A Review of the Best News of the Week on Cyber Threats & Defense

A 1.3Tbs DDoS Hit GitHub, the Largest Yet Recorded (Wired, Mar 01 2018)
On Wednesday, a 1.3Tbps DDoS attack pummeled GitHub for 15-20 minutes. Here’s how it stayed online.

Tracking desktop ransomware payments end to end (Elie Bursztein – Google, Mar 02 2018)
We find that many ransomware operators cashed out using BTC-e, a now-defunct Bitcoin exchange. In total we are able to track over $16 million in likely ransom payments made by 19,750 potential victims during a two-year period.

If ransom paid in Bitcoin Cash don’t expect to get files back (SC Magazine, Feb 28 2018)
A new ransomware attack called Thanatos demands payment in Bitcoin Cash, which contains a decryption bug that makes it impossible for attack victims to recover stolen files, reports security researcher Malware HunterTeam.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Mobile World Congress: Cybersecurity Attacks Don’t Go Away, They Morph (PCMag, Feb 28 2018)
Ericsson CEO: Even more important than speed, 5G offers lower latency designed for the industrial internet: sensors, remote controls, augmented reality; there are many applications. Consumers will see this with healthcare applications and connected vehicles.

Bot Roundup: Avalanche, Kronos, NanoCore (Krebs on Security, Feb 27 2018)
It’s been a busy few weeks in cybercrime news, justifying updates to a couple of cases we’ve been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in 2016. Separately, a case that was hailed as a test of whether programmers can be held accountable for how customers use their product turned out poorly for 27-year-old programmer Taylor Huddleston, who was sentenced to almost three years in prison for making and marketing a complex spyware program.

Intel’s latest set of Spectre microcode fixes is coming to a Windows update (Ars Technica, Mar 01 2018)
Windows users will no longer be beholden to their motherboard makers.

Importing Pcap into Security Onion (TaoSecurity, Feb 26 2018)
Doug Burks of Security Onion (SO) added a new script that revolutionizes the use case for his amazing open source network security monitoring platform.

Virtual Private Networks: Why Their Days Are Numbered (Dark Reading, Feb 28 2018)
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.

Malware forces closure of hundreds of Tim Hortons outlets across Canada (SC Magazine, Feb 28 2018)
A mysterious malware has taken out the cash registers of hundreds of Tim Hortons restaurants across Canada forcing many of them to close prompting legal action from franchise owners.

Recently patched Flash vulnerability spotted in massive malspam campaign (SC Magazine, Mar 02 2018)
“With small variations to the attack, they successfully launched a massive malspam campaign and bypassed most of the existing static scanning solutions once again.”

Millions of Office 365 Accounts Hit with Password Stealers (Dark Reading, Mar 02 2018)
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.

Misleading Cyber Foes with Deception Technology (Dark Reading, Feb 27 2018)
Today’s deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.

Threat Hunting Takes Center Stage for SOCs (Infosecurity Magazine, Feb 27 2018)
Six out of ten organizations in the survey are planning to build out threat-hunting programs over the next three years.

Fake ionCube Malware Hits Hundreds of Sites (SecurityWeek, Feb 28 2018)
Hundreds of websites have been infected with malware that masquerades as legitimate ionCube-encoded files, SiteLock warns.

Phishers Target Social Media (Dark Reading, Mar 01 2018)
Financial institutions still the number one target, according to a new report by RiskIQ.

New LTE attacks open users to eavesdropping, fake messages, location spoofing (Help Net Security, Mar 05 2018)
A systematic model-based adversarial testing approach to expose the vulnerabilities in 4G LTE’s critical procedures (most notably attach, paging, and detach procedures).

Powerful New DDoS Method Adds Extortion (Krebs on Security, Mar 02 2018)
On Thursday, KrebsOnSecurity heard from several experts from Cybereason, a Boston-based security company that’s been closely tracking these memcached attacks. Cybereason said its analysis reveals the attackers are embedding a short ransom note and payment address into the junk traffic they’re sending to memcached services.