A Review of the Best News of the Week on Cyber Threats & Defense
Russia’s SolarWinds Attack (Schneier on Security, Dec 28 2020)
Espionage is internationally allowed in peacetime. The problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.
Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code (Dark Reading, Dec 31 2020)
Malicious SolarWinds Orion backdoor installed in Microsoft’s network led to the attackers viewing some of its source code.
On the Evolution of Ransomware (Schneier on Security, Dec 30 2020)
Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and, unfortunately, predictable devolution. After years spent honing their techniques, attackers are growing bolder. They’ve begun to incorporate other types of extortion like blackmail into their arsenals, by exfiltrating an organization’s data and then threatening to release it if the victim doesn’t pay an additional fee. Most significantly, ransomware attackers have transitioned from a model in which they hit lots of individuals and accumulated many small ransom payments to one where they carefully plan attacks against a smaller group of large targets from which they can demand massive ransoms. The antivirus firm Emsisoft found that the average requested fee has increased from about $5,000 in 2018 to about $200,000 this year.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Threat Actors Increasingly Using VBA Purging in Attacks (SecurityWeek, Dec 22 2020)
Cyberattacks relying on malicious Office documents have increasingly leveraged a relatively new technique called VBA Purging, FireEye said over the weekend, when it also announced the availability of a related open source tool.
Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools (SecurityWeek, Dec 23 2020)
Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday.
India: A Growing Cybersecurity Threat (Dark Reading, Dec 29 2020)
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
Mac Attackers Remain Focused Mainly on Adware, Fooling Users (Dark Reading, Dec 29 2020)
Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware – including ransomware.
A closer look at fileless malware, beyond the network (Help Net Security, Jan 04 2021)
Cybersecurity is an arms race, with defensive tools and training pushing threat actors to adopt even more sophisticated and evasive intrusion techniques as they attempt to gain a foothold in victim networks. Most modern endpoint protection (EPP) services are capable of easily identifying traditional malware payloads as they are downloaded and saved on the endpoint, which means attackers have now turned to fileless malware techniques that never touch the victim’s storage.
SaaS security in 2021 (Help Net Security, Dec 28 2020)
The migration toward subscription-based services via the SaaS business model isn’t new this year — it’s part of a larger shift away from on-premises datacenters, applications, etc., that has been underway for years. The pandemic accelerated the shift, boosting SaaS subscriptions as companies looked for virtual collaboration and meeting tools. What is new on a larger scale is the way employees interact with business applications, and that has implications for IT departments worldwide.
Financial services industry hit with tens of millions of attacks per day (SC Media, Dec 31 2020)
The report found that the bad threat actors primarily used common attack paths, such as SQL injection, local file inclusion and cross-site scripting.
Old Attack Method Against Google’s Audio-Based reCAPTCHA Resurrected (SecurityWeek, Jan 04 2021)
An attack method discovered in 2017 for defeating the audio version of Google’s reCAPTCHA system using speech-to-text services has once again been resurrected.
Vermont Hospital Says Cyberattack Was Ransomware (SecurityWeek, Dec 24 2020)
A Vermont-based hospital network is now saying a cyberattack that crippled its computer systems in October was ransomware.