A Review of the Best News of the Week on Cyber Threats & Defense
US Federal Agency Compromised by Cyber-Actor (Infosecurity Magazine, Sep 25 2020)
Criminals gain access to unnamed federal agency using Microsoft Office 365 log-in
NSA Issues Cybersecurity Guidance for Remote Workers, System Admins (SecurityWeek, Sep 21 2020)
The National Security Agency (NSA) has published two cybersecurity information sheets (CSIs) with recommendations for National Security System (NSS) and Department of Defense (DoD) workers and system administrators on securing networks and responding to incidents during the work-from-home period.
Ransomware Attacks Take On New Urgency Ahead of Vote (The New York Times, Sep 28 2020)
Attacks against small towns, big cities and the contractors who run their voting systems have federal officials fearing that hackers will try to sow chaos around the election.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How to Protect Your Company from Ransomware Attacks (eWEEK, Sep 23 2020)
Many backup products on the market today have some level of analytics functionality to determine whether any particular data has been corrupted. However, many of these solutions are metadata-only based, only looking at basic information about a file or database. Others use metadata analytics on the first pass and then follow up on suspicious results with content-based analytics. But this approach is flawed and can miss more sophisticated attack vectors, providing a false sense of confidence. A comprehensive content-based analytic scan deployed from the start validates the data’s integrity and delivers the high level of confidence that advanced or hidden attacks are found and neutralized.
Your best defense against ransomware: Find the early warning signs (Help Net Security, Sep 23 2020)
As ransomware continues to prove how devastating it can be, one of the scariest things for security pros is how quickly it can paralyze an organization. Just look at Honda, which was forced to shut down all global operations in June, and Garmin, which had its services knocked offline for days in July. Ransomware isn’t hard to detect but identifying it when the encryption and exfiltration are rampant is too little too late.
Windows backdoor masquerading as VPN app installer (Help Net Security, Sep 22 2020)
Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor, Trend Micro researchers warn. The trojanized package in this specific case is the Windows installer for Windscribe VPN, and contains the Bladabindi backdoor, which is able to: Execute commands from a remote malicious user (e.g., downloading, executing, and updating files) Log a user’s keystrokes Take screenshots of the user’s screen Collect information about the computer …
Shift to remote work and heavy reliance on service providers for security leaves blind spots (Help Net Security, Sep 21 2020)
83% of C-level executives expect the changes they made in the areas of people, processes, and applications as a response to the COVID-19 pandemic to become permanent (whether significant or partial), according to Radware. According to the report, pandemic-driven changes affected various aspects of business, 44% of executives surveyed reported a negative negative impact on budgets, 43% reported a workforce reduction, while 37% reported reduced real estate footprints.
71% of CISOs Believe Cyber-warfare is a Threat to Their Organization (Infosecurity Magazine, Sep 22 2020)
22% of CISOs do not have a strategy to protect against cyber-warfare
Three strategies to defend remote workers from cyberattacks (SC Media, Sep 22 2020)
The COVID-19 pandemic has accelerated digital transformation with remote workers going from 20 percent to more than 80 percent of the employed population. In the wake of the shutdown, security attacks are on the rise as corporate networks expand from the headquarters to thousands of remote home locations. Insecure Wi-Fi connections, shadow IoT devices, and lax home security policies…
“LokiBot,” the malware that steals your most sensitive data, is on the rise (Ars Technica, Sep 22 2020)
“Persistent malicious” activity sees a “notable increase” since July, feds say.
Attackers Target Small Manufacturing Firms (Dark Reading, Sep 22 2020)
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
Critical Instagram Flaw Could Let Attackers Spy on Victims (Dark Reading, Sep 24 2020)
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
Using virtualization to isolate risky applications and other endpoint threats (Help Net Security, Sep 25 2020)
More and more security professionals are realizing that it’s impossible to fully secure a Windows machine – with all its legacy components and millions of potentially vulnerable lines of code – from within the OS. With attacks becoming more sophisticated than ever, hypervisor-based security, from below the OS, becomes a necessity. Unlike modern OS kernels, hypervisors are designed for a very specific task.
Layered security becomes critical as malware attacks rise (Help Net Security, Sep 25 2020)
Despite an 8% decrease in overall malware detections in Q2 2020, 70% of all attacks involved zero day malware – variants that circumvent antivirus signatures, which represents a 12% increase over the previous quarter, WatchGuard found. Malware detections during Q2 2020 Attackers are continuing to leverage evasive and encrypted threats.
Large vendor ecosystems and low visibility increase third-party cyber risk (Help Net Security, Sep 24 2020)
80% of organizations experienced a cybersecurity breach that originated from vulnerabilities in their vendor ecosystem in the past 12 months, and the average organization had been breached in this way 2.7 times, according to a BlueVoyant survey. The research also found organizations are experiencing multiple pain points across their cyber risk management program as they aim to mitigate risk across a network that typically encompasses 1409 vendors.
Navigating the Asia-Pacific Threat Landscape: Experts Dive In (Dark Reading, Sep 25 2020)
At next week’s virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.