A Review of the Best News of the Week on Cyber Threats & Defense
How Researchers Track Malware (VICE, Aug 29 2019)
What is malware, exactly? Well, ultimately just some lines of code.
WannaCry Remains No. 1 Ransomware Weapon (Dark Reading, Aug 27 2019)
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro’s detection data.
New Credential-Theft Attack Weaponizes DNS (Dark Reading, Aug 30 2019)
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
New ‘Lyceum’ Threat Group Eyes Critical Infrastructure (Dark Reading, Aug 27 2019)
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East.
What the education industry must do to protect itself from cyber attacks (Help Net Security, Aug 28 2019)
Most attention around data breaches is on the commercial side, with Capital One being the recent high-profile breach, compromising the personal information of more than 100 million people. However, the education sector is proving to also be an attractive target.
DHS program to fight ransomware attacks on 2020 elections (SC Magazine, Aug 27 2019)
“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” a Reuters report quoted DHS Cybersecurity Infrastructure Security Agency (CISA) Director Christopher Krebs as saying. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”
Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems (SecurityWeek, Aug 28 2019)
A researcher has disclosed the details and created Metasploit modules for Cisco UCS vulnerabilities that can be exploited to take complete control of affected systems.
Researchers Analyze Tools Used by ‘Hexane’ Attackers Against Industrial Firms (SecurityWeek, Aug 28 2019)
Security researchers from Secureworks have analyzed several tools used by the Hexane threat actor in attack campaigns against industrial organizations over the past several months.
What can be done about the rising click interception threat? (Help Net Security, Aug 29 2019)
They discovered 437 third-party scripts intercepting user clicks on 613 websites, which receive around 43 million visits every day, and found that attackers are using three different techniques to intercept user clicks:
Interception by hyperlinks (script creates new or modifies existing hyperlinks)
New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations (Help Net Security, Aug 29 2019)
McAfee Labs saw an average of 504 new threats per minute in Q1 2019, and a resurgence of ransomware along with changes in campaign execution and code. More than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the quarter. Sixty-eight percent of targeted attacks utilized spear-phishing for initial access, 77% relied upon user actions for campaign execution.
Rash of ransomware continues with 13 new victims—most of them schools (Ars Technica, Aug 30 2019)
Elsewhere, dentists get in on the fun and Baltimore raids parks money to pay for repairs.
Fileless attacks designed to disguise malicious activity up 265% (Help Net Security, Aug 30 2019)
Trend Micro published its roundup report for the first half of 2019, revealing a surge in fileless attacks designed to disguise malicious activity. Detections of this threat alone were up 265% compared to the first half of 2018. Fileless events were 18% more than in the whole of 2018.
More than a decade after hitting the headlines, clickjacking fraud remains an under-reported hazard on hundreds of popular websites.
Researcher finds exposed Starbucks subdomain subject to takeover (SC Magazine, Aug 29 2019)
Starbucks shuttered a subdomain that pointed to an abandoned Azure cloud resource after a security researcher in its bug bounty program discovered it was vulnerable to cross-site script and session hijacking. The subdomain, svcgatewayus.starbucks.com, “pointed to Microsoft Azure Cloud App…
This Spreadsheet of ‘The Worst 25 Passwords’ Is Actually Malware (VICE, Aug 29 2019)
Hackers are getting meta.