Alerts 2020
December 17, 2020 - CISA
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.December 17, 2020 - NSA
Detecting Abuse of Authentication Mechanisms Full Text
Abstract
Malicious cyber actors are abusing trust in federated authentication environments to access protected data. The exploitation occurs after the actors have gained initial access to a victim’s on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources. The actors demonstrate two sets of tactics, techniques, and procedures (TTP) for gaining access to the victim network’s cloud resources, often with a particular focus on organizational email.December 13, 2020 - CISA
Mitigate SolarWinds Orion Code Compromise Full Text
Abstract
SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems. Disconnecting affected devices, as described below in Required Action 2, is the only known mitigation measure currently available.December 10, 2020 - CISA
Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data Full Text
Abstract
This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.December 07, 2020 - NSA
Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials Full Text
Abstract
Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware®1 Access and VMware Identity Manager2 products [1], allowing the actors access to protected data and abusing federated authentication. VMware released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on December 3rd 2020. NSA encourages National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to prioritize mitigation of the vulnerability on affected servers.December 01, 2020 - CISA
Advanced Persistent Threat Actors Targeting U.S. Think Tanks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy.[1] The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks.November 25, 2020 - FBI
Cyber Criminals Exploit Email Rule Vulnerability to Increase the Likelihood of Successful Business Email Compromise Full Text
Abstract
The COVID-19 pandemic prompted a mass shift to telework among many US businesses, resulting in increased use of web-based email applications. According to recent FBI reporting, cyber criminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities. The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cyber security administrators. Cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC). BEC schemes resulted in more than $1.7 billion in worldwide lossesa reported to the Internet Crime Complaint Center (IC3) in 2019. The FBI is sharing this information to inform companies of this email rule forwarding vulnerability, which may leave businesses more susceptible to BEC.November 19, 2020 - FBI
Indicators of Compromise Associated with Ragnar Locker Ransomware Full Text
Abstract
The FBI first observed Ragnar Locker1 ransomware in April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data. Since then, Ragnar Locker has been deployed against an increasing list of victims, including cloud service providers, communication, construction, travel, and enterprise software companies. The FBI is providing details of Ragnar Locker ransomware to assist with understanding the code and identifying the activity. Ragnar Locker actors first obtain access to a victim’s network and perform reconnaissance to locate network resources, backups, or other sensitive files for data exfiltration. In the final stage of the attack, actors manually deploy the ransomware, encrypting the victim’s data.November 05, 2020 - NSA
Selecting and Safely Using Collaboration Services for Telework - UPDATE Full Text
Abstract
During a global pandemic or other crisis contingency scenarios, many United States Government (USG) personnel must operate from home while continuing to perform critical national functions and support continuity of government services. With limited access to government furnished equipment (GFE) such as laptops and secure smartphones, the use of (not typically approved) commercial collaboration services on personal devices for limited government official use becomes necessary and unavoidable.October 30, 2020 - CISA
Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data Full Text
Abstract
This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA and the FBI are aware of an Iranian advanced persistent threat (APT) actor targeting U.S. state websites—to include election websites. CISA and the FBI assess this actor is responsible for the mass dissemination of voter intimidation emails to U.S. citizens and the dissemination of U.S. election-related disinformation in mid-October 2020. 1 (Reference FBI FLASH message ME-000138-TT, disseminated October 29, 2020). Further evaluation by CISA and the FBI has identified the targeting of U.S. state election websites was an intentional effort to influence and interfere with the 2020 U.S. presidential election.October 29, 2020 - FBI
Indicators of Compromise Pertaining to Iranian Interference in the 2020 US Presidential Election Full Text
Abstract
On 22 October 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (Alert AA20-296B) warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the US elections to sow discord among voters and undermine public confidence in the US electoral process. APT actors are creating fictitious media sites and spoofing legitimate media sites to spread anti-American propaganda and misinformation about voter suppression.October 28, 2020 - CISA
