A Review of the Best News of the Week on Cyber Threats & Defense

How 2019’s Worst Corporate Hacks Could Have Been Prevented (Infosecurity Magazine, Jan 13 2020)
The majority of breaches can be avoided. User log-in credentials, customer databases, corporate emails, sensitive enterprise documents, medical and tax information are just a few examples of data that fell into the wrong hands and got publicly exposed.

Iranian Hackers Have Been ‘Password-Spraying’ the US Grid (Wired, Jan 09 2020)
A state-sponsored group called Magnallium has been probing American electric utilities for the past year.

Phishing for Apples, Bobbing for Links (Krebs on Security, Jan 13 2020)
“Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.”

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks (Dark Reading, Jan 06 2020)
New Year’s Eve attack on currency exchange service Travelex may have involved use of the flaw.

‘Maze’ ransomware threatens data exposure unless $6m ransom paid (Naked Security – Sophos, Jan 07 2020)
US cable and wire manufacturer, Southwire, last week filed a civil suit against Maze’s mysterious makers in Georgia Federal court.

ATT&CK for ICS: Knowledge base of techniques used by cyber adversaries (Help Net Security, Jan 08 2020)
MITRE released an ATT&CK knowledge base of the tactics and techniques that cyber adversaries use when attacking ICS that operate some of the nation’s most critical infrastructures including energy transmission and distribution plants, oil refineries, wastewater treatment facilities, transportation systems, and more.

As ransomware gets craftier, companies must start thinking creatively (TechCrunch, Jan 10 2020)
Some say ransomware is in decline. Others say it’s getting craftier. File-encrypting malware, known as ransomware, infects vulnerable computers and scrambles its files, inviting victims to return access to their data once they pay a ransom.

PGP keys, software security, and much more threatened by new SHA1 exploit (Ars Technica, Jan 07 2020)
Behold: the world’s first known chosen-prefix collision of widely used hash function.

PCs still running Windows 7 will soon be significantly more at risk of ransomware (Help Net Security, Jan 07 2020)
PCs still running when Windows 7 reaches end of life on the 14th of January will be significantly more at risk of ransomware, Veritas Technologies has warned. According to experts, 26% of PCs are expected to still be running the Microsoft software after support for patches and bug fixes end.

USB Cable Kill Switch for Laptops (Schneier on Security, Jan 07 2020)
“BusKill is designed to wipe your laptop (Linux only) if it is snatched from you in a public place:
The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [1, , 3] that executes a series of preset operations.”

Firefox gets patch for critical zeroday that’s being actively exploited (Ars Technica, Jan 08 2020)
Flaw allows attackers to access sensitive memory locations that are normally off-limits.

Snake ransomware tries to slither its way into enterprise networks (SC Magazine, Jan 08 2020)
Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation.

Attackers distill essence of Mirai IoT botnet into LiquorBot malware (SC Magazine, Jan 08 2020)
Researchers recently uncovered another descendant of the Mirai Internet of Things botnet, this one featuring Monero cryptocurrency mining capabilities. Dubbed LiquorBot, the botnet malware is written in Go programming language and seems to use the same command-and-control infrastructure as Mirai.

Pwn2Own 2020: Researchers Again Invited to Hack Tesla (SecurityWeek, Jan 10 2020)
Trend Micro’s Zero Day Initiative (ZDI) on Thursday announced the targets and prizes for the 2020 Pwn2Own competition, which is set to take place on March 18-20 in Vancouver at the CanSecWest conference.

‘Chaos Is the Point’: Russian Hackers and Trolls Grow Stealthier in 2020 (The New York Times, Jan 10 2020)
While U.S. cyberdefenses have improved since 2016, many of the vulnerabilities exploited four years ago remain. And attacks are getting more sophisticated.

Texas School District Loses $2.3M to Phishing Attack (Dark Reading, Jan 13 2020)
The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.

Major Brazilian Bank Tests Homomorphic Encryption on Financial Data (Dark Reading, Jan 10 2020)
The approach allowed researchers to use machine learning on encrypted data without first decrypting it.

US to Axe Drone Fleet Containing Chinese Tech (Infosecurity Magazine, Jan 13 2020)
Concerns over Chinese tech to ground nearly 1,000 US drones

#THIREurope: APT Groups Now Using Similar Tools in Espionage and Cybercrime Attacks (Infosecurity Magazine, Jan 13 2020)
Further research of APT groups shows use of existing tools