A Review of the Best News of the Week on Cyber Threats & Defense

LockBit Is the New Ransomware for Hire (Wired, May 03 2020)
A recent infection, which managed to plunder a company’s network within hours, demonstrates why the malware has become so prevalent.

How Cybercriminals are Weathering COVID-19 (Krebs on Security, Apr 30 2020)
“In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it’s not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals. Here’s a look at how they’re adjusting to these new realities.”

Brute forcing RDP credentials on the rise (SC Media, Apr 30 2020)
A huge uptick in brute force attacks designed to crack the login credentials of those using remote access tools has been detected by Kaspersky. This is particularly taking place against firms using Microsoft’s proprietary Remote Desktop Protocol (RDP).

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

‘Evil GIF’ account takeover flaw patched in Teams (Naked Security – Sophos, Apr 28 2020)
Microsoft has fixed a flaw in Teams that could have allowed attackers to launch a wormlike attack on multiple accounts by sending one victim a malicious GIF image.

Fooling NLP Systems Through Word Swapping (Schneier on Security, Apr 28 2020)
“MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find natural.

COVID-19 prompts DHS warning to review Office 365 security (Naked Security – Sophos, May 01 2020)
The DHS is urging users to secure Office 365 accounts after reporting security weaknesses in Microsoft’s online productivity service.

Microsoft Warns of Malware Hidden in Pirated Film Files (Dark Reading, Apr 29 2020)
An active campaign inserts malicious VBScript into ZIP files posing as downloads for “John Wick 3,” “Contagion,” and other popular movies.

Microsoft warns of ransomware attacks with ‘motley crew’ of payloads (SC Media, Apr 30 2020)
Ransomware delivering a “motley crew” of payloads is straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks.

ESET Threat Report (WeLiveSecurity, Apr 29 2020)
A view of the Q1 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Industrial Networks’ Newest Threat: Remote Users (Dark Reading, May 01 2020)
We know remote working isn’t going away anytime soon, so it’s crucial we be extra vigilant about security for industrial networks and critical infrastructure.

User-Friendly Cybersecurity: Is a Better UX the Key to a Better Defense? (Dark Reading, Apr 30 2020)
Frictionless security, improved interfaces, and more usable design may improve the efficacy of security tools and features (and make life easier for users and infosec pros alike). So why has there been so much resistance?

UK Government Launches Online Cyber-School (Infosecurity Magazine, May 01 2020)
A new online cybersecurity course for school-children is launched in the UK

Aggah malspam campaign updated with new payloads (SC Media, Apr 30 2020)
An updated Aggah malspam campaign is distributing malicious Microsoft Office documents designed to trigger a multi-stage infection in order to a target a user’s endpoint. The campaign is depositing Agent Tesla, njRAT and Nanocore RAT in a attack that is being run out of several Pastebin accounts, reported Cisco Talos.

Oracle Says Hackers Targeting Recently Patched Vulnerabilities (SecurityWeek, May 01 2020)
Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883.

CISA Reminds Federal Agencies to Use Its DNS Service (SecurityWeek, May 01 2020)
A memorandum sent by the United States Cybersecurity and Infrastructure Security Agency (CISA) to Chief Information Officers (CIOs) at federal agencies reminds them to use EINSTEIN 3 Accelerated (E3A)’s Domain Name System (DNS) sinkholing capability for DNS resolution.

What Is Fleeceware and How Can You Protect Yourself? (Wired, May 01 2020)
Sneaky developers are charging big bucks for basic apps. Here’s how to spot a scam in sheep’s clothing.

SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP! (Help Net Security, May 04 2020)
Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns. About SaltStack Salt Salt is used for configuring, managing and monitoring servers in datacenters and cloud environments. The Salt installation is the “master” and each server it monitors runs an API agent called a “minion”.

Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap (SecurityWeek, May 04 2020)
“A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply.”