Ransomware Activity Targeting the Healthcare and Public Health Sector Full Text
Abstract
This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain. CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.October 27, 2020 - CISA
North Korean Advanced Persistent Threat Focus: Kimsuky Full Text
Abstract
This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF). This advisory describes the tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky—against worldwide targets—to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.cisa.gov/northkorea.October 22, 2020 - CISA
Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process. The APT actors are creating fictitious media sites and spoofing legitimate media sites to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud. The APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, structured query language (SQL) injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns.October 22, 2020 - CISA
Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets Full Text
Abstract
This joint cybersecurity advisory—written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA)—provides information on Russian state-sponsored advanced persistent threat (APT) actor activity targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. This advisory updates joint CISA-FBI cybersecurity advisory AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations.October 14, 2020 - FBI
Unattributed Entities Register Domains Spoofing the US Census Bureau’s Websites, Likely for Malicious Use Full Text
Abstract
The FBI has observed entities not associated with the US Census Bureau registering numerous domains spoofing the Bureau’s websites, likely for malicious purposes. These suspicious spoofed domains are easily mistaken for legitimate Census Bureau websites and can be used for advertising, credential harvesting, and other malicious purposes. Spoofed domains (aka typosquatting) mimic legitimate domains by either altering character(s) within the domain or associating another domain with similar characteristics to the legitimate domain, such as “Censusburea[.]com” or “census gov[.]us” Spoofed domains are increasingly used by cyber criminal and state-sponsored groups to propagate the spread of malware, which can lead to further compromise and financial losses. This activity poses a risk to both the US Census Bureau and the public.October 09, 2020 - CISA
APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations Full Text
Abstract
Note: the analysis in this joint cybersecurity advisory is ongoing, and the information provided should not be considered comprehensive. The Cybersecurity and Infrastructure Security Agency (CISA) will update this advisory as new information is available. This joint cybersecurity advisory was written by CISA with contributions from the Federal Bureau of Investigation (FBI). CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application.October 06, 2020 - CISA
Emotet Malware Full Text
Abstract
This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February. Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats. To secure against Emotet, CISA and MS-ISAC recommend implementing the mitigation measures described in this Alert, which include applying protocols that block suspicious attachments, using antivirus software, and blocking suspicious IPs.October 01, 2020 - CISA
Potential for China Cyber Response to Heightened U.S.–China Tensions Full Text
Abstract
In light of heightened tensions between the United States and China, the Cybersecurity and Infrastructure Security Agency (CISA) is providing specific Chinese government and affiliated cyber threat actor tactics, techniques, and procedures (TTPs) and recommended mitigations to the cybersecurity community to assist in the protection of our Nation’s critical infrastructure. In addition to the recommendations listed in the Mitigations section of this Alert, CISA recommends organizations take the following actions.September 22, 2020 - CISA
LokiBot Malware Full Text
Abstract
CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020. Throughout this period, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity. LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases.September 18, 2020 - CISA
Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday Full Text
Abstract
On August 11, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems (CVE-2020-1472). The vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory, could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services.September 17, 2020 - NSA
Performing Out-of-Band Network Management Full Text
Abstract
Out-of-Band (OoB) network management is a concept that uses an alternate communication path to manage network infrastructure devices. These alternate paths are designed to isolate management traffic from operational traffic. This isolation prevents compromised user devices or malicious network traffic from impacting network operations or compromising network infrastructure. Implementing these alternate paths can vary in configuration from virtual tunneling (sharing the physical network connections with the operational network) to a physically segmented network infrastructure. OoB management creates a framework that enables administrators to improve the security of their networks by segmenting management traffic from operational traffic, and ensuring that management traffic only comes from the OoB communication path.September 17, 2020 - NSA
