New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint - Related to update, microsoft, c2, outage, buggy
DHS says CISA will not stop monitoring Russian cyber threats
The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or research on Russian cyber activity are untrue, and. Its mission remains unchanged.
"CISA's mission is to defend against all cyber threats to Critical Infrastructure, including from Russia," the US cyber agency posted to X.
"There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security."
Building on these developments, this comes after The Guardian reported on Saturday that the Trump administration no longer sees Russia as a cyber threat against US critical infrastructure and its interests.
, a new memo at CISA directs the agency to prioritize China and. Protecting local systems and does not mention Russia. CISA analysts were verbally told not to follow or research on Russia's cyber activity.
CISA is a government agency responsible for protecting critical infrastructure, including election infrastructure. From cyber and physical threats. The agency monitors and mitigates cyber threats from foreign adversaries, including Russia, by sharing threat intelligence, coordinating incident response, and working with government and private organizations to strengthen national cybersecurity defenses.
In response to questions about the Guardian's story, Tricia McLaughlin, Assistant Secretary for Public Affairs. Department of Homeland Security, told BleepingComputer that the memo is fake and that CISA will continue to address cyber threats from Russia.
"This is garbage. The Guardian's entire story is based on an alleged memo that the Trump Administration never issued and the Guardian refuses to let us see or provide the date of expressed memo," McLaughlin told BleepingComputer.
"CISA remains committed to addressing all cyber threats to US Critical Infrastructure. Including from Russia. There has been no change in its posture or priority on this front."
Moving to another aspect, theRecord also reported on Friday that Defense Secretary Pete Hegseth ordered Cyber Command to stand down from any planned offensive operations targeting Russia.
Additionally, this was further confirmed by The New York Times and The Washington Post on Saturday, with information stating this shift in posture is only meant to last during the ongoing negotiations to stop Russia's invasion of Ukraine.
A senior defense official shared the following statement when contacted about the shift in Cyber Command's directives.
"Due to operational security concerns, we do not comment nor discuss cyber intelligence, plans, or operations," shared the defense official.
"There is no greater priority to Secretary Hegseth than the safety of the Warfighter in all operations. To include the cyber domain."
Die US-amerikanische IT-Sicherheitsbehörde warnt vor beobachteten Angriffen auf Schwachstellen in Cisco RV-Routern, Hitachi Vantara, WhatsUp Gold und ...
Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication...
Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware ...
Microsoft links recent Microsoft 365 outage to buggy update
Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication.
:29 PM UTC, the incident also triggered Teams and Power Platform degraded functionality and caused Purview access issues and errors.
These issues were addressed by reverting the buggy code change tagged as the preliminary root cause of the widespread outage that started at 8:40 PM UTC and ended around 9:45 PM UTC.
"A recent upgrade to Microsoft 365 authentication systems contained a code issue, resulting in impact to some Microsoft 365 apps and services," the business unveiled on Saturday after resolving the authentication and. Access problems.
"Following our reversion of the problematic code change, we've monitored service telemetry and worked with previously impacted individuals to confirm that service is restored."
Redmond says a preliminary post-incident analysis should be . The business will also review the change management process to understand why the buggy change wasn't detected during testing.
While Microsoft resolved the Microsoft 365 authentication problems over the weekend. Another advisory .
"We've so far been unable to identify any Microsoft service updates which we believe are contributing towards impact. However, we've observed through analysis of telemetry that an accumulation of authentication token errors associated with a third-party application may be causing the issue," Redmond added 12 hours after acknowledging the incident.
In January, Microsoft also reverted a networking configuration change behind widespread connectivity issues, timeouts, connection drops, and resource allocation failures impacting Azure services for East US 2 clients between January 8 and January 10.
More in the recent past, on February 25, Microsoft fixed another issue caused by a DNS change that triggered Entra ID DNS authentication failures for consumers using its Seamless SSO and Microsoft Entra Connect Sync.
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.
After a slow start, attacks spiked in Q2 and. Surged in Q4, with 1,827 incide...
Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malw...
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint
When opened, the HTML displays a fake 0x8004de86 error, stating that it "Failed to connect to the "One Drive" cloud service" and that clients must fix the error by updating the DNS cache manually.
Phishing attachment displaying fix instructions.
Building on these developments, this PowerShell command will attempt to launch another PowerShell script hosted on the threat actor's SharePoint server.
Malicious PowerShell command that was shared as a fix.
Fortiguard says that the script checks whether the device is in a sandbox environment by querying the number of devices in the Windows domain. If it determines it's in a sandbox, the script will terminate.
Otherwise. The script will modify the Windows Registry to add a value indicating that the script was run on the device. It will then proceed to check if Python is installed on the device and, if not, install the interpreter.
Finally, a Python script is downloaded from the same SharePoint site and executed to deploy the Havok post-exploitation command and. Control framework as an injected DLL.
Havoc is an open-source post-exploitation framework similar to Cobalt Strike, allowing attackers to remotely control compromised devices. Threat actors commonly use post-exploitation frameworks like Havoc to breach corporate networks and then spread laterally to other devices on the network.
In this campaign, Havok is configured to communicate back to the threat actor's services through Microsoft's Graph API. Embedding malicious traffic within legitimate cloud services. By doing so, the attackers blend in with regular network communications to evade detection.
The malware uses SharePoint APIs on Microsoft Graph to send and receive commands, effectively transforming the attacker's SharePoint account into a data exchange system.
Threat actors have also begun to evolve the technique to use them on social media platforms like Telegram, where a fake identity verification service named 'Safeguard' was used to trick consumers into running PowerShell commands that install a Cobalt Strike beacon.
Die US-amerikanische IT-Sicherheitsbehörde warnt vor beobachteten Angriffen auf Schwachstellen in Cisco RV-Routern, Hitachi Vantara, WhatsUp Gold und ...
In 2024, global ransomware attacks hit 5,414. An 11% increase from 2023.
After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incide...
In Zohocorps ADSelfService Plus können Angreifer eine Sicherheitslücke missbrauchen, um Konten zu übernehmen. Aktualisierte Software stopft das Sicher...
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 8.7% | 10.5% | 11.0% | 12.2% | 12.9% | 13.3% | 13.4% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 12.5% | 12.9% | 13.2% | 13.4% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Network Security | 26% | 10.8% |
| Cloud Security | 23% | 17.6% |
| Identity Management | 19% | 15.3% |
| Endpoint Security | 17% | 13.9% |
| Other Security Solutions | 15% | 12.4% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Palo Alto Networks | 14.2% |
| Cisco Security | 12.8% |
| Crowdstrike | 9.3% |
| Fortinet | 7.6% |
| Microsoft Security | 7.1% |
Future Outlook and Predictions
The Microsoft Says Cisa landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the cyber security sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing cyber security challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of cyber security evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the security threats and defensive measures discussed in this article. These definitions provide context for both technical and non-technical readers.
phishing beginner
Anatomy of a typical phishing attackplatform intermediate
threat intelligence intermediate
ransomware beginner
SOC intermediate
API beginner
How APIs enable communication between different software systemsmalware beginner
Common malware types and their characteristicsRelated Articles
