A Review of the Best News of the Week on Cyber Threats & Defense
Report: U.S. Cyber Command Behind Trickbot Tricks (Krebs on Security, Oct 10 2020)
“A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command.”
Microsoft Uses Trademark Law to Disrupt Trickbot Botnet (Krebs on Security, Oct 12 2020)
Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.
FBI/DHS: Government election systems face threat from active Zerologon exploits (Ars Technica, Oct 09 2020)
Zerologon gives attackers instant access to all-powerful domain controllers.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Zerologon Vulnerability Used in APT Attacks (Dark Reading, Oct 06 2020)
MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft.
CISA Warns of Emotet Trojan Targeting State, Local Governments (SecurityWeek, Oct 07 2020)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of an increase in attacks targeting state and local governments with the Emotet Trojan. Active for over a decade, Emotet is a Trojan mainly used to drop additional malware onto compromised systems. Previously, it also functioned as a banking Trojan and as an information stealer.
DHS warns that Emotet malware is one of the most prevalent threats today (Ars Technica, Oct 06 2020)
US detects more than 16,000 alerts since July for nasty trojan that’s hard to spot.
Rethinking Email Security in the Face of Fearware (Dark Reading, Oct 06 2020)
E-mail messages preying on fear have ramped up since the COVID-19 outbreak, raising questions about security’s reliance on historical data about past attacks to predict the future
New Cryptojacking Malware Variant Targeting Cloud Systems Discovered (Infosecurity Magazine, Oct 06 2020)
The new variant gives TeamTNT enhanced cryptojacking capabilities
Diplomats Attacked with Firmware Bootkit (Infosecurity Magazine, Oct 05 2020)
Custom version of leaked 2015 bootkit is being used to attack diplomats and NGOs
HP Device Manager vulnerabilities may allow full system takeover (Help Net Security, Oct 07 2020)
Three vulnerabilities affecting HP Device Manager, an application for remote management of HP Thin Client devices, could be chained together to achieve unauthenticated remote command execution as SYSTEM, security researcher Nick Bloor has found. The vulnerabilities have been patched by HP nearly two weeks ago, but additional vulnerability and research details published on Monday may help attackers to craft a working exploit.
Europol analyzes latest trends, cybercrime impact within the EU and beyond (Help Net Security, Oct 07 2020)
The global COVID-19 pandemic that hit every corner of the world forced us to reimagine our societies and reinvent the way we work and live. The Europol IOCTA 2020 cybercrime report takes a look at this evolving threat landscape. Although this crisis showed us how criminals actively take advantage of society at its most vulnerable, this opportunistic behavior should not overshadow the overall threat landscape.
Key Considerations & Best Practices for Establishing a Secure Remote Workforce (Dark Reading, Oct 08 2020)
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs (Dark Reading, Oct 07 2020)
Second-ever sighting of a firmware exploit in the wild is a grim reminder of the dangers of these mostly invisible attacks.
An inside look at how ransomware groups go stealth (SC Media, Oct 07 2020)
Ransomware groups are doing all they can to leverage tools and techniques that hide their presence from threat detection engines, cover their tracks from investigators and generally make it harder for companies to spot or respond to intrusions until it’s too late.
ATM cash-out: A rising threat requiring urgent attention (Help Net Security, Oct 09 2020)
The PCI Security Standards Council (PCI SSC) and the ATM Industry Association (ATMIA) issued a joint bulletin to highlight an increasing threat that requires urgent awareness and attention. What is the threat?
Cybercriminals Target Conference Platform With Payment Card Skimmer (SecurityWeek, Oct 09 2020)
Cybercriminals have planted a payment card skimmer on the websites of several organizations using the Playback Now conference platform, Malwarebytes reported on Thursday.
How to build up cybersecurity for medical devices (Help Net Security, Oct 12 2020)
Manufacturing medical devices with cybersecurity firmly in mind is an endeavor that, according to Christopher Gates, an increasing number of manufacturers is trying to get right.
The anatomy of an endpoint attack (Help Net Security, Oct 12 2020)
Cyberattacks are becoming increasingly sophisticated as tools and services on the dark web – and even the surface web – enable low-skill threat actors to create highly evasive threats. Unfortunately, most of today’s modern malware evades traditional signature-based anti-malware services, arriving to endpoints with ease.
Cloudflare Launches New Zero Trust Networking, Security Platform (SecurityWeek, Oct 12 2020)
Cloudflare on Monday announced the launch of a new zero trust platform that can help organizations address the networing and security challenges associated with an increasingly remote workforce.