Compromised Personal Network Indicators and Mitigations Full Text
Abstract
More and more government workers are teleworking, using Government Furnished Equipment (GFE) for official work and connecting them through personal networks. Cybersecurity is a crucial priority for these users to ensure their data and networks remain secure and uncompromised. This includes being able to identify indicators of a network compromise and pursue potential mitigations. This knowledge aids users in safeguarding their personal networks and data.September 17, 2020 - FBI
IRGC-Associated Cyber Operations Against US Full Text
Abstract
The FBI is sharing information about a group of Iran-based cyber actors recently indicted for conducting malicious cyber operations to obtain access to US-based networks and steal information. The Iranian nationals indicted are Said Pourkarim Arabi, a member of Iran’s Islamic Revolutionary Guard Corps (IRGC), Mohammad Reza Espargham, and Mohammad Bayati, both associates of Arabi. Since at least 2015, the actors conducted malicious cyber activity against US-based and foreign organizations and companies involved in aerospace or satellite technology and international government organizations in the United States, the United Kingdom, Singapore, Australia, and Israel.September 15, 2020 - CISA
Iran-Based Threat Actor Exploits VPN Vulnerabilities Full Text
Abstract
This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI). CISA and FBI are aware of an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. Analysis of the threat actor’s indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) indicates a correlation with the group known by the names, Pioneer Kitten and UNC757. This threat actor has been observed exploiting several publicly known Common Vulnerabilities and Exposures (CVEs) dealing with Pulse Secure virtual private network (VPN), Citrix NetScaler, and F5 vulnerabilities. This threat actor used these vulnerabilities to gain initial access to targeted networks and then maintained access within the successfully exploited networks for several months using multiple means of persistence.September 14, 2020 - CISA
Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of skill—routinely using open-source information to plan and execute cyber operations. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the TTPs used by Chinese MSS-affiliated actors. This product was written by CISA with contributions by the Federal Bureau of Investigation (FBI).September 10, 2020 - FBI
Cyber Actors Conduct Credential Stuffing Attacks Against US Financial Sector Full Text
Abstract
Since 2017, the FBI has received numerous reports on credential stuffing attacksa against US financial institutions, collectively detailing nearly 50,000 account compromises. The victims included banks, financial services providers, insurance companies, and investment. During this timeframe, the FBI noted many reports on attacks targeting application programming interfaces (APIs), which are less likely to require multi-factor authentication (MFA). The attackers masqueraded as legitimate account holders and bank employees to submit fraudulent transactions, including money transfers, bill payments, and credit card reward points purchases. Credential stuffing also caused losses from business costs associated with customer notification, system downtime, and remediationi.September 01, 2020 - CISA
Technical Approaches to Uncovering and Remediating Malicious Activity Full Text
Abstract
This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.August 18, 2020 - NSA
Hardening Network Devices Full Text
Abstract
Hardening network devices reduces the risk of unauthorized access into a network’s infrastructure. Vulnerabilities in device management and configurations present weaknesses for a malicious cyber actor to exploit in order to gain presence and maintain persistence within a network. Adversaries have shifted their focus from exclusively exploiting traditional endpoints to increasingly exploiting specialized and embedded devices, including routers and switches. They do this through manipulating weaknesses in configurations, controlling routing protocols, and implanting malware in the operating systems.August 04, 2020 - NSA
Limiting Location Data Exposure Full Text
Abstract
Mobile devices store and share device geolocation data by design. This data is essential to device communications and provides features—such as mapping applications—that users consider indispensable. Mobile devices determine location through any combination of Global Positioning System (GPS) and wireless signals (e.g., cellular, wireless (Wi-Fi®1 ), or Bluetooth®2 (BT)). Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.July 28, 2020 - FBI
Indicators Associated with Netwalker Ransomware Full Text
Abstract
As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on U.S. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors. Netwalker became widely recognized in March 2020, after intrusions on an Australian transportation and logistics company and a U.S. public health organization. Cyber actors using Netwalker have since taken advantage of the COVID-19 pandemic to compromise an increasing number of unsuspecting victims.July 23, 2020 - NSA
