Attacks, Threats, and Vulnerabilities
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally | Zimperium Mobile Security Blog (Zimperium Mobile Security Blog) The Zimperium zLabs researchers discovered the GriftHorse malware, a global premium services Trojan leading to millions stolen.
New GriftHorse malware has infected more than 10 million Android phones (The Record by Recorded Future) Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.
Hundreds of Scam Apps Hit Over 10 Million Android Devices (Wired) The so-called GriftHorse campaign used clever techniques to avoid detection in Google Play for nearly a year.
Cyberespionage Implant Delivered via Targeted Government DNS Hijacking (SecurityWeek) Newly discovered Tomiris backdoor contains technical artifacts suggesting the possibility of common authorship or shared development practices with the group that executed the SolarWinds supply chain compromise.
DarkHalo after SolarWinds: the Tomiris connection (SecureList) In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims. It is believed that when FireEye discovered the first traces of the campaign, the threat actor (DarkHalo aka Nobelium) had already been working on it for over a year. Evidence gathered so far indicates that DarkHalo spent six months inside OrionIT’s networks to perfect their attack and make sure that their tampering of the build chain wouldn’t cause any adverse effects.
‘Tomiris’ Backdoor Linked to SolarWinds Malware (Threatpost) Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.
Kaspersky links new Tomiris malware to Nobelium group (Register) Typical: you wait months for new nasties then two come along at once
Squirrelwaffle: New Loader Delivering Cobalt Strike (Zscaler) Squirrelwaffle, Cobaltstrike, VBS, Macro, Hidden sheet, xls4.0, Thread Hijacking
Azure Active Directory bug lets hackers attempt brute force attacks without getting caught (Computing) Microsoft thinks it is behaviour 'by design'
China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal (SecurityWeek) Four China-linked cyberespionage groups targeted a major Afghan telecom firm as the U.S. was finalizing its withdrawal from the country.
Iran is aware of electric substation cyber threats and vulnerabilities (Control Global) Mojtaba S. is a project manager, consultant, and industrial security specialist for the Electric Industry of Iran. His well-written article, “Detecting Cyber Intrusions in Substation Networks,” demonstrates detailed knowledge of electric substation designs, protocols, and cyber vulnerabilities.
The Rise of One-Time Password Interception Bots (KrebsOnSecurity) In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a…
Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots (CSO Online) The automated bots are highly successful because they effectively emulate legitimate service providers.
CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks (SecurityWeek) CISA is telling organizations to patch their Hikvision cameras, just as the FCC announced taking steps toward removing Chinese equipment from U.S. networks.
Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor (Flashpoint) Flashpoint translates an interview with a Russian-speaking threat actor who claims to work with REvil and other sophisticated ransomware collectives.
REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout - Flashpoint (Flashpoint) REvil’s tactics have recently come under renewed scrutiny. Threat actors operating on XSS and Exploit are currently reacting to evidence that REvil included a secret backdoor in its ransomware code—allegedly enabling the ransomware group to steal illicit ransom proceeds from its affiliates. Flashpoint cybersecurity analysts examine the chatter and subsequent fallout.
There are now over 250 different ransomware families currently operational worldwide (TechRadar) No industry is immune to ransomware attacks, research claims
Bitdefender Threat Debrief | August 2021 (Bitdefender) Bitdefender's monthly report on the current ransomware threats and threat actors.
Ransomware attacks against hospitals are having some very grim consequences (ZDNet) Researchers asked staff working in healthcare about the impact of cyberattacks - and the findings are worrying.
Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands (The Record by Recorded Future) Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management.
COVID-19's Healthcare Feeding Frenzy for Cybercriminals (SecurityWeek) The COVID-19 pandemic has enlarged the threat landscape for all industry sectors; but none more so than healthcare. The primary areas of concern include insecure working from home, and stress related lax behavior at the office.
Device Security is 'The Big Hairy Monster Under the Bed' (Decipher) The security of IoT and non-general purpose computing devices represents a systemic risk to corporate and national security, experts say.
Trucking giant Forward Air reports ransomware data breach (BleepingComputer) Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information.
Results of Operations and Financial Condition (FWRD Forward Air 8-K) As previously disclosed, on December 15, 2020, Forward Air Corporation (the “Company”) detected a ransomware incident impacting its operational and information technology systems. The Company’s internal security teams, supplemented by leading cyber defense firms, took active steps to assess, contain and remediate this incident.
