A Review of the Best News of the Week on Cyber Threats & Defense
Facebook’s Surveillance Machine (The New York Times, Mar 25 2018)
It’s true that the Cambridge Analytica incident wasn’t a security breach. It was something far worse.
Guccifer 2.0’s Slip-Up Shows That Even Elite Hackers Make Mistakes (Wired, Mar 25 2018)
No matter how much mystique a hacker persona has, the individual or group behind it inevitably makes operations security errors sometimes.
TrickBot Banking Trojan Adapts with New Module (Webroot Threat Blog, Mar 21 2018)
Since inception in late 2016, the TrickBot banking trojan has continually undergone updates and changes in attempts to stay one step ahead of defenders. While TrickBot has not always been the stealthiest trojan, its authors have remained consistent in the use of new distribution vectors and development of new features for their product. On March 15, 2018, Webroot observed a module (tabDll32 / tabDll64) being downloaded by TrickBot that has not been seen in the wild before this time.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens (Dark Reading, Mar 19 2018)
Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.
AMD promises firmware fixes for security processor bugs (Ars Technica, Mar 20 2018)
All bugs require administrative access to exploit.
15-Year-old Finds Flaw in Ledger Crypto Wallet (Krebs on Security, Mar 20 2018)
A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies.
SOCs Are Overwhelmed and Face Deep Challenges (Infosecurity Magazine, Mar 21 2018)
Excessive alerts, outdated metrics and limited integration are leading to over-taxed resources within these SOCs.
Hunting Cybercriminals with AWS Honey Tokens (Dark Reading, Mar 22 2018)
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report (SecurityWeek, Mar 22 2018)
The cost of having an organization targeted by a distributed denial of service (DDoS) attack for an hour is as low as $10, cybersecurity firm Armor says.
City of Atlanta Hit with Ransomware Attack (Dark Reading, Mar 23 2018)
FBI investigating computer outages in the city’s network possibly tied to Samsam-type ransomware variant.
Top cybersecurity evasion and exfiltration techniques used by attackers (Help Net Security, Mar 23 2018)
The networks SS8 assesses exhibit the presence of the following evasion and exfiltration activity:
60% – No internal DNS server.
36% – Traffic involving proxy and anonymizer IPs/URLs.
33% – Victims of phishing attacks involving popular domains.
28% – security incidents involving SSH.
25% – Bitcoin traffic.
21% – TOR traffic.
15% – Malicious activity on a non-standard application port.
Puerto Rico’s Electric Utility Hacked in Weekend Attack (Dark Reading, Mar 21 2018)
Service was disrupted but no customer records compromised, officials said.
GandCrab Ransomware Goes ‘Agile’ (Dark Reading, Mar 21 2018)
GandCrab ransomware’s developers have iterated the code rapidly, researchers found.
Nmap 7.70 released: Better service and OS detection, 9 new NSE scripts, and more! (Help Net Security, Mar 21 2018)
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Pirate websites expose users to more malware, study finds (WeLiveSecurity, Mar 21 2018)
Having observed the online activities of 253 people throughout 2016, Professor Rahul Telang concluded in a newly-released paper that the more time the users spent on piracy sites the higher the likelihood that some type of malware would compromise their computers.
Hackers exploit old flaw to turn Linux servers into cryptocurrency miners (SC Magazine, Mar 22 2018)
The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla AWS servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.
Iran-linked Hackers Adopt New Data Exfiltration Methods (SecurityWeek, Mar 22 2018)
An Iran-linked cyber-espionage group has been using new malware and data exfiltration techniques in recent attacks, security firm Nyotron has discovered.
1 in 10 targeted attack groups use malware designed to disrupt (Help Net Security, Mar 23 2018)
Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec’s Internet Security Threat Report (ISTR), Volume 23.
Breaches Missed, Companies Don’t Know What They’re Looking For (Infosecurity Magazine, Mar 23 2018)
The majority of businesses know very little about the nature of the security breaches
Q4 2017 Global DDoS Threat Landscape Report (Imperva, Mar 22 2018)
Even after the recent price drop, there currently remains 190 active cryptocurrency exchanges, up from 70 in Q3. Of these, 24 exchanges have a daily turnover of more than 10 million USD. With an ever-increasing number of targets, despite the volatility in the price of bitcoin, we expect to see assaults directed at the cryptocurrency industry continue for the foreseeable future.