A Review of the Best News of the Week on Cyber Threats & Defense

Hackers breached 3 US antivirus companies, researchers reveal (Ars Technica, May 09 2019)
In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors.

Verizon’s data breach report: What the numbers say (WeLiveSecurity, May 13 2019)
69% of attacks are perpetrated by outsiders
39% of all attacks are perpetrated by organized criminal groups
23% of bad actors are identified as nation-state or state affiliated
43% of breaches involved small businesses victims
52% of breaches involved hacking
33% included social attacks
28% involved malware

Unhackable? New chip makes the computer an unsolvable puzzle (Help Net Security, May 07 2019)
A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Cryptographic breakthrough allows using handshake-style encryption for time-delayed communications (Help Net Security, May 07 2019)
Now, researchers at Stevens Institute of Technology, and colleagues, have solved a 15-year-old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email – a challenge once thought to be impossible.

Microsoft Debuts ElectionGuard to Secure Voting Processes (Dark Reading, May 06 2019)
The new software development kit – free and open source – will be available to election officials and technology suppliers this summer.

IRS Authority To Regulate Tax Prep Cybersecurity Has Gaps, Watchdog Says (Nextgov, May 10 2019)
Digital tax fraud schemes are on the rise but the IRS can only do so much to regulate third-party providers without more authority.

Nation-State Breaches Surged in 2018: Verizon DBIR (Dark Reading, May 09 2019)
The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.

Turla LightNeuron: An email too far (WeLiveSecurity, May 07 2019)
ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments

Qakbot Trojan Updates Persistence, Evasion Mechanism (Infosec Island, May 06 2019)
Known for the targeting of businesses to steal login credentials and eventually drain their bank accounts, the malware has received updates to the scheduled task it uses to achieve persistence on the infected systems, which also allows it to evade detection.

MegaCortex ransomware distracts victims with Matrix film references (Naked Security – Sophos, May 07 2019)
One moment, the defenders’ network looked secure but the next, as if out of nowhere, the ransom note pops up.

US States with the Worst Consumer Cyber-Hygiene (Dark Reading, May 07 2019)
Ranking based on consumers’ cybersecurity practices – or lack thereof.

Here’s how the military’s hacking arm is gearing up to protect the 2020 election (The Washington Post, May 08 2019)
Cybercom expects to do more of those operations in the lead up to 2020 but not necessarily with the same allies, the officials said. And of course, Cybercom showed another way it can flex its muscle in the days leading up the midterm elections when it launched an operation to shut off Internet access to a notorious Russian troll farm.

2018 Arrests Have Done Little to Stop Marauding Threat Group (Dark Reading, May 08 2019)
FIN7, also known as Carbanak Group and the Cobalt Group, is a well-known, financially motivated group that’s been operating since at least 2015. It is believed to be responsible for attacks on at least 100 US-based companies, most of them in the hospitality, restaurant, and gaming industries.

Securing satellites: The new space race (Help Net Security, May 09 2019)
Satellites are basically very expensive IoT devices. Unfortunately, like IoT devices here on the ground, they suffer from a lack of security and are vulnerable to being hacked and compromised. Typically, satellite engineers aren’t thinking about security, resulting in glaring vulnerabilities. There are no mandated security standards that must be met before a satellite is launched.

Open banking establishes new access to banks’ networks, creating additional security issues (Help Net Security, May 08 2019)
As more markets adopt open banking — which mandates banks to open their systems to third parties — it will be increasingly critical for banks to ensure the security of not only their networks, but those of their ecosystems partners as well, according to a report from Accenture that predicts key technology trends in banking over the next three years.

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool (SC Magazine, May 10 2019)
The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra.

DHS warns against ‘password spray’ brute force attacks (SC Magazine, May 09 2019)
The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by “password spray” attacks.

North Korea-Linked ‘ScarCruft’ Adds Bluetooth Harvester to Toolkit (SecurityWeek, May 13 2019)
A North Korea-linked threat group tracked as ScarCruft, APT37 and Group123 continues to evolve and expand its toolkit.

Microsoft SharePoint Vulnerability Exploited in the Wild (SecurityWeek, May 13 2019)
A critical vulnerability in Microsoft’s SharePoint collaboration platform has been exploited in the wild to deliver malware.

Dissecting Weird Packets (TaoSecurity, May 09 2019)
“I was investigating traffic in my home lab yesterday, and noticed that about 1% of the traffic was weird.”