Bandwidth hit by cyber attack that causes disruptions to some business phone calls (Herald-Sun) Raleigh technology company Bandwidth, which makes software for internet-based voice and text communication, is experiencing outages after it was hit by a cyber attack over the weekend, the company said Tuesday.
Pottawatomie Co. services back to normal following cyber-attack (WIBW) Pottawatomie Co. officials tell 13 NEWS late Wednesday afternoon, Sept. 29, their services are back up.
New leak of Epik data exposes company's entire server (The Daily Dot) The hacking collective Anonymous has released what it claims to be new data from the controversial web hosting company Epik.
All Trains Cancelled: How an e-Signature Failure Derailed a €3bn Swiss-Austrian Transport Deal (Crytpomathic) Last week an order for 186 double decker trains was nullified due to a legal formality surrounding the Qualified Electronic Signature used to ink the deal. Here, we unpack what went wrong and highlight what businesses everywhere can learn from the debacle.
Trends
Systemic risk in private sector dominates conversation at cyber summit (SC Media) With a changing understanding of what denotes a national security risk, this year's Aspen Cyber Summit — traditionally a hub for talks about statecraft in infosec — veered toward systemic risk across the private sector.
NSA Cyber Chief Warns Hackers Increasingly Use Commercial Tools to Stay Hidden (Nextgov.com) Advanced persistent threat actors are becoming harder to spot and making attribution more difficult.
Around the world with the NSA's cyber chief (The Record by Recorded Future) The head of the National Security Agency’s cyber branch on Wednesday warned that the number of digital threats has proliferated.
CISA chief: Cyber incident reporting can't become a burden (FCW) Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, stressed the importance of cyber incident reporting but said mandates should be careful of potentially overburdening companies -- and CISA -- with 'reporting noise.'
WatchGuard Threat Lab Reports 91.5% of Malware Arrived over Encrypted Connections in Q2 2021 (Yahoo Finance) New research also shows dramatic increases in fileless malware, malware detections per appliance, and booming network and ransomware attacksSEATTLE, Sept. 30, 2021 (GLOBE NEWSWIRE) -- WatchGuard® Technologies, a global leader in network security and intelligence, advanced endpoint protection, multi-factor authentication (MFA) and secure Wi-Fi, today released its latest quarterly Internet Security Report, detailing the top malware trends and network security threats analyzed by WatchGuard Threat
There’s a Multibillion-Dollar Market for Your Phone’s Location Data (The Markup) A huge but little-known industry has cropped up around monetizing people’s movements
Cyberattacks from Russia and the Targeting of US Businesses (The Cipher Brief) Cipher Brief Expert Dan Hoffman is a former senior CIA Officer, three-time station chief and former senior executive Clandestine Services officer. He is currently a national security analyst with Fox News. This column first appeared in FOX News Opinion on FoxNews.com. Shawnee Delaney was a Clandestine Officer and former Detachment Chief for the Defense Intelligence Agency … Continue reading "Cyberattacks from Russia and the Targeting of US Businesses"
Highlights From the Unit 42 Cloud Threat Report, 2H 2021 (Unit42) The Unit 42 Cloud Threat Report, 2H 2021, covers supply chain attacks in the cloud and provides actionable recommendations to help prevent them.
Marketplace
Behavioral Analytics Provider ForMotiv Raises $6 Million (SecurityWeek) Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round.
BlueVoyant Acquires Concanon to Augment the Deployment of End-to-End Splunk® Cloud Platform Capabilities (PR Newswire) BlueVoyant, a cybersecurity company, today announced the acquisition of global professional services and big data solutions consultancy,...
Akamai to acquire cloud security firm Guardicore for about $600 mln (Reuters) Akamai Technologies Inc will acquire Israel-based Guardicore for about $600 million, it said on Wednesday, to beef up its cloud security offerings and help businesses combat ransomware attacks.
Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal (SecurityWeek) Akamai to acquire Guardicore for new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise.
Israeli cybersecurity merger: HUB Security buys Comsec (Globes) HUB says the main goal of the acquisition is to enter more markets worldwide and double its revenue.
