A Review of the Best News of the Week on Cyber Threats & Defense
Defending Democracies Against Information Attacks (Schneier on Security, Apr 30 2019)
“In this short paper, we undertake a more modest task: providing policy advice to improve the resilience of democracy against these attacks. Specifically, we can show how policy makers not only need to think about how to strengthen systems against attacks, but also need to consider how these efforts intersect with public beliefs — or common political knowledge — about these systems, since public beliefs may themselves be an important vector for attacks.”
Someone Is Hacking GitHub Repositories and Holding Code Ransom (VICE US, May 03 2019)
Hackers are trying a novel approach to extort developers of some money.
A cyberattack just disrupted grid operations in the U.S. But it could have been far worse. (Washington Post, May 06 2019)
It raised concerns about the potential for a far more powerful attack.
Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.
Attackers Used Red-Team, Pen-Testing Tools to Hack Wipro (Dark Reading, May 01 2019)
Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.
Majority of Encrypted Email Clients Vulnerable to Signature Spoofing (SecurityWeek, May 01 2019)
Out of 20 Email Clients Tested, 14 Were Vulnerable to OpenPGP Signature Spoofing Attacks
Japan is developing a computer virus to fight cyberattacks, claim reports (Graham Cluley, May 02 2019)
According to a report in the Japan Times, the Japanese Defense Ministry is considering creating “its first ever computer virus… as a defense measure against cyberattacks.”
Microsoft Outlook Email Breach Targeted Cryptocurrency Users (Motherboard, Apr 29 2019)
Earlier this month, Motherboard revealed that Microsoft’s email services were compromised. Multiple victims now say that hackers stole their cryptocurrency.
A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree (Wired, May 03 2019)
A group of likely Chinese hackers has poisoned the software of at least six companies in just the last three years.
FinServ Sees 60% Spike in Business Email Compromise (Infosecurity Magazine, Apr 30 2019)
Identities of at least five employees were weaponized in more than half of FinServ orgs, says report.
The Census is vulnerable to digital attack. But Congress may be dropping the ball (Washington Post, May 01 2019)
The 2020 Census faces major cybersecurity risks that could compromise the personal information of hundreds of millions of Americans. But Congress doesn’t seem to be paying much attention.
Researchers Explore Remote Code Injection in macOS (Dark Reading, Apr 30 2019)
Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.
Buhtrap backdoor and ransomware distributed via major advertising platform (WeLiveSecurity, Apr 30 2019)
What better way to target accountants than to target them as they search the web, looking for documents pertinent to their job? This is just what has been happening for the past few months, where a group using two well-known backdoors — Buhtrap and RTM — as well as ransomware and cryptocurrency stealers, has targeted organizations, mainly in Russia.
Huge DDoS Attacks Shift Tactics in 2019 (Dark Reading, May 01 2019)
Analysis of two high-volume DDoS attacks show they’re becoming more difficult to remediate with changes to port and address strategies.
Supply chain attacks: Mitigation and protection (Help Net Security, May 02 2019)
In software development, a supply chain attack is typically performed by inserting malicious code into a code dependency or third-party service integration. Unlike typical cyber attacks, supply chain attacks provide two major advantages to attackers.
Brute-Force Attempts More Common on Edge Devices (Infosecurity Magazine, May 01 2019)
Based on a compilation of research from several contributors, the white paper notes that CTA members have seen “a quiet but growing threat to edge devices since 2016. These devices are deployed at the boundaries between interconnected networks. The resulting impact of these devices – such as routers, switches and firewalls – on an enterprise and to the connected digital ecosystem can be significant.”
You Want to Automate Your Security Architecture – Now What? (SecurityWeek, May 02 2019)
There are many factors to consider when deciding how, when and where to implement the right automation capabilities in order to improve productivity, reduce costs, scale to support cloud deployments and ultimately strengthen the security posture of an enterprise.
This Windows Malware Is Evolving To Catch Out Firms With Poor Cybersecurity (Forbes, May 06 2019)
Well-known password stealing trojan Qakbot is finding new ways of staying hidden to access firms’ bank accounts. Here’s what you need to know
Security Depends on Careful Design (Dark Reading, May 02 2019)
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
MITRE’s ATT&CK to assess cybersecurity products based on APT29/Cozy Bear/The Dukes (Help Net Security, May 02 2019)
MITRE’s ATT&CK Evaluations program will assess commercial cybersecurity products based on techniques used by APT29/Cozy Bear/The Dukes. Cybersecurity analysts believe the group operates on behalf of the Russian government, and that it compromised the Democratic National Committee starting in 2015.
‘Mirrorthief’ card-skimming attack steals card data from online college stores (SC Magazine, May 06 2019)
A total of 201 online college stores in the U.S. and Canada have fallen victim to a Magecart-style card-skimming attack that appears to be the work of a new cybercrime group with no clear ties to past Magecart activity.