistance.
5.Reliable Service: The new system should provide drivers with access to reliable and trustworthy service providers, ensuring that they receive high-quality service and repairs.
6.24/7 Availability: The new system should be available 24/7, ensuring that drivers can request assistance at any time of the day or night.
7.Transparent Pricing: The new system should provide transparent and fair pricing for all services, ensuring that drivers know what to expect and are not subject to unexpected or unreasonable charges.
|
By meeting these user requirements, a new system for On Road Vehicle Breakdown Assistance can provide drivers with a reliable, efficient, and easy-to-use platform for accessing assistance and ensuring their safety on the road.
An assessment of UK cyber resilience across the commercial sector. The report highlights information disclosure, as used by hackers to construct attack intelligence.
Why does DFARS exist?
Current requirements for companies with Controlled Unclassified Information (CUI) or DoD Covered Defense Information (CDI)
What is CMMC?
Data is an important assets for an enterprise. Data must be protected against loss and destruction. In IT field huge data is being exchanged among multiple people at every moment. During sharing of the data, there are huge chances of data vulnerability, leakage or alteration. So, to prevent these problems, a survey on data leakage detection system has been done. This paper talks about the concept, causes and techniques to detect the data leakage. Businesses processes facts and figures to turn raw data into useful information. This information is used by businesses to generate and improve revenue at every mile stone. Thus, along with data availability and accessibility data security is also very important.
A Non-Confidential Slide Deck for CSR-Support and its dba Cyber Support Solutions. We have a proprietary solution to stop Data Breaches and allow personal liberties from the same computer terminal.
8242015 Combating cyber risk in the supply chain Print Art.docxevonnehoggarth79783
8/24/2015 Combating cyber risk in the supply chain Print Article SC Magazine
http://www.scmagazine.com/combatingcyberriskinthesupplychain/printarticle/381050/ 1/2
Daryk Rowland, director of risk
management, Guidance Software,
Inc.
Daryk Rowland, director of risk management, Guidance Software, Inc.
November 11, 2014
Combating cyber risk in the supply chain
Share this article:
facebook
twitter
linkedin
google
Comments
Email
Print
Security threats within the supply chain have been a concern of purchasing,
information security and risk and compliance teams for many years. What's
new is the rapid increase in targeted attacks on a less welldefended area for
most corporations the confidential data now commonly shared with
supply chain vendors and partners.
In research released in 2013, the Information Security Forum (ISF) found
that, “of all the supply chain risks, information risk is the least well
managed,” and that, “forty percent of the datasecurity breaches experienced
by organizations arise from attacks on their suppliers.” The Target breach
began with a simple login to its corporate network—a login seen as normal
by its security systems because the user name and password were valid. The
problem, of course, was that these login credentials were stolen—yet they
were also authorized for access, so they went unchallenged by Target's
authentication system.
Consider the fact that the recent Dragonfly/Energetic Bear hack of U.S. and
European energy companies began with a spearphishing campaign against
senior employees in energy sector companies. Those senior employees took
the bait and enabled the hackers to compromise legitimate software used by
industrial control system (ICS) manufacturers, inserting malware into
software updates sent from the ICS manufacturers to their clients.
Everyone involved with vendor management — from legal and risk/compliance teams to information security and
purchasing specialists — should now develop a common, collaborative security strategy (or program) that includes
layering new protections onto processes and policies to defend against information risk in the supply chain. Adding the
following practices to your existing security controls can help you collaborate productively for a targeted approach to
supply chain cybersecurity.
Map locations of sensitive data: Collaborate across all relevant teams to determine which data—intellectual property,
employee records, financial information, credit card data — is considered sensitive by your organization. Security
teams should audit for all locations of that sensitive data on your network, as well as for the locations of copies of that
data that may be accessible to members of your supply chain.
Evaluate risk by vendor: Assess and rank vendors and partners with access to your network—or any who retain
copies of your data—according to their risk to information security. Two helpful templates for this are the annotated
ICT Supply Chain Risk Manageme.
An Overview of the Major Compliance RequirementsDoubleHorn
In this blog, we will explore some of the US government’s compliance standards that are helpful for many federal, state and local agencies while procuring technology and related services.
1. TLP: GREEN
Joint Indicator Bulletin (JIB) – INC260425-2
February 26, 2013
Notification
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not
provide any warranties of any kind regarding any information contained within. In no event shall the United States
Government or its contractors or subcontractors be liable for any damages, including but not limited to, direct, indirect,
special or consequential damages, arising out of, resulting from, or in any way connected with this report, whether or not
based upon warranty, contract, tort, or otherwise, whether or not arising out of negligence, and whether or not injury was
sustained from, or arose out of the results of, or reliance upon the report.
The DHS does not endorse any commercial product or service, including the subject of the analysis in this report. Any
reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise,
does not constitute or imply their endorsement, recommendation, or favoring by DHS.
The display of the DHS official seal or other DHS visual identities, including any name or logo, on this report shall not be
interpreted to provide the recipient organization authorization to use the official seal, insignia or other visual identities of the
Department of Homeland Security, including NCCIC. The DHS seal, insignia, or other visual identities shall not be used in
any manner to imply endorsement of any commercial product or activity by DHS, NCCIC, or the United States Government.
Use of the DHS seal without proper authorization violates federal law (e.g., 18 U.S.C. §§ 506, 701, 1017), and is against
DHS policies governing usage of its seal.
This document is TLP: GREEN. Recipients may share TLP: GREEN information with peers and partner organizations
within their sector or community, but not via publicly accessible channels. For more information on the Traffic Light
Protocol, see http://www.us-cert.gov/contact/tlp.html.