SecZetta Announces $20.5 Million Series B Funding to Advance its Leadership in Third-Party Identity Lifecycle and Risk Management (BusinessWire) SecZetta announced an oversubscribed Series B round led by SYN Ventures, with participation from MassMutual Ventures, ClearSky, and Rally Ventures
Peraton Books $109M Cybercom Task Order for Cyberspace Operations Support Services; Tom Afferton Quoted (GovCon Wire) Looking for the latest GovCon News? Check out our story: Peraton Books $109M Cybercom Task Order for Cyberspace Ops Support Services. Click to read more!
The Security Interviews: How SolarWinds came through its darkest hour (ComputerWeekly) In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario.
Google Announces Rewards for Tsunami Security Scanner Plugin (SecurityWeek) Google this week announced that it is offering monetary payouts to individuals who help expand the detection capabilities of the Tsunami security scanner.
Crypto Firms Beef Up Compliance Hiring as Regulatory Scrutiny Mounts (Wall Street Journal) The hunt for crypto-focused compliance executives has intensified in recent months as the industry faces growing regulatory pressure, both in the U.S. and abroad.
Relativity Recognized for Threat Intelligence Innovation in 2021 CyberSecurity Breakthrough Awards Program (PR Newswire) Relativity, a global legal and compliance technology company, today announced that its free-to-use Threat Intel Feed has been named the winner...
KnowBe4 Enhances Research Capabilities And Appoints Kai Roer Chief Research Officer (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that it has enhanced...
Products, Services, and Solutions
Variscite and Sequitur Labs' new partnership accelerates the development of reliable and secure IoT products (PR Newswire) Variscite, a leading worldwide System on Module vendor in the embedded market, announced a new partnership with Sequitur Labs, a leading...
PDI to Showcase Fully Managed XDR Complete Security Service at NACS Show 2021 (Professional Datasolutions, Inc.,) PDI XDR Complete will be featured in NACS Cool New Products Preview Room. Don’t miss “Ransomware Is a Symptom” live education session presented by Rob Chapman, Director of Information Security at PDI.
2021.09.29 | Dell Technologies Drives the Evolution of Modern Support and Security (Dell Technologies) Dell Technologies Drives the Evolution of Modern Support and Security
Cowbell Cyber Further Unites Cybersecurity and Cyber Insurance with Connector to Secureworks ® Taegis™ VDR (Cowbell) Cowbell Connector for Secureworks Taegis VDR Vulnerability, Detection and Response enhances policyholders’ risk ratings, resulting in insurance terms better aligned with covered exposures
Relativity Trace to Introduce New AI-Powered Data Cleansing Capabilities at Relativity Fest (PR Newswire) Relativity, a global legal and compliance technology company, will showcase new data cleansing capabilities integrated in its AI-powered...
Huawei Launches OceanProtect Data Protection Solution (Yahoo) At Huawei Connect 2021, Huawei launched the OceanProtect Data Protection Solution, covering both Disaster Recovery (DR) and backup fields to offer comprehensive protection for diversified types of data throughout the lifecycle. It belongs to the Huawei All-Flash Data Center Solution to build the fast, green, reliable, and intelligent infrastructure for various industries. The solution is built on the concept of "full DR of hot data, and quick backup and restore of warm data", which ensures zero
Shared Assessments Introduces 2022 Third Party Risk Management Toolkit (BusinessWire) The Shared Assessments Program, the member-driven leader in third party risk assurance, today issued the 2022 Shared Assessments Third Party Risk Mana
Sumo Logic Addresses Digital Transformation Complexity Driven By Exponential Growth of Digital Services (Sumo Logic) New DevSecOps Enhancements Including Advanced Analytics for Alert Response, Open XDR, and Open Integration Framework to Collect and Analyze Telemetry Data Across Cloud, Applications, Endpoints and End Users to Provide Universal Approach to Digital Service Management
Microsoft and At-Bay partner to offer data-driven cyber insurance coverage (Microsoft Stories) Customers managing cyber-risk with Microsoft 365’s built-in security controls qualify for savings on At-Bay cyber insurance policies
Israel's SCADAfence to supply cybersecurity for OT infrastructures worldwide (Israel Defense) The company is partnering with Keysight Technologies to accelerate innovation in the fields of connectivity and security as well as to help organizations gain better cyber control of industrial environments
Exabeam Announces Availability of Exabeam Fusion SIEM and Exabeam Fusion XDR on Google Cloud Marketplace (BusinessWire) Exabeam announced the availability of Fusion SIEM and Fusion XDR on Google Cloud Marketplace.
