A Review of the Best News of the Week on Cyber Threats & Defense

The Many Tentacles of the Necurs Botnet (Cisco Blog, Jan 18 2018)
Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much spam that at times Necurs’ spam campaigns can make up more than 90% of the spam seen by Cisco Talos in one day.

Triton Malware Details Show the Dangers of Industrial System Sabotage (Wired, Jan 18 2018)
New details about Triton malware should put industrial systems and critical infrastructure on notice.

Doh!!! The 10 Most Overlooked Security Tasks (Dark Reading, Jan 16 2018)
Here’s a list of gotchas that often slip past overburdened security pros.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

DoS attacks against hard disk drives using acoustic signals (Help Net Security, Jan 16 2018)
A group of Princeton and Purdue researchers has shown that it’s possible to mount a denial-of-service (DoS) attack against hard disk drives via acoustic signals.

Security Monitoring Use Cases, the UPDATE! (Gartner Blog Network, Jan 17 2018)
“How to Develop and Maintain Security Monitoring Use Cases”: This document described an approach to identity, prioritize, implement and manage security monitoring use cases. Of course, it has a lot on SIEM, as it’s usually the chosen tool for implementation of those use cases, but we revised to ensure we are also covering technologies such as UEBA, EDR and even SOAR.

Red Hat Pulls Spectre Patches Due to Instability (SecurityWeek, Jan 22 2018)
Red Hat has decided to pull microcode patches for one variant of the Spectre exploit after users complained that updates had caused their systems to stop booting.

MailChimp plugs a hole that could have leaked your email address (Graham Cluley, Jan 22 2018)
MailChimp has been leaking subscribers’ email addresses. But it’s not the biggest leak ever, and certainly not the most practical to exploit at a large scale.

Web Cache Deception Attack revisited (Cloudflare Blog, Jan 19 2018)
Cloudflare released a tool to help customers make sure only assets that should be cached are being cached. Recall that the Web Cache Deception attack happens when an attacker tricks a user into clicking a link in the format of http://www.example.com/newsfeed/foo.jpg, when http://www.example.com/newsfeed is the location of a dynamic script that returns different content for different users.

CIA: Russian Military Hackers Behind NotPetya Attack (Dark Reading, Jan 15 2018)
Cyberattack last June aimed to disrupt Ukraine’s financial system.

BlackWallet cryptocurrency site loses users’ money after DNS hijack (Naked Security – Sophos, Jan 18 2018)
Another site in the booming cryptocurrency wallet sector has been hacked after what looks like a simple DNS hijacking attack.

Understanding Supply Chain Cyber Attacks (Dark Reading, Jan 19 2018)
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.

Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining (TrendLabs Blog, Jan 19 2018)
In recent weeks TrendMicro noted a significant increase in the numbers of exploit attempts targeting two specific vulnerabilities…

The 11 Types of Reported Emails (PhishLabs Blog, Jan 18 2018)
You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.

Malicious Chrome extension is next to impossible to manually remove (Ars Technica, Jan 19 2018)
Extensions remain the Achilles heel for an otherwise highly secure browser.

Botnet Strikes Cryptocurrency Mining Rigs (PCMag, Jan 19 2018)
The botnet has been trying to steal digital currency generated from Windows systems running the Claymore mining software.

Hacker Infects Gas Pumps with Code to Cheat Customers (Threatpost, Jan 21 2018)
Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.