A Review of the Best News of the Week on Cyber Threats & Defense

Chrome will soon block drive-by-download malvertising (Naked Security – Sophos, Mar 13 2019)
A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.

Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites (Dark Reading, Mar 14 2019)
New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.

Stolen email credentials being used to pry into cloud accounts (SC Magazine, Mar 14 2019)
Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Hidden third-party tags could be leaving Fortune 100 companies at risk (Help Net Security, Mar 12 2019)
Crownpeak found more than 1,700 tag redirectson websites belonging to companies in the Fortune 100. These hidden third-party tags leave the sites open to potential data breaches under the GDPR and cause a total average latency of 5.2 seconds, in a world where every 100 milliseconds costs sites 1% of their conversions.

Windows 10 will automatically remove updates, drivers that break booting (Ars Technica, Mar 12 2019)
Problematic updates will be held back for 30 days.

Study: Hacking 10 percent of self-driving cars would cause gridlock in NYC (Ars Technica, Mar 13 2019)
Multiple networks for connected vehicles could mitigate risk of a widespread hack.

New Malware Shows Marketing Polish (Dark Reading, Mar 13 2019)
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.

Protecting applications against DFA attacks (Help Net Security, Mar 14 2019)
With the first research paper on the topic published in 2002, Differential Fault Analysis, or DFA, is an attack technique that is designed to recover cryptographic keys from apps by injecting “faults” into the app’s crypto code at runtime and observing changes in the app’s behavior. A fault is essentially flipping a bit inside an internal calculation and observing what changes. Faults can be injected in a variety of ways, such as varying power levels in hardware devices or changing bits of memory in software.

London’s Tourist Hot Spots Suffer 100m+ Cyber-Attacks (Infosecurity Magazine, Mar 18 2019)
Kew Gardens tops the list in new FOI research

ICS Ethernet Switches Littered with Flaws (Infosecurity Magazine, Mar 11 2019)
Moxa issues fixes for 12 vulnerabilities found in industrial switches.

Cyber-Attacks Increasing for Canadian Orgs (Infosecurity Magazine, Mar 12 2019)
A new study finds 83% of participating businesses in Canada have been breached.

Yatron ransomware uses NSA exploits (SC Magazine, Mar 12 2019)
A ransomware-as-a-service (RaaS) dubbed Yatron plans to spread using EternalBlue and NSA exploits. Oddly enough, researchers noted the ransomware has been promoted on Twitter by its creator who has tweeted promotions to various ransomware and security researchers, according to Bleeping Computer.

Anomaly Detection Techniques: Defining Normal (Dark Reading, Mar 14 2019)
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.

Fraudsters Band Together, Shift to Bot Attacks (Infosecurity Magazine, Mar 15 2019)
Fraud rings on the rise, increasing attacks on e-commerce.

Proof-of-Concept Tracking System Finds RATs Worldwide (Dark Reading, Mar 15 2019)
Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security.

Cryptojacking of businesses’ cloud resources still going strong (Help Net Security, Mar 18 2019)
While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else’s resources for free.

Current phishing defense strategies and execution are not hitting the mark (Help Net Security, Mar 18 2019)
-Only a slight majority (63 percent) regularly monitor and report on the effectiveness of their activities.
-38 percent of respondents reported that their organizations develop security awareness collateral and anti-phishing materials internally.
-85 percent of enterprises measure and regularly report on the effectiveness of their phishing awareness programs.

Spectrum Healthcare Latest to Issue Breach Notice (Infosecurity Magazine, Mar 15 2019)
A third-party data breach has potentially impacted 600,000 individuals, says Michigan AG.

Center for Internet Security warns of Trickbot (SC Magazine, Mar 15 2019)
TrickBot malware targets users financial information and acts as a dropper for other malware and can be leveraged to steal banking information, conduct system and network reconnaissance, harvest credentials and achieve network propagation, according to a security primer released by the Multi-State Information Sharing and Analysis Center (MS-ISAC).