Buoyant Introduces Secure, Zero Trust Network Policies for Kubernetes in Linkerd 2.11 and Buoyant Cloud (PR Newswire) Buoyant, the creators of the world's lightest and fastest service mesh, Linkerd, today unveiled new security features in Linkerd and in Buoyant...
Approov Introduces Free Tool to Help Thwart Mobile App API Man-in-the-Middle Attacks (BusinessWire) Approov Offers Free Tool to Help Thwart Mobile App API Man-in-the-Middle Attacks; Helps Organizations Meet OWASP Guidelines for Mobile App Security
AttackIQ Introduces New Vanguard Managed Security Validation Service To Proactively Discover and Remediate Security Gaps Before Adversaries Mount Cyberattacks (BusinessWire) AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced the availability of the new AttackIQ Vanguard
Securiti Launches Free Data Privacy Certification Program (BusinessWire) Multi-module training program covers data privacy management concepts including data privacy laws, governance and operations for enterprises.
Stratasys Introduces Data Security Platform Supporting Growing U.S. Government Implementations of 3D Printing (BusinessWire) Stratasys Ltd. (NASDAQ: SSYS), a leader in polymer 3D printing solutions, today announced that the company has introduced a new data security solution
Technologies, Techniques, and Standards
New DNV recommended practice defends power grid substations from growing threat of cyber-attacks (DNV) DNV Recommended Practice DNV-RP-0575 outlines 45 risk-reducing measures to improve the cyber security of protection devices and digital technologies in power system substations
Improving the Nation’s Cybersecurity: Progress and Next Steps in Carrying Out Executive Order 14028 (NIST) Officials responsible for carrying out the
Insider Risk Self-Assessment Tool (CISA) Insider threats pose significant risk to the safety and security of America’s critical infrastructure and the organizations that keep infrastructure operational. The Insider Risk Self-Assessment is a tool to assist owners and operators or organizations, especially small and mid-sized ones who may not have in-house security departments, to gauge their vulnerability to an insider threat incident.
TRAM: Advancing Research into Automated TTP Identification in Threat Reports (Medium) Written by Jon Baker and Richard Struse.
Platform Security Controls Defend Against Adversaries: Here’s How (Medium) Written by Nicholas Amon, Suneel Sundar, and Jon Baker.
What Can We Learn From the Top Cloud Security Breaches? (Check Point Software) By Jonathan Maresky, Cloud Product Marketing Manager, published September 30, 2021 (This blog post was first published in TheNewStack.) According
Facebook open-sources tool to find Android app security flaws (BleepingComputer) Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.
Design and Innovation
Recovering locked Facebook accounts is a nightmare. That’s on purpose. (Washington Post) Social media companies are juggling account security and recovery — and failing users in the process
Research and Development
Latvian Operator LMT Tests Data Encryption with Quantum Technologies (Fast Mode) LMT has collaborated with MikroTik, and the Institute of Mathematics and Computer Science of the University of Latvia (LU
Tying quantum computing to AI prompts a smarter power grid (Cornell Chronicle) Fumbling to find flashlights during blackouts soon may be a memory, as quantum computing and AI may quickly solve an electric grid’s hiccups so fast, humans may not notice.
Designing ‘smart’ security for smart devices (EurekAlert!) Modern society is inundated with different types of smart devices designed to make people’s lives easier, from virtual assistants to household appliances and health-monitoring devices — not to mention smartphones. While each device has some amount of built-in security to help combat the threat of cyberattacks, the increased prevalence of these devices in recent years has created an industry-wide need for a new, “smart” approach to protect all smart devices from cyberattacks, since the mass-production of these devices by different manufacturers prohibits them from being managed manually for security purposes.
Designing an Australian DARPA (The Strategist) In The Strategist in July, we outlined our concept for an Australian equivalent of the US Defense Advanced Research Projects Agency (DARPA), mooted by ASPI. We envisaged this Australian version of DARPA filling the ‘valley ...
Legislation, Policy, and Regulation
Data-Privacy Impasse Hangs Over U.S.-EU Trade and Technology Summit (Wall Street Journal) Companies including Google urge officials to strike a new deal to ease trans-Atlantic data flows.