NSA and CISA Recommend Immediate Actions to Reduce Exposure Across all Operational Technologies and Control Systems Full Text
Abstract
Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against Critical Infrastructure (CI) by exploiting Internet-accessible Operational Technology (OT) assets [1]. Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression. OT assets are critical to the Department of Defense (DoD) mission and underpin essential National Security Systems (NSS) and services, as well as the Defense Industrial Base (DIB) and other critical infrastructure. At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure resilience and safety of US systems should a time of crisis emerge in the near term. The National Security Agency along with the Cybersecurity and Infrastructure Security Agency recommend that all DoD, NSS, DIB, and U.S. Critical Infrastructure facilities take immediate actions to secure their OT assets.July 23, 2020 - FBI
Chinese Government-Mandated Tax Software Contains Malware, Enabling Backdoor Access Full Text
Abstract
The FBI seeks to inform US companies in the healthcare, chemical, and finance sectors of potential targeting activity by the Chinese government against their business and operational components based in China. As early as March 2019, at least two Western companies operating in China detected malware that was delivered through Chinese vendors that were responsible for releasing tax software upgrades following changes in 2018 to China’s value-added tax (VAT). The malware launched a backdoor into victim systems, which the FBI assesses likely allows cyber actors to preposition to conduct remote code execution and exfiltration activities on the victim’s network.July 21, 2020 - FBI
Cyber Actors Exploiting Built-In Network Protocols to Carry Out Larger, More Destructive Distributed Denial of Service Attacks Full Text
Abstract
Cyber actors have exploited built-in network protocols, designed to reduce computational overhead of day-to-day system and operational functions, to conduct larger and more destructive distributed denial of service (DDoS) amplification attacks against US networks. A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim. Typically, the attacker spoofs the source Internet Protocol (IP) address to appear as if they are the victim, resulting in traffic that overwhelms victim resources. Cyber actors likely will increasingly abuse built-in network protocols. Such abuse likely will enable DDoS amplification attacks to be carried out with limited resources and result in significant disruptions and impact on the targets.July 16, 2020 - CISA
Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday Full Text
Abstract
On July 14, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems CVE-2020-1350. A remote code execution vulnerability exists in how Windows Server is configured to run the Domain Name System (DNS) Server role. If exploited, the vulnerability could allow an attacker to run arbitrary code in the context of the Local System Account. To exploit the vulnerability, an unauthenticated attacker sends malicious requests to a Windows DNS server.May 04, 2020 - FBI
COVID-19 Phishing Email Indicators Full Text
Abstract
The FBI uncovered targeted email phishing attempts to harvest user credentials and compromise targets’ computer systems by exploiting fear derived from the COVID-19 pandemic. Through investigations, the FBI continues to identify multiple COVID-19 email phishing campaigns with malicious file attachments and URLs. The following associated indicators of compromise (IOCs) are being provided to assist in network defense.March 03, 2020 - FBI
Cyber Criminals Conduct Business Email Compromise through Exploitation of Cloud- Based Email Services, Costing US Businesses Over Two Billion Dollars Full Text
Abstract
Cyber criminals are targeting organizations who utilize Microsoft Office 365 and Google G Suite to conduct Business Email Compromise (BEC) scams. The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.January 22, 2020 - NSA
Mitigating Cloud Vulnerabilities Full Text
Abstract
While careful cloud adoption can enhance an organization’s security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud. Fully evaluating security implications when shifting resources to the cloud will help ensure continued resource availability and reduce risk of sensitive information exposures. To implement effective mitigations, organizations should consider cyber risks to cloud resources, just as they would in an on-premises environment.January 14, 2020 - CISA
Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday Full Text
Abstract
On January 14, 2020, Microsoft released a software patch to mitigate significant vulnerabilities in supported Windows operating systems. Among the vulnerabilities patched were weaknesses in how Windows validates Elliptic Curve Cryptography (ECC) certificates and how Windows handles connection requests in the Remote Desktop Protocol (RDP) server and client.January 09, 2020 - FBI
Notice on Iranian Cyber Tactics and Techniques Full Text