A Review of the Best News of the Week on Cyber Threats & Defense

Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers (Wired, Dec 18 2019)
Thirty years ago, Cliff Stoll published The Cuckoo’s Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.

Webroot’s Listing of the ‘Nastiest’ Malware of 2019 (eWEEK, Dec 21 2019)
From zombie botnets to insidious email infiltrators, here are the top malware threats to hit us in 2019, according to Webroot.

Worried About Magecart? Here’s How to Check for It (Dark Reading, Dec 18 2019)
Researchers share how everyday users can check for malicious code on e-commerce websites.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Few Firms Use Segmentation, Despite Security Benefits (Dark Reading, Dec 18 2019)
Network segmentation is considered a key security control to prevent attackers from easily accessing critical assets from compromised, but unprivileged, computers. So why aren’t more companies doing it?

Hardware hacks: The next generation of cybercrime (Help Net Security, Dec 19 2019)
Physical access requirements are a thing of the past. A somewhat recent example includes UEFI/BIOS implants, which were weaponized by nation-states and installed remotely by exploiting vulnerabilities in the underlying UEFI system. It’s a form of cyber-espionage where attackers thrive off of access, stealth, and persistence to manipulate low-level software embedded in the hardware to gain control over the system. Once hackers gain control, they sit and wait for the most opportune moment to create the most destruction possible.

20 Vulnerabilities to Prioritize Patching Before 2020 (Dark Reading, Dec 23 2019)
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

Hacking and malware cause 75% of all data breaches in the financial services industry (Help Net Security, Dec 17 2019)
Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries.

The silent rise of cryptojacking (SC Magazine, Dec 17 2019)
Unlike phishing or ransomware attacks, cryptojacking runs nearly silently in the background of the victim’s computer or device. It involves installing malware on a device connected to the internet, which can be anything from a phone, to a gaming console, to a router, to an organization’s servers. Once installed, the hacker can then use the devices’ computing power to “mine” cryptocurrency without the user’s knowledge.

It’s time to disconnect RDP from the internet (WeLiveSecurity, Dec 17 2019)
Brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connections; ESET releases a tool to test your Windows machines for vulnerable versions

Know your enemy: Mapping adversary infrastructure quickly and accurately (Help Net Security, Dec 19 2019)
Group-IB is a known quantity in the information security arena: in the sixteen years since its inception, the company – now headquartered in Singapore – has detected and detailed many high-profile threats, performed over a thousand successful investigations across the globe and gained widespread recognition for helping private and public entities and law enforcement worldwide track down and prosecute cybercriminals.

Hiding malware downloads in Taylor Swift pics! New SophosLabs report (Naked Security – Sophos, Dec 19 2019)
Just because a malware family isn’t all over the headlines doesn’t mean it isn’t interesting… or important… or dangerous!

As Hackers Target Mobile Payment Apps, Here’s How to Keep Them at Bay (Dark Reading, Dec 20 2019)
A little vigilance helps retailers reduce and prevent three of the most common kinds of mobile app fraud

China-Based Cyber Espionage Group Targeting Orgs in 10 Countries (Dark Reading, Dec 19 2019)
Dozens of organizations across multiple sectors have become victims of APT20 in the past two years.

Challenges of using firewall tech to do segmentation (Help Net Security, Dec 20 2019)
Despite the inevitability of security-related incidents, few organizations currently protect against the spread of breaches with segmentation – only 19 percent of the 300 IT professionals surveyed by Illumio currently implement segmentation solutions today.

Multiple-malware dropper ‘Legion Loader’ dissected (SC Magazine, Dec 19 2019)
The insidious nature of difficult-to-detect, multiple strains of malware working in tandem to unleash complete obliteration is on full display with the dropper Legion Loader.

Citrix Vulnerability Leaves 80,000 Companies at Risk (SecurityWeek, Dec 23 2019)
A critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) could allow criminal access to the networks of 80,000 companies in 158 countries.