A Review of the Best News of the Week on Cyber Threats & Defense
NSA Funds Development & Release of D3FEND Framework (Dark Reading, Jun 22 2021)
The framework, now available through MITRE, provides countermeasures to attacks.
74% of Q1 Malware Was Undetectable Via Signature-Based Tools (Dark Reading, Jun 24 2021)
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
MyBook Users Urged to Unplug Devices from Internet (Krebs on Security, Jun 25 2021)
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that can be triggered by anyone who knows the Internet address of an affected device.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Best practices for IT teams to prevent ransomware attacks (Help Net Security, Jun 22 2021)
Most of successful ransomware attacks happen because organizations overlook a simple security practice. For instance, Microsoft published the relevant patch three months before the WannaCry attack took place and had asked organizations to upgrade their operating systems. This cyberattack was due to negligent patching practices and brought about more than 4 billion dollars in financial loss across the globe.
Virtual machines hide ransomware until the encryption process is done (Help Net Security, Jun 23 2021)
The use of virtual machines (VMs) to run the malicious payload is getting more popular with ransomware attackers, Symantec’s Threat Hunter Team claims. Ransomware deployed in virtual machines “During a recent investigation into an attempted ransomware attack, Symantec discovered that the attackers had installed a VirtualBox VM on some compromised computers.
Hackers are using unknown user accounts to target Zyxel firewalls and VPNs (Ars Technica, Jun 24 2021)
Authentication bypass attacks allow hackers to change breach network security.
Majority of Web Apps in 11 Industries Are Vulnerable All the Time (Dark Reading, Jun 22 2021)
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
Russian intelligence service chief says Moscow will work with US to find hackers (SC Media, Jun 23 2021)
Sources familiar with United States thinking on the matter believe Russia has in the past used information shared about domestic criminals as a recruitment tool, and Russia has been known to push the boundaries of other reciprocity agreements, using Interpol to pursue dissidents for example.
Researcher Finds Vulnerability Impacting Multiple Linux Marketplaces (SecurityWeek, Jun 23 2021)
Linux marketplaces that are based on the Pling platform are impacted by a cross-site scripting (XSS) vulnerability and potentially exposed to supply chain attacks, according to German cybersecurity consultancy Positive Security.
New REvil-Based Ransomware Emerges (SecurityWeek, Jun 23 2021)
A threat actor appears to have repurposed the REvil ransomware to create their own ransomware family and possibly launch a ransomware-as-a-service (RaaS) offering.
VMs Help Ransomware Attackers Evade Detection, But It’s Uncommon (Dark Reading, Jun 23 2021)
Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.
How SMBs are dealing with emerging threats (Help Net Security, Jun 25 2021)
ECI Software Solutions released a report detailing the findings from a survey examining how SMBs are leveraging technology to respond to the various threats from the past year – including cybercrime – while laying the groundwork for not only a post-pandemic economy but a more secure, resilient future.
New BIOS vulnerabilities impact tens of millions of Dell computer hardware (SC Media, Jun 24 2021)
The vulnerabilities, discovered by security researchers at Eclypsium, attack the BIOSConnect feature within Dell Client BIOS and affects 30 million devices across 128 different Dell models, including laptops, desktops and tablets.
OIG: CMS lacks protocol to assess networked medical device cybersecurity in hospitals (SC Media, Jun 23 2021)
A lack of real-time data on inventories, connections, and device communications, combined with reliance on legacy platforms and slow patch management processes have resulted in many providers leaving the door open to attackers.
Senator: Is it time to treat ransomware like piracy, using military to make operators walk the plank? (SC Media, Jun 23 2021)
At a hearing of the Armed Services subcommittee on cybersecurity, Sen. Mike Rounds, R-S.D., wondered if it was time to use the military to interrupt ransomware the same way the U.S. of yore handled pirates who intercepted needed supplies.
A Hacker Is Remotely Wiping People’s Internet-Connected Hard Drives (VICE, Jun 25 2021)
Users of Western Digital’s WD My Book Live devices are reporting that all of their data has been remotely wiped by hackers exploiting a vulnerability.
Like Their Adversaries, Threat Hunters Need Anonymity (SecurityWeek, Jun 28 2021)
The pivot to remote work forced by the Covid-19 outbreak was sudden, but security stepped up to the challenge. According (ISC)², the association of certified cybersecurity professionals, three out of ten said they had a day or less to secure their employers’ remote workers.
Hackers Tricked Microsoft Into Certifying Malware That Could Spy on Users (VICE, Jun 28 2021)
The company said the hackers targeted video games in China, potentially to cheat and compromise their accounts.
NFC Flaws in POS Devices and ATMs (Schneier on Security, Jun 28 2021)
It’s a series of vulnerabilities:
Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather than swipe or insert it — to make a payment or extract money from a cash machine. You can find them on countless retail store and…”