A Review of the Best News of the Week on Cyber Threats & Defense

Anatomy of a ransomware attack: How attackers gain access to unstructured data (Help Net Security, Jun 27 2019)
Let’s walk through a typical ransomware attack to understand how attackers gain access to your company’s most valuable asset: unstructured data.

MageCart Launches Customizable Campaign (Dark Reading, Jun 28 2019)
A tool new to MageCart bolsters the group’s ability to evade detection and steal data.

Threat Actor Poisons OpenPGP Certificates (SecurityWeek, Jul 01 2019)
Poisoned certificates are in the OpenPGP SKS keyserver network after an unknown threat actor targeted the OpenPGP certificates of two high-profile community contributors.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

DHS cyber director warns of surge in Iranian “wiper” hack attacks (Ars Technica, Jun 24 2019)
“Wiper” attacks targeting US companies’ data are on rise, CISA Director Krebs says.

Bird Miner cryptominer targets Macs, emulates Linux (SC Magazine, Jun 24 2019)
A new cryptominer, dubbed Bird Miner, has been spotted in the wild targeting Mac devices and running via Linux emulation under the guise of a production software tool. Malwarebytes researchers described Bird Miner as “somewhat stealthy” due to its instructions to bail out at multiple points if Activity Monitor is running and because of its…

New OSX/Linker malware created to exploit bypass bug in macOS X Gatekeeper (SC Magazine, Jun 25 2019)
Mac researchers have discovered a new malware program designed to specifically exploit a recently disclosed zero-day bypass vulnerability in macOS X Gatekeeper, which has still yet to be patched. Dubbed OSX/Linker, the malware appears to be crafted by the same developers behind OSX/Surfbuyer, an adware program that also targets Mac users…

Malware Coming to a Mac Near You? Yes, Say Security Firms (Dark Reading, Jun 26 2019)
While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.

DDoS-for-Hire Services Doubled in Q1 (Dark Reading, Jun 24 2019)
Impact of FBI’s takedown of 15 ‘booter’ domains last December appears to have been temporary.

Government agencies still send sensitive files via hackable .zips (Naked Security – Sophos, Jun 25 2019)
Senator Ron Wyden has written to NIST asking for guidance and training for government staff in how to share files securely.

Security firms demonstrate subdomain hijack exploit vs. EA/Origin (Ars Technica, Jun 26 2019)
Two security firms graphically demonstrate the danger of subdomain hijacking.

Email Threats Continue to Grow as Attackers Evolve, Innovate (Dark Reading, Jun 25 2019)
Threat actors increasingly using malicious URLs, HTTPS domains, file-sharing sites in email attacks, FireEye says.

Stegoware-3PC marks new high in adware sophistication (SC Magazine, Jun 25 2019)
A new steganography campaign targeting iOS devices exploits demand-side adtech providers and adtech vendors to serve malware to millions of consumers.

Riltok banking trojan begins targeting Europe (SC Magazine, Jun 25 2019)
The Riltok banking trojan, originally intended to target Russians, has, after a few modifications, set its sights on the European market. The malware has more recently diverted four percent of its traffic to France and even smaller percentages to Italy, Ukraine and the U.K., although 90 percent of its victims in Russia…

Threat actors are doing their homework, researchers identify new impersonation techniques (Help Net Security, Jun 27 2019)
There is an increase in three main areas: spoofed phishing attempts, HTTPS encryption in URL-based attacks, and cloud-based attacks focused on publicly hosted, trusted file-sharing services, FireEye found, after analyzing a sample set of 1.3 billion emails. Example CEO fraud email directed to payroll Phishing attacks rose by 17%…

How Hackers Turn Microsoft Excel’s Own Features Against It (Wired, Jun 27 2019)
A pair of recent findings show how hackers can compromise Excel users without any fancy exploits.

Understanding & Defending Against Polymorphic Attacks (Dark Reading, Jun 27 2019)
Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here’s why.

New Spelevo Exploit Kit Spreads via B2B Website (SecurityWeek, Jun 28 2019)
A newly discovered exploit kit is being disseminated via a compromised business-to-business website, Cisco Talos security researchers report.