A Review of the Best News of the Week on Cyber Threats & Defense
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals (Krebs on Security, Oct 28 2020)
“On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives…”
Iranian hackers probed election-related websites in 10 states, US officials say (CyberScoop, Nov 02 2020)
Suspected Iranian hackers have probed the election-related websites of 10 states and, in one case, accessed voter registration data, federal personnel told election security officials on Friday. The hackers were conducting broad scanning of certain state and local websites at the end of September, then attempted to exploit some of those websites to nab voter data, officials from the Department of Homeland Security said during a phone briefing.
Google’s Project Zero discloses Windows 0-day that’s been under active exploit (Ars Technica, Oct 30 2020)
Security flaw lets attackers escape sandboxes designed to contain malicious code.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Ransomware: The Threat We Can No Longer Afford to Ignore (FireEye, Nov 02 2020)
Mandiant has witnessed an increasing number of ransomware operators focus on deployment following the thorough breach of a network.
Chinese Attackers’ Favorite Flaws Prove Global Threats, Research Shows (Dark Reading, Oct 27 2020)
Following the NSA’s list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they’re used around the world.
Is Your Encryption Ready for Quantum Threats? (Dark Reading, Oct 29 2020)
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
US Government Issues Warning on Kimsuky APT Group (Dark Reading, Oct 28 2020)
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
Most companies have high-risk vulnerabilities on their network perimeter (Help Net Security, Oct 28 2020)
Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems. A total of 3,514 hosts were scanned, including network devices, servers, and workstations. The results show the presence of high-risk vulnerabilities at most companies. However, half of these vulnerabilities can be eliminated by installing the latest software updates.
Education Sector Facing Disproportionate Level of Spear-Phishing Attacks (Infosecurity Magazine, Oct 29 2020)
Education institutions have been targeted by more than 3.5 million spear-phishing attacks from June to September
‘Zombie’ Ryuk ransomware group returns from the grave (SC Media, Oct 28 2020)
A prolific ransomware actor seemingly disappeared earlier this year. Now they’re back with a vengeance, most recently linked to a string of hospital attacks.
Microsoft Says Iranian Hackers Targeted Attendees of Major Global Policy Conferences (SecurityWeek, Oct 29 2020)
The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports.
Hackers are on the hunt for Oracle servers vulnerable to potent exploit (Ars Technica, Oct 29 2020)
Code-execution bug has severity rating of 9.8 out of 10; little skill needed to exploit.
Pktvisor: Open source tool for network visibility (Help Net Security, Oct 30 2020)
NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. The importance of applications and digital services has skyrocketed in 2020. Connectivity and resilience are imperative to keeping people connected and business moving forward.
Over 100,000 machines remain vulnerable to SMBGhost exploitation (WeLiveSecurity, Oct 30 2020)
The patch for the critical flaw that allows malware to spread across machines without any user interaction was released months ago
How Can I Help Remote Workers Secure Their Home Routers? (Dark Reading, Nov 02 2020)
The most effective way is with employee security education.
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
The BBC Experiences Over 250,000 Malicious Email Attacks Per Day (Infosecurity Magazine, Nov 02 2020)
The UK’s public service broadcaster has been bombarded with malicious emails this year
North Korean Group Kimsuky Targets Government Agencies With New Malware (SecurityWeek, Nov 02 2020)
North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason’s security researchers say.
U.S. Cyber Command Shares More Russian Malware Samples (SecurityWeek, Oct 30 2020)
The United States Cyber Command (USCYBERCOM) this week released new malware samples associated with the activity of Russian threat actors Turla and Zebrocy.