Link
Search
Menu
Expand
Document
Publications
Cybersecurity Publications
CISA
. May 17, 2022 - Weak Security Controls and Practices Routinely Exploited for Initial Access
. August 18, 2021 - Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches
. July 2021 - CISA Analysis - FY2020 Risk and Vulnerability Assessments
INTRODUCTION
INITIAL ACCESS
COMMAND AND CONTROL (C2)
LATERAL MOVEMENT
PRIVILEGE ESCALATION
COLLECTION
EXFILTRATION
CONCLUSION
REFERENCES
. June, 2021 - Best Practices for MITRE ATT&CK® Mapping
. June 9, 2021 - Rising Ransomware Threat To Operational Technology Assets
. April 2021 - Defending Against Software Supply Chain Attacks
. January 24, 2021 - CAPACITY ENHANCEMENT GUIDE - Securing Web Browsers and Defending Against Malvertising for Federal Agencies
FBI
. 12/15/2022 - Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients
. 11/4/2022 - Hacktivists Use of DDoS Activity Causes Minor Impacts
. 10/20/2022 - Iranian Cyber Group Emennet Pasargad Conducting Hack-and-Leak Operations Using False-Flag Personas
. 9/14/2022 - Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses
. 8/18/2022 - Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts
. 7/18/2022 - Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors
. 5/26/2022 - Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
. 5/16/2022 - Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code
. 4/20/2022 - Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons
. 4/19/2022 - BlackCat/ALPHV Ransomware Indicators of Compromise
. 3/29/2022 - Cyber Actors Target US Election Officials with Invoice-Themed Phishing Campaign to Harvest Credentials
. 3/17/2022 - Indicators of Compromise Associated with AvosLocker Ransomware
. 3/7/2022 - RagnarLocker Ransomware Indicators of Compromise
. 2/16/2022 - Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
. 2/4/2022 - Indicators of Compromise Associated with LockBit 2.0 Ransomware
. 1/31/2022 - Potential for Malicious Cyber Activities to Disrupt the 2022 Beijing Winter Olympics and Paralympics
. 1/26/2022 - Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad
. 1/19/2022 - Indicators of Compromise Associated with Diavol Ransomware
. 1/1/2022 - 2021 Internet Crime Report
IC3 COMPLAINT STATISTICS
THREAT OVERVIEWS FOR 2021
IC3 by the Numbers
2021 CRIME TYPES
Appendix A - Definitions
Appendix B - Additional Information about IC3 Data
. 12/17/2021 - APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central
. 12/2/2021 - Indicators of Compromise Associated with Cuba Ransomware
. 11/16/2021 - An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software
. 11/1/2021 - Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims
. 10/28/2021 - Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware
. 10/25/2021 - Indicators of Compromise Associated with Ranzy Locker Ransomware
. 9/1/2021 - Cyber Criminal Actors Targeting the Food and Agriculture Sector with Ransomware Attacks
. 8/25/2021 - Indicators of Compromise Associated with Hive Ransomware
. 8/23/2021 - Indicators of Compromise Associated with OnePercent Group Ransomware
. 7/19/2021 - Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics
. 5/27/2021 - APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity
. 5/20/2021 - Conti Ransomware Attacks Impact Healthcare and First Responder Networks
. 4/2/2021 - APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks
. 3/23/2021 - Mamba Ransomware Weaponizing DiskCryptor
. 3/17/2021 - Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments, Straining Resources
. 3/16/2021 - Increase in PYSA Ransomware Targeting Education Institutions
. 2/11/2021 - Compromise of U.S. Water Treatment Facility
. 2/04/2021 - RANSOMEWARE, What It Is & What To Do About It
. 1/14/2021 - Cyber Criminals Exploit Network Access and Privilege Escalation
