A Review of the Best News of the Week on Cyber Threats & Defense

Hackers Broke Into Real News Sites to Plant Fake Stories (Wired, Jul 29 2020)
A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

From Minecraft Tricks to Twitter Hack: A Florida Teen’s Troubled Online Path (The New York Times, Aug 03 2020)
The teenage “mastermind” of the recent Twitter breach, who had a difficult family life, poured his energy into video games and cryptocurrency.

Ohio Researcher Admits Selling Secrets to China (Infosecurity Magazine, Jul 31 2020)
Chen and her husband, alleged co-conspirator Yu Zhou, 49, worked in separate medical research labs at the Nationwide Children’s Hospital’s Research Institute for 10 years each (Zhou from 2007 until 2017 and Chen from 2008 until 2018).

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

North Korea’s Lazarus brings state-sponsored hacking approach to ransomware (Ars Technica, Jul 29 2020)
In search of funds for country’s weapons program, Lazarus goes hunting for big game.

Industrial Systems Can Be Hacked Remotely via VPN Vulnerabilities (SecurityWeek, Jul 28 2020)
Vulnerabilities discovered by researchers in VPN products primarily used for remote access to operational technology (OT) networks can allow hackers to compromise industrial control systems (ICS) and possibly cause physical damage.

Bug in widely used bootloader opens Windows, Linux devices to persistent compromise (Help Net Security, Jul 30 2020)
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have found. The list of affected systems includes servers and workstations, laptops and desktops, and possibly a large number of Linux-based OT and IoT systems.

Kaspersky Uncovers New APT “Mercenary” Group (Infosecurity Magazine, Jul 30 2020)
Deceptikons has been operating for nearly a decade

Bitcoin Transactions Led FBI to Twitter Hackers (SecurityWeek, Aug 03 2020)
Court documents made public last week by U.S. authorities following the announcement of charges against three individuals allegedly involved in the recent Twitter attack revealed how some of the hackers were identified by investigators.

10 billion records exposed in unsecured databases, study says (WeLiveSecurity, Aug 01 2020)
The databases contain personal information that could be used for phishing attacks and identity theft schemes

Avon attackers may have exploited unprotected web server (SC Media, Jul 28 2020)
An openly accessible web server has emerged as a possible attack vector used by cybercriminals in a reported ransomware incident that affected personal care and beauty marketer Avon Products last June. Researchers from Safety Detectives today announced its discovery of a U.S.-based Avon.com server that was not defended by a password…

US, UK Warn of Malware Targeting QNAP NAS Devices (SecurityWeek, Jul 28 2020)
In a joint alert this week, the United States and the United Kingdom warned that a piece of malware has infected over 62,000 QNAP network-attached storage (NAS) devices.

FBI warns of disruptive DDoS amplification attacks (WeLiveSecurity, Jul 29 2020)
The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks

Survey of Supply Chain Attacks (Schneier on Security, Jul 28 2020)
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary: Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.

North Korean Hackers Sniffing for US Defense Secrets (Infosecurity Magazine, Jul 30 2020)
McAfee reveals “Operation North Star” campaign

FBI Warns of NetWalker Ransomware Targeting Businesses (SecurityWeek, Jul 30 2020)
The Federal Bureau of Investigation this week released an alert to warn businesses of ongoing cyberattacks involving the NetWalker ransomware.

How Should I Securely Destroy/Discard My Devices? (Dark Reading, Aug 03 2020)
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.

Havenly Breach Hits Over 1.3 Million Accounts (Infosecurity Magazine, Aug 03 2020)
Interior design service is latest to spill customer PII

Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demand (Naked Security – Sophos, Jul 31 2020)
US travel company CWT has reportedly coughed up $4.5m to ransomware crooks who stole data and scrambled files.

Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe (WeLiveSecurity, Aug 01 2020)
All you need to know about preventing adversaries from exploiting the recently disclosed vulnerabilities in the Thunderbolt interface

The Garmin Hack Was a Warning (Wired, Aug 01 2020)
As ransomware groups turn their attention to bigger game, expect more high-profile targets to fall.