Introduction
Various cyber actors have engaged in malicious activity against Government and Private Sector
entities. The apparent objective of this activity has been the theft of intellectual property, trade
secrets, and other sensitive business information. To this end, the malicious actors have
employed a variety of techniques in order to infiltrate targeted organizations, establish a
foothold, move laterally through the targets’ networks, and exfiltrate confidential or proprietary
data. The United States Department of Homeland Security (DHS), in collaboration with the
Federal Bureau of Investigation and other partners, has created this Joint Indicator Bulletin,
containing cyber indicators related to this activity. Organizations are advised to examine current
and historical security logs for evidence of malicious activity related to the indicators in this
bulletin and deploy additional protections as appropriate. In addition, DHS would welcome any
additional information your organization may be able to share regarding this or similar activity,
which may be provided to the US Computer Emergency Readiness Team (US-CERT) at soc@us-
cert.gov.
TLP: GREEN
2. TLP: GREEN
Document Overview
This Joint Indicator Bulletin is comprised of sections covering domain names and IP addresses
known to be associated with the ongoing malicious activity. If suspicious network traffic or
malware is identified based on these indicators, affected systems should be investigated for signs
of compromise.
To support developing shared situational awareness of cyber threats, DHS welcomes any
additional information your organization may be able to share regarding this or similar activity.
Such information can be provided to the United States Computer Emergency Readiness Team
(US-CERT) at soc@us-cert.gov.
NOTE: Any network defense actions should only be taken in accordance with established
organizational security policies and network defense plans. Presence of one or more of these
indicators on networks or systems is not necessarily a positive indication of malicious activity,
but may enable an organization to identify malicious activity. A number of the indicators likely
include compromised or shared systems on the Internet and, as such, may be associated with
legitimate traffic. Organizations should take care to clearly establish malicious intent before
taking any action; for example, preemptively blocking the IPs provided in this Bulletin could
have negative consequences while failing to provide appreciable protection.
Indicator Descriptions
As a general matter, malicious cyber actors have multiple tools at their disposal and can
represent a significant threat to targeted victim organizations. Such actors frequently compromise
victim organizations with targeted spear-phishing campaigns, understand how to move laterally
within a network to acquire targeted data, and often maintain undetected persistence on victim
networks for months or even years. The indicators provided in this Bulletin compromised IP
addresses and domains used by such actors.
IP Addresses, Hostnames and Second-Level Domains
Malicious actors routinely compromise hosts on the Internet for the purpose of obscuring their
activity, particularly the exfiltration of computer files from end-point victims. The majority of
these compromised hosts have been configured to prevent identification of the source of the
intrusion activity. The traffic from these hosts is generally legitimate, but, because they have
been compromised, activity to and from these IPs should be reviewed for indications of
malicious traffic.
Malicious actors also make use of numerous Internet hostnames for the purpose of
compromising and controlling victim systems. Actors have been known to register second-level
domains for their exclusive use in these activities. In addition, malicious actors have been known
to use DNS providers that allow the use of specific hostnames that are part of shared second-
level domains.
TLP: GREEN
3. TLP: GREEN
Many of these hostnames and domains may be legitimate hosts or domains that have been
co-opted by malicious actors. Any number of the IP addresses or domains in this Bulletin
may have been remediated prior to publication of this list. In some cases, a single IP
address from this indicator list may represent hundreds or even thousands of legitimate
independent websites, or may represent a small business network. A number of indicators
contained in this Bulletin resolve back to large scale service providers whose services are
being abused. For these reasons, outright blocking of these indicators is not recommended.
Rather, traffic from these IPs or domains should be investigated for signs of compromise.
Contact NCCIC/US-CERT
US-CERT is interested in any additional information that your organization may be able to share
regarding this or similar activity. For any questions or feedback related to this report, please
contact US-CERT at:
(UNCLASS) Phone: +1-703-235-8832
(UNCLASS) Email: soc@us-cert.gov
US-CERT’s PGP key may be downloaded at us-cert.gov/contact
(SIPRNET) Email: us-cert@dhs.sgov.gov
(JWICS) Email: us-cert@dhs.ic.gov
NCCIC/US-CERT continuously strives to improve its products and services. You can help by answering a very
short series of questions about this product at the following URL: https://forms.us-cert.gov/ncsd-feedback/
TLP: GREEN
4. TLP: GREEN
Contact FBI
You may also contact FBI with any questions related to this JIB:
Email: cywatch@ic.fbi.gov
Voice: +1-855-292-3937
Document FAQ
I see that this document is labeled as TLP: GREEN. Can I distribute this to other people?
Recipients may share TLP: GREEN information with peers and partner organizations within
their sector or community, but not via publicly accessible channels. Please contact US-CERT
with specific distribution inquiries.
Can I edit this document to include additional information? This document is not to be edited,
changed or modified in any way by recipients. All comments or questions related to this
document should be directed to the US-CERT Security Operations Center at 1-888-282-0870 or
soc@us-cert.gov.
Technical Data:
Please find the indicators listed below, and included on request in a separate machine readable
format as Attachment A.
******************************
IP Address Awareness List
******************************
100[.]42[.]216[.]230
108[.]166[.]200[.]130
108[.]171[.]211[.]152
108[.]171[.]251[.]102
113[.]196[.]231[.]13
12[.]11[.]239[.]25
12[.]14[.]129[.]91
12[.]15[.]0[.]131
12[.]167[.]251[.]84
12[.]2[.]49[.]115
12[.]232[.]138[.]23
12[.]30[.]41[.]134
12[.]33[.]114[.]160
12[.]33[.]114[.]224
121[.]55[.]220[.]79
122[.]146[.]219[.]130
129[.]44[.]254[.]139
140[.]112[.]19[.]195
140[.]116[.]72[.]95
TLP: GREEN
Joint Indicator Bulletin – JIB-INC260425-2 Page 4 of 10