A Review of the Best News of the Week on Cyber Threats & Defense

A ‘Blockchain Bandit’ Is Guessing Private Keys and Scoring Millions (Wired, Apr 23 2019)
The larger lesson of an ongoing Ethereum crime spree: Be careful with who’s generating your cryptocurrency keys.

Legacy infrastructures and unmanaged devices top security risks in the healthcare industry (Help Net Security, Apr 25 2019)
– The most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels. This traffic represents external communication involving multiple sessions over long periods of time that appear to be normal encrypted web traffic.
– The most common method attackers use to hide data exfiltration behaviors in healthcare networks was hidden domain name system (DNS) tunnels. Behaviors consistent with exfiltration can also be caused by IT and security tools that use DNS communication.

How a Nigerian ISP Accidentally Hijacked the Internet (Dark Reading, Apr 25 2019)
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China’s Great Firewall.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Trojanized TeamViewer Against Government Targets (Check Point Research, Apr 23 2019)
Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer.

Cybersecurity: This free tool lets you test your hacker defences (ZDNet, Apr 29 2019)
NCSC initiative is based off real hacking scenarios and looks to bolster cybersecurity of businesses.

PDF: The vehicle of choice for malware and fraud (Help Net Security, Apr 23 2019)
This fraud campaign takes advantage of recipients’ trust in PDF files as a “safe” file format that is widely used and relied upon for business operations.

Vietnam-Linked Hackers Use Atypical Executables to Avoid Detection (SecurityWeek, Apr 23 2019)
OceanLotus, a Vietnam-linked cyber-espionage group, has been using atypical executable formats in an attempt to avoid detection and hinder analysis, according security firm Malwarebytes.

Google File Cabinet Plays Host to Malware Payloads (Dark Reading, Apr 23 2019)
Researchers detect a new drive-by download attack in which Google Sites’ file cabinet template is a delivery vehicle for malware.

How Microsegmentation Helps to Keep Your Network Security Watertight (Infosec Island, Apr 24 2019)
Building and implementing a micro-segmentation strategy requires careful planning and orchestration to ensure it is effective.

Magecart Swoops in to Strike Atlanta Hawks Shop (Infosecurity Magazine, Apr 25 2019)
Card-skimming malware targets NBA team’s online store.

Gunpoint domain hijack turns out to have been a family affair (Naked Security – Sophos, Apr 24 2019)
The owner of State Snaps hired his cousin to break into the home of the owner of DoItForState.com to force him to transfer the domain.

DNSpionage attack adds new tools, morphs tactics (Network World Security, Apr 24 2019)
“The threat actor’s ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization’s normal proxy or weblogs,” Talos wrote.

ExtraPulsar backdoor based on leaked NSA code – what you need to know (Naked Security – Sophos, Apr 25 2019)
A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.

Oracle, Gemalto Downplay Java Card Vulnerabilities (SecurityWeek, Apr 25 2019)
A cybersecurity research company has uncovered over 30 security issues in Java Card technology, but Oracle and Gemalto appear to downplay the impact of the flaws.

Best practices when implementing SD-WAN (Help Net Security, Apr 26 2019)
“we explore the most common questions that spring up when implementing SD-WAN, and how to make the process as easy as possible for your enterprise.”