A Review of the Best News of the Week on Cyber Threats & Defense

How Cloudflare Uses Lava Lamps to Guard Against Hackers (Wired, Jul 29 2018)
Inside Cloudflare’s San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China (Krebs on Security, Jul 27 2018)
“Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.”

Sen. McCaskill reportedly identified as Russian hacking target as mid-term elections approach (SC Magazine, Jul 27 2018)
Sen. Claire McCaskill, D-Mo., an incumbent facing a tight race in the 2018 U.S. mid-term elections, has affirmed that Russian hackers are attempting to interfere with her reelection campaign, following an independent forensic analysis identifying her as a target.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

New and improved: Researchers discover Parasite HTTP RAT and upgraded Kronos banking trojan (SC Magazine, Jul 25 2018)
Researchers from Proofpoint have announced the discovery of a brand new remote access trojan, and an upgraded version of an old banking trojan — both of which have been used in recent phishing campaigns.

The Foundation of Cyber-Attacks: Credential Harvesting (SecurityWeek, Jul 25 2018)
Recent reports of a newly detected Smoke Loader infection campaign and the re-emergence of Magecart-based cyber-attacks illustrate a common tactic used by cyber criminals and state-sponsored attackers alike ― credential harvesting. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default, or weak credentials. While credential harvesting is often seen as equivalent to phishing, it uses different tactics.

Securing the supply chain: Organizations need best practices in proactive security (Help Net Security, Jul 24 2018)
90 percent of respondents confirmed they incurred a financial cost as a result of experiencing a software supply chain attack. The average cost of an attack was over $1.1 million dollars.

DHS Officials: Hundreds of US Utility Victims Infiltrated by Russian Hackers (Dark Reading, Jul 24 2018)
Federal government officials up their count of US energy sector victims from dozens to hundreds, according to a Wall Street Journal report.

Iranian cyber activity on the rise with Leafminer, OilRig leading the way (SC Magazine, Jul 25 2018)
Iran has once again found itself in the crosshairs of cybersecurity researchers with Palo Alto Networks’ Unit 42, Symantec and the German intelligence all pointing accusatory fingers at Tehran over several recently revealed cyber campaigns.

Microsoft Uncovers Multi-Tier Supply Chain Attack (SecurityWeek, Jul 27 2018)
Microsoft has shared details of a new attack that attempted to spread crypto-mining malware to a large number of users by compromising the software supplying partner of an application developer.

DARPA Wants Research into Resilient Anonymous Communications (Schneier on Security, Jul 26 2018)
DARPA is funding research into resilient anonymous communications systems….

US-CERT Warns of ERP Application Hacking (Dark Reading, Jul 25 2018)
ERP applications such as Oracle and SAP’s are open to exploit and under attack, according to a new report referenced in a US-CERT warning.

Automating Kernel Exploitation for Better Flaw Remediation (Dark Reading, Jul 29 2018)
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.

Threat Hunting: Rethinking ‘Needle in a Haystack’ Security Defenses (Dark Reading, Jul 24 2018)
In cyber, needles (that is, threats) can disappear quickly, for a variety of reasons, and long often after hackers have completed what they came to do.

New Spectre attack enables secrets to be leaked over a network (Ars Technica, Jul 26 2018)
It’s no longer necessary to run attacker code on the victim system.

Senator Urges Government to Kill Off Flash Now (Infosecurity Magazine, Jul 26 2018)
Wyden wants to mitigate security risk well before software’s end-of-life in 2020

Researchers find previously unknown, early version of ‘Proton’ Mac malware (SC Magazine, Jul 26 2018)
Researchers from Kaspersky Lab have uncovered what appears to be an early developmental prototype of the Proton backdoor malware that typically infects macOS users who download fake security applications.

Iranian Hackers Use QUADAGENT Backdoor in Recent Attacks (SecurityWeek, Jul 26 2018)
A series of recent attacks attributed to an Iran-linked cyber-espionage group delivered a PowerShell backdoor onto compromised machines, Palo Alto Networks has discovered.

Hidden Bee miner spread via download drive-by download toolkit (SC Magazine, Jul 27 2018)
The Hidden Bee cryptominer is being delivered to users via an improved drive-by download tooldkit which exploits the CVE-2018-4878 Flash Player vulnerability.

Retired Malware Samples: Everything Old is New Again (Lenny Zeltser, Jul 27 2018)
“I’m always on the quest for real-world malware samples that help educate professionals to analyze malicious software. As techniques and technologies change, I introduce new specimens and retire old ones from the reverse-engineering course I teach at SANS Institute. Here are some of the legacy samples that were once present in FOR610 materials.”

New Report on Police Digital Forensics Techniques (Schneier on Security, Jul 27 2018)
The FBI needs technical expertise, not backdoors.