Call for coordinated response to Singapore’s OT security challenge (Channel Asia) Cooperation and collaboration on the agenda at Singapore's inaugural Operational Technology Cybersecurity Expert Panel (OTCEP) Forum.
Government departments asked to disclose use of personal phones and emails for official business (Computing) Campaigners hope the evidence will support the call for a judicial review into what they call a 'WhatsApp government'
The who’s who of NZ’s government & public cybersecurity agencies (Security Brief) With every new technology-enabled path we forge, we must also defend ourselves from cyber threats and exploitation. Here we take a look at some of Aotearoa's main cyber defenders.
FTC Weighs New Online Privacy Rules (Wall Street Journal) Under Democratic Chairwoman Lina Khan, the agency is considering ways to strengthen consumer privacy protections, including for children, as legislative logjams persist in Congress.
US Mulls Cyber-attack Reporting Mandate (Infosecurity Magazine) Critical infrastructure companies may be required to report cyber-attacks to federal government
What you should know about ‘Bitskrieg: The New Challenge of Cyberwarfare’ (Military Times) It’s less about an arms race and more about an organizational race.
Schools Aren't Required to Report Increasing Cyber Attacks: Kids at Risk, Parents in The Dark (Good Day Sacramento) Cybercriminals are targeting schools at an alarming rate and putting kids at risk of identity theft - and their parents may never know.
Litigation, Investigation, and Law Enforcement
The who’s who of NZ’s government & public cybersecurity agencies (Security Brief) With every new technology-enabled path we forge, we must also defend ourselves from cyber threats and exploitation. Here we take a look at some of Aotearoa's main cyber defenders.
In U.S. v Wilson, the Ninth Circuit Reaffirms Fourth Amendment Protection for Electronic Communications (Electronic Frontier Foundation) In a powerful new ruling for digital privacy rights, the Ninth Circuit Court of Appeals has confirmed that the police need to get a warrant before they open your email attachments—even if a third party’s automated system has flagged those attachments as potentially illegal. We filed an amicus brief...
Facebook whistleblower to testify at U.S. Senate hearing next week, lawmakers say (Reuters) Two U.S. senators said on Tuesday a Facebook Inc whistleblower will testify at a Senate hearing next week about what one of them called the social media company's "toxic effects" on young users.
Opinion: The Supreme Court has a chance to shed light on a secretive judicial process (Washington Post) Judicial power, although superficially anomalous in a nation committed to regular elections and majority rule, is indispensable to limited government and minority rights.
Russia Detains Head of Cybersecurity Group on Treason Charges (SecurityWeek) A Moscow court on Sept. 29 ordered Ilya Sachkov, co-founder of one of Russia's leading cybersecurity firms, Group-IB, to be detained on charges of treason.
Top Russian Cybersecurity CEO Charged with Treason (GovInfoSecurity) The founder of Group-IB, one of Russia's largest cybersecurity companies, has been detained on state treason charges and will be held in custody for two months,
Russia detains cyber-security tycoon Ilya Sachkov in treason case (BBC News) Ilya Sachkov, co-founder of the firm Group-IB, will be held in pre-trial custody for two months.
Russia arrests cybersecurity expert on treason charge (Ars Technica) Ilya Sachkov is founder of Group-IB, which specializes in ransomware attack prevention.
Russia Arrests One Of Its Biggest Cyber Stars On Treason Charges (Forbes) A Moscow news agency suggests Ilya Sachkov has been accused of sharing classified information with a foreign entity, as Group-IB's offices are raided.
Ilya Sachkov handed over classified cybersecurity data to foreign intelligence — source (TASS) According to the source, Sachkov could have been "employed" by intelligence agencies of several countries
Russian Cybersecurity Group-IB CEO Arrested for Treason by FSB (Security Boulevard) The evening of September 28, 2021, the FSB rolled up to the offices of Group-IB in marked vehicles and a full-size passenger bus and raided the company’s
How Meme Detectives Stop NFT Fraud (Wired) Many classic memes were recently auctioned off for big bucks by their owners as NFTs. But how do you determine meme ownership? Don Caldwell and his team from Know Your Meme from been using their extensive knowledge of meme history to thwart NFT fraud. This is how they do it.
