A Review of the Best News of the Week on Cyber Threats & Defense
Steganography: A Safe Haven for Malware (X-Force Research – Security Intelligence, Nov 16 2017)
Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network attacks containing cryptocurrency CPU-mining tools hidden within fake image files.
Sites using session replay scripts leak sensitive user data (Help Net Security, Nov 20 2017)
“[Session replay] scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder,” the researchers explained.
Beware Catphishing attacks targeting hearts of security pros (SC Magazine, Nov 16 2017)
Malwarebytes researchers are warning IT workers seeking love online to beware “CatPhishing” scams which can leave entire companies devastated. A play on the term catfishing, in which scammers dupe people into falling in love with false online personas for various reason, in catphishing beautiful women personas target IT and cybersecurity professionals to infiltrate corporate systems for their own gain.
Attacks Exploit Microsoft Dynamic Data Exchange Protocol (eWEEK, Nov 16 2017)
Attackers are using Microsoft’s Dynamic Data Exchange protocol to download and install malware. Microsoft has warned about the issue, and given users guidance on how to protect themselves, but does not consider it a vulnerability.
Tips to Protect the DNS from Data Exfiltration (Dark Reading, Nov 17 2017)
If hackers break in via the Domain Name System, most business wouldn’t know until it’s too late. These tips can help you prepare.
Amazon to fix Key home security vulnerability (Naked Security – Sophos, Nov 20 2017)
The problem, which Amazon is thankfully fixing, is Amazon Key’s vulnerability to the easy-peezy technique of jamming the camera with a deauthentication attack.
A Boeing 757 was hacked remotely while it sat on the runway (The State of Security – Tripwire, Nov 16 2017)
But don’t panic too much. The hack of the legacy commercial airliner was an exercise conducted by a team of security professionals.
Ransomware-spreading hackers sneak in through RDP (Naked Security, Nov 20 2017)
Sophos has uncovered a new niche in the world of cybercrime: ransomware infections where the crooks run the ransomware themselves
Fileless Attacks Ten Times More Likely to Succeed: Report (SecurityWeek, Nov 15 2017)
A new report from the Ponemon Institute confirms, but quantifies, what most people know: protecting endpoints is becoming more difficult, more complex and more time-consuming — but not necessarily more successful.
toolsmith #129 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 2 (HolisticInfoSec, Nov 19 2017)
“Here we resume our discussion of DFIR Redefined: Deeper Functionality for Investigators with R as begun in Part 1.”
New IcedID Trojan Targets US Banks (Threatpost, Nov 13 2017)
A new banking Trojan dubbed IcedID is is being distributed by a seasoned cybergang or hacker targeting U.S. financial institutions. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and the ability to monitor a browser’s activity by setting up a local proxy for traffic tunneling.
Fortinet FortiGuard Labs 2018 Threat Landscape Predictions (Fortinet Blog, Nov 14 2017)
Individuals have a growing expectation for instant access to highly personalized information and services through a variety of interconnected devices. This demand is driving the digital transformation of both business and society. Keeping pace requires things like machine learning and artificial intelligence in order to accelerate the ability to see, predict, and respond to market trends. There is also a growing criminal element looking to exploit these new technologies.
Pentagon exposed some of its data on Amazon server (CNNMoney, Nov 20 2017)
A researcher says the Pentagon exposed huge amounts of web-monitoring data in a security failure.
Using Deep Packet Analytics to Detect Packet Signatures (LogRhythm, Nov 15 2017)
Scanning packet payloads continues to be a highly valuable part of both network analytics and network forensics. These investigations can be the difference between mitigating and missing a threat. Sometimes you just need to dive into the packet-level information!