A Review of the Best News of the Week on Cyber Threats & Defense
Bring Your Own Land (BYOL) – A Novel Red Teaming Technique (FireEye, Jun 20 2018)
One of most significant recent developments in sophisticated offensive operations is the use of “Living off the Land” (LotL) techniques by attackers. These techniques leverage legitimate tools present on the system, such as the PowerShell scripting language, in order to execute attacks.
Ransom Demands and Frozen Computers: Hackers Hit Towns Across the U.S. (WSJ, Jun 25 2018)
Hackers are targeting small towns’ computer systems, with public-sector attacks appearing to be rising faster than those in the private sector. Online extortionists demand bitcoin ransom in return for decryption keys.
Scaling Network Security: The New Network Security Requirements (Securosis Blog, Jun 22 2018)
So it’s time to reframe the requirements of the new network security. Basically, as we rethink network security, what do we need it to do?
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
Early detection of compromised credentials can greatly reduce impact of attacks (Help Net Security, Jun 19 2018)
Increases in cybercriminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.
Google Increases Visibility Into Endpoints Accessing G Suite Data (SecurityWeek, Jun 18 2018)
A newly added “Endpoint Verification” feature in G Suite provides administrators with increased visibility into the computers that have access to corporate data.
Compromised GitHub Account Spreads Malicious Syscoin Installers (SecurityWeek, Jun 18 2018)
Malware-laden Syscoin releases were up for download on an official GitHub repository after hackers managed to compromise an account and replace legitimate Windows installers.
Mylobot Malware Brings New Sophistication to Botnets (Dark Reading, Jun 20 2018)
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Symantec pegs Chinese group Thrip behind recent cyberespionage attacks (SC Magazine, Jun 20 2018)
Symantec researchers spot three Chinese computers behind a string of cyberespionage attacks targeting private and defense-related targets in the United States and Southeast Asia, including attempting to infect a computer system that handled satellite operations.
New SamSam variant requires attacker’s input before infection (SC Magazine, Jun 20 2018)
The campaign was difficult for researchers to analyze because a password had to be entered manually by the attacker in order for researchers to in order to access the malware’s code. Researchers cannot even execute the ransomware on a victim or test machine meaning only the author or someone who has intercepted the author’s password can run the attack.
China-linked Hackers Targeting Air-Gapped Systems: Report (SecurityWeek, Jun 25 2018)
The cyber espionage group known as “Tick” has been targeting a secure USB drive built by a South Korean defense company, likely in an attempt to compromise air-gaped systems, Palo Alto Networks reports.
Secure Speculative Execution (Schneier on Security, Jun 25 2018)
We’re starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems.
Most Websites and Web Apps No Match for Attack Barrage (Dark Reading, Jun 20 2018)
The average website is attacked 50 times per day, with small businesses especially vulnerable.
Hidden Tunnels’ Help Hackers Launch Financial Services Attacks (Dark Reading, Jun 20 2018)
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
ACLU Warns on Forced Malicious Software Updates (Infosecurity Magazine, Jun 22 2018)
It warned that “government agents may see malicious software updates as a means for surveillance” and the US government may force users to install malware to bypass passcode lockouts, enable wiretapping, turn on cameras, or physically track someone.
Attackers Pick Microsoft Office for Zero-Day Exploits (Infosecurity Magazine, Jun 21 2018)
Malicious actors leverage Word as the vector of choice.
Monero-mining Drupal malware targets network systems (SC Magazine, Jun 22 2018)
Cybercriminals are delivering Monero-mining malware designed to turn entire systems into mining bots via a Drupal vulnerability that was patched back in April of this year.
Cracking Cortana: The Dangers of Flawed Voice Assistants (Dark Reading, Jun 22 2018)
Researchers at Black Hat USA will show how vulnerabilities in Microsoft’s Cortana highlight the need to balance security with convenience.