A Review of the Best News of the Week on Cyber Threats & Defense
Malware Is Now Targeting Apple’s New M1 Processor (Wired, Feb 17 2021)
Two distinct strains of malware have already adjusted to the new silicon just months after its debut.
Microsoft says SolarWinds hackers stole source code for 3 products (Ars Technica, Feb 18 2021)
The company said it found no indication the breach allowed customers to be hacked.
China Hijacked an NSA Hacking Tool—and Used It for Years (Wired, Feb 22 2021)
The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Top 10 most used MITRE ATT&CK tactics and techniques (Help Net Security, Feb 16 2021)
The list shows that the most used tactic is Defense Evasion, which means that companies should focus on hardening and patching their infrastructure
Bluetooth Overlay Skimmer That Blocks Chip (Krebs on Security, Feb 15 2021)
“As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States that recently found bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.”
SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users (SC Media, Feb 16 2021)
Much of the responsibility of making sure that SIEMs reap maximum benefits from the ATT&CK framework falls on users’ ability to understand their own environments. But that’s not easy.
Router Security (Schneier on Security, Feb 19 2021)
“This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security.
Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of Linux. Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years….”
Infrastructure Hygiene: Why It’s Critical for Protection (Securosis Blog, Feb 22 2021)
“The most basic advice we give to anyone building a security program is to make sure you do the fundamentals well. You remember security fundamentals, right? Visibility for every asset. Maintain a strong security configuration and posture for those assets. Patch those devices efficiently and effectively when the vendor issues an update. Most practitioners nod their head about the fundamentals and then spend all day figuring out how the latest malware off the adversary assembly line works — or burning a couple of days threat hunting in their environment. You know, the fun stuff. The fundamentals are just… boring.”
New malware found on 30,000 Macs has security pros stumped (Ars Technica, Feb 20 2021)
With no payload, analysts are struggling to learn what this mature malware does.
Kia Denies Ransomware Attack as IT Outage Continues (Dark Reading, Feb 19 2021)
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
Kia Denies Ransomware Attack (Infosecurity Magazine, Feb 19 2021)
Car maker says this week’s network outage was not linked to ransomware
US Retailer Kroger Admits Accellion Breach (Infosecurity Magazine, Feb 22 2021)
FTA platform exploited to compromise data
France to Boost Cyberdefense After Hospital Malware Attacks (SecurityWeek, Feb 18 2021)
French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France.
Here’s how security pros can lock down their remote networks (SC Media, Feb 19 2021)
Today’s columnist, Liviu Arsene of Bitdefender, offers some actionable advice to security pros for locking down networks in the work-from-home era.
The Egregor takedown: New tactics to battle ransomware groups show promise (SC Media, Feb 18 2021)
Ransomware ringleaders and their customers have been put on notice: they may not be as untouchable as they thought.
Inside the Battle to Control Enterprise Security Data Lakes (SecurityWeek, Feb 19 2021)
The strategic positioning to own and control the massive data lakes powering enterprise security programs took another expensive turn with CrowdStrike announcing it would shell out $400 million to buy early-stage log analytics start-up Humio.