A Review of the Best News of the Week on Cyber Threats & Defense

Network Segmentation – The most common mistake (Gartner Blog Network, Nov 09 2017)
The most common mistake Gartner sees being made in response to remedying a flat network is to oversegment, or create too many zones. A principle of network segmentation is to group like resources together, to minimize security overhead: Build a fence around the car park, not a fence and gate around every car.

Why the Netflix Phishing Email Works So Well (Wired, Nov 07 2017)
That Netflix phishing scheme has been around for months—and it’s clever enough to stick around.

What do Microsoft’s highly secure Windows 10 device standards tell us? (Naked Security – Sophos, Nov 10 2017)
Microsoft’s hardware spec could end up being a two-minute read with two-decade implications


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


How I Infiltrated a Fortune 500 Company with Social Engineering (Dark Reading, Nov 07 2017)
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.

Assessing Weaknesses in Public Key Infrastructure (Threatpost, Nov 07 2017)
Academic researchers size up weaknesses in the the code-signing Public Key Infrastructure and highlight three types of flaws.

Types of phishing attacks and how to identify them (CSO Online, Nov 09 2017)
Do you know your spear phishing and vishing from your whaling and clone phishing?

What is the cyber kill chain? Why it’s not always the right approach to cyber attacks (CSO Online, Nov 07 2017)
Lockheed Martin’s cyber kill chain approach breaks down each stage of a malware attack where you can identify and stop it, but be aware of how attack strategies are changing.

6 Steps for Sharing Threat Intelligence (Dark Reading, Nov 10 2017)
While there has been much progress between the federal government and the vertical flavors of the Information Sharing Analysis Centers (ISACs), threat information-sharing still has been put on the back burner by many organizations.

The Russian group behind the DNC hack has been busy targeting cyber experts (Newsweek, Nov 08 2017)
After being called out in a speech at a cybersecurity conference, the Russian hackers have been targeting experts with emails mimicking invitations for this year’s event.

REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography (TrendLabs Security Intelligence Blog, Nov 08 2017)
REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by Trend Micro as BKDR_DASERF, otherwise known as Muirim and Nioupale) that has four main capabilities: execute shell commands, download and upload data, take screenshots, and log keystrokes.

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments (Schneier on Security, Nov 07 2017)
The scam generally works like this: Hackers find an opening into a title company’s or realty agent’s email account, track upcoming home purchases scheduled for settlements — the pricier the better — then assume the identity of the title agency person handling the transaction.

What to consider when deploying a next-generation firewall (Network World Security, Nov 08 2017)
Vendor selection, throughput capacity and feature configuration are just some of the items to resolve when refreshing your firewall

Cyber Threat Intelligence (CTI) – Part 2 (CSO Online, Nov 08 2017)
“In part one, I outlined what CTI is and where it can be acquired to demonstrate its value. Here I will dive deeper into how organizations can be efficient in using this tool to mature their security programs’ management of today’s threats.”

Hack of Attack-for-Hire Service vDOS Snares New Mexico Man (Krebs on Security, Nov 10 2017)
A New Mexico man is facing federal hacking charges for allegedly using the now defunct attack-for-hire service vDOS to launch damaging digital assaults aimed at knocking his former employer’s Web site offline. Prosecutors were able to bring the case in part because vDOS got massively hacked last year, and its customer database of payments and targets leaked to this author and to the FBI.

Supercharging Cybercrime Detection with MITRE’s ATT&CK Framework (Tripwire – The State of Security, Nov 08 2017)
There are repositories of attack data available to analyze and build hardening and detection rules to preempt attacks. One such repository is the MITRE Corporation ATT&CK™ – Adver­sarial Tactics, Techniques & Common Knowledge community. Some refer to this data simply as tactics, techniques, and procedures (TTP).

DDoS-for-Hire Service Launches Mobile App (Krebs on Security, Nov 09 2017)
In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store.

Firefox to offer tracking protection for all in its next update (Naked Security – Sophos, Nov 12 2017)
This next major update, Quantum, is expected to include an option to turn on Tracking Protection during normal browsing

LockCrypt Ransomware Spreading via RDP Brute-Force Attacks (AlienVault Labs Blog, Nov 09 2017)
SamSam ransomware has charged high ransoms for infected servers. But SamSam isn’t the only ransomware out there charging eye-watering amounts to decrypt business servers.
Initial reports of a new variant of ransomware called LockCrypt started in June of this year.

Comodo launches free cWatch Web website malware checker (Enterprise Times, Nov 13 2017)
Comodo launches cWatch Web and offers website owners a free security check to identify and remediate any security related issues with their sites.