. 1/6/2021 - Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data
. 1/1/2021 - 2020 Internet Crime Report
HOT TOPICS FOR 2020
IC3 by the Numbers
APPENDIX
. 11/25/2020 - Cyber Criminals Exploit Email Rule Vulnerability to Increase the Likelihood of Successful Business Email Compromise
. 11/19/2020 - Indicators of Compromise Associated with Ragnar Locker Ransomware
. 10/29/2020 - Indicators of Compromise Pertaining to Iranian Interference in the 2020 US Presidential Election
. 10/14/2020 - Unattributed Entities Register Domains Spoofing the US Census Bureau’s Websites, Likely for Malicious Use
. 9/17/2020 - IRGC-Associated Cyber Operations Against US Company Networks
. 9/10/2020 - Cyber Actors Conduct Credential Stuffing Attacks Against US Financial Sector
. 7/28/2020 - Indicators Associated with Netwalker Ransomware
. 7/23/2020 - Chinese Government-Mandated Tax Software Contains Malware, Enabling Backdoor Access
. 7/21/2020 - Cyber Actors Exploiting Built-In Network Protocols to Carry Out Larger, More Destructive Distributed Denial of Service Attacks
. 5/4/2020 - COVID-19 Phishing Email Indicators
. 3/3/2020 - Cyber Criminals Conduct Business Email Compromise through Exploitation of Cloud- Based Email Services, Costing US Businesses Over Two Billion Dollars
. 1/9/2020 - Notice on Iranian Cyber Tactics and Techniques
FTC
. 9/15/2021 - On Breaches by Health Apps and Other Connected Devices
Lab
NSA
. July 2021 - Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
Description of targets
Known TTPs
Detection and mitigation
Works cited
. June 2021, Deploying Secure Unified Communications/Voice and Video over IP Systems
Executive summary
Part I - Network security best practices and mitigations
Part II - Perimeter security best practices and mitigations
Part III - Enterprise session controller security best practices and mitigations
Part IV - UC/VVoIP endpoint best practices and mitigations
End of guidelines
. 4/29/2021 - Stop Malicious Cyber Activity Against Connected Operational Technology
. 4/15/2021 - Russian SVR Targets U.S. and Allied Networks
. 1/15/2021 - Adopting Encrypted DNS in Enterprise Environments
. 1/5/2021 - Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations
. 12/17/2020 - Detecting Abuse of Authentication Mechanisms
. 12/7/2020 - Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials
. 11/5/2020 - Selecting and Safely Using Collaboration Services for Telework - UPDATE
. 9/17/2020 - Performing Out-of-Band Network Management
. 9/17/2020 - Compromised Personal Network Indicators and Mitigations
. 8/18/2020 - Hardening Network Devices
. 8/4/2020 - Limiting Location Data Exposure
. 7/23/2020 - NSA and CISA Recommend Immediate Actions to Reduce Exposure Across all Operational Technologies and Control Systems
. 1/22/2020 - Mitigating Cloud Vulnerabilities
. 12/17/2019 - MANAGING RISK FROM TRANSPORT LAYER SECURITY INSPECTION
NIST
. June 2021 - Cybersecurity Framework Profile for Ransomware Risk Management
§ Definition of Critical Software Under Executive Order (EO) 14028
Introduction
Background
Approach
Definition and Explanatory Material
FAQs
NCSC
. 1/7/2022 - Protect Yourself - Commercial Surveillance Tools
U.S. Department of State
. 5/16/2022 - GUIDANCE ON THE DEMOCRATIC PEOPLE’S REPUBLIC OF KOREA INFORMATION TECHNOLOGY WORKERS
DPRK IT WORKERS - BACKGROUND
HOW DPRK IT WORKERS OPERATE
RED FLAG INDICATORS
POTENTIAL MITIGATION MEASURES
CONSEQUENCES OF ENGAGING IN PROHIBITED OR SANCTIONABLE CONDUCT
ANNEX
U.S. Treasury
. 7/30/2020 - Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic
Just the Docs on GitHub
NIST
Table of contents
. June 2021 - Cybersecurity Framework Profile for Ransomware Risk Management
§ Definition of Critical Software Under Executive Order (EO) 14028