A Review of the Best News of the Week on Cyber Threats & Defense

Injection Attacks: The Least Glamorous Attack Is One of the Most Threatening (X-Force Research – Security Intelligence, Nov 02 2017)
According to IBM X-Force analysis of IBM Managed Security Services (MSS) data, injection attacks are the most frequently employed mechanism of attack against organizational networks. In fact, for the period assessed (January 2016 through June 2017), injection attacks made up nearly half — 47 percent — of all attacks. The most common types were operating system command injection (OS CMDi) and SQL injection (SQLi).

The Zero Day Problem (ThreatQuotient, Nov 01 2017)
A group of hackers, dubbed the Shadow Brokers, posted the EternalBlue exploit online in April 2017 after claiming to have stolen it from the NSA. The leak was just one of many the group has made over the past year detailing NSA vulnerabilities that exploited Cisco Systems, Microsoft products, and others. The leaks prompted renewed debate on whether the NSA should change its vulnerabilities equities process (VEP) to disclose cyber vulnerabilities to the private sector more frequently to prevent future cyberattacks.

Crooks poison results for financial-related searches to deliver banking malware (Help Net Security, Nov 03 2017)
Targeted search keyword combinations include “nordea sweden bank account number”, “how to cancel a cheque commonwealth bank”, “al rajhi bank working hours during ramadan”, “free online books for bank clerk exam”, “bank of baroda account balance check”, and so on.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Dissecting the Costs of Cybercriminal Operations (Recorded Future, Nov 02 2017)
The cybercriminal underground is quite verticalized, with threat actors specializing in particular areas of expertise. It is this distribution of expertise that contributes to the underground market’s resiliency. Similar to drug cartels, once you remove one threat actor or forum, rivals will immediately take its place.

2nd Breach at Verticalscope Impacts Millions (Krebs on Security, Nov 03 2017)
For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts. Evidence of the breach was discovered just before someone began using that illicit access as a commercial for a new paid search service that indexes consumer information exposed in corporate data breaches.

Defending against ransomware using system design (Microsoft Secure Blog, Nov 06 2017)
Many of the risks associated with ransomware and worm malware can be alleviated through systems design. Referring to our now codified list of vulnerabilities, we know that our solution must: 1) Limit the number (and value) of potential targets that an infected machine can contact, 2) Limit exposure of reusable credentials that grant administrative authorization to potential victim machines, 3) Prevent infected identities from damaging or destroying data, and 4) Limit unnecessary risk exposure to servers housing data

Dark web analysis reveals $20,000 start-up cost for banking trojan botnet campaigns (SC Magazine, Nov 03 2017)
Before reaping their ill-gotten rewards, cybercriminals interested in launching their botnet operation must generally shell out thousands of dollars to support their campaign, according to a new report from Recorded Future.

Cyber Resilience- what I’ve found (Part 1) (Michael on Security Blog, Nov 05 2017)
“A year or so ago I came upon the idea of “cyber resilience”, which is a general concept of ‘hardening’ or toughing, or making more resilient, our IT/cyber systems. I started seeing the terms used a lot, and many of the times I’ve seen it has been in use of ideas that we need to focus MORE on resilience then cybersecurity, or that cyber resilience is the next step beyond cybersecurity.”

Tor patches flaw that could expose MacOS and Linux IP addresses (SC Magazine, Nov 06 2017)
The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users accessing the Tor browser.

Security: Choose Your Own Adventure (Cylance, Nov 06 2017)
Plugging vulnerabilities is like trying to kill a mosquito on the inside of your windshield while driving. Software vulnerabilities, much like mosquitoes, have survived by taking advantage of our weaknesses. There are very few actual deterrents that may work, and most of them are more annoying than effective. Where are the big guns of cybersecurity?

ChessMaster’s New Strategy: Evolving Tools and Tactics – TrendLabs Security Intelligence Blog (Trend Micro Blog, Nov 06 2017)
A few months ago, TrendMicro covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware to compromise its targets—primarily organizations in Japan. A few weeks ago, they observed new activity from ChessMaster, with notable evolutions in terms of new tools and tactics that weren’t present in the initial attacks.

Data Center Application Layer Attacks (Radware Blog, Oct 31 2017)
Data center outages can occur from a number of factors such as such as component quality issues, power supply disturbances, or human error. Even turning systems off for routine maintenance could lead to a potentially costly incident to the business. However a multiyear Ponemon study, “Cost of Data Center Outages” found that the fastest growing cause of data center outages was cybercrime.

Phish in a Barrel: Hunting and Analyzing Phishing Kits at Scale (The Duo Blog, Oct 31 2017)
Over the course of a month, using community-driven URL feeds from Phishtank and OpenPhish, Duo found 3,200 unique phishing kits across 66,000 URLs. You can use the same techniques they describe in the technical paper to track down phishing kits targeting your organization, as well as to determine what information is being stolen and where the information is being sent.

How Wireless Intruders Can Bypass NAC Controls (Dark Reading, Nov 01 2017)
A researcher at this month’s SecTor conference will demonstrate the dangers of not employing EAP-TLS wireless security.