The Department of Homeland Security recently issued a cybersecurity alert. According to the alert, The National Cybersecurity and Communication Integration Center (NCCIC) detected a campaign that uses multiple malware implants dating back to May 2016 (yikes!).
Unfortunately, the spread of this malware is quite significant. The affected verticals include information technology, energy, healthcare, and manufacturing. According to the alert, the attackers are using stolen credentials as well as implanting malware on critical systems.
The alert advises IT service providers to evaluate their infrastructure to determine if related activity has taken place. Active monitoring of network traffic for the indicators of compromise (IOCs) provided in the report, as well as behavior analysis for similar activity, should be conducted to identify C2 traffic.
The alert suggests conducting frequency analysis to determine any unusual fluctuation in bandwidth indicative of a potential data exfiltration and valuate management and client systems should for host indicators provided. For more information about the alert, head to Department of Homeland Security website.