At a glance.
- Verizon's Mobile Security Index.
- New attack framework.
- Ransomware report.
Verizon's Mobile Security Index.
Verizon this morning released a report on mobile security, finding that most companies realize the threat posed by mobile device compromises, but are still largely unprepared to deal with these threats:
"Security teams face an uphill battle as the number of devices and remote workers increase, so much so that 79% of respondents agreed that the recent changes to working practices have adversely affected their organizations' cybersecurity. With the increased threat, it would seem that companies would double down on their policies. However, the findings point to the opposite, with 85% saying home Wi-Fi and cellular networks/hotspots are allowed or there is no policy against them, and 68% allow or have no policy against the use of public Wi-Fi."
New attack framework.
Cisco Talos describes a new attack framework dubbed "Manjusaka" that's been posted freely on GitHub, with a user interface written in Simplified Chinese. The developer's motivation is unclear, but they advertise it as an alternative to the red-teaming tool Cobalt Strike. Like Cobalt Strike, the tool is being abused by threat actors. The researchers don't make any attributions, but they believe the developer of Manjusaka is located in the Guangdong region of China. Talos notes that the framework has been used in a campaign targeting the city of Golmud in the Tibetan region of China, but they don't link this campaign to the developer.
The researchers believe Manjusaka "has the potential to become prevalent across the threat landscape":
"The availability of the Manjusaka offensive framework is an indication of the popularity of widely available offensive technologies with both crimeware and APT operators. This new attack framework contains all the features that one would expect from an implant, however, it is written in the most modern and portable programming languages. The developer of the framework can easily integrate new target platforms like MacOSX or more exotic flavors of Linux as the ones running on embedded devices. The fact that the developer made a fully functional version of the C2 available increases the chances of wider adoption of this framework by malicious actors."
Venafi has published a report on criminal ransomware offerings, finding that "87% of the ransomware found on the dark web has been delivered via malicious macros." (The researchers note that Microsoft disabled macros in July.) Venafi also describes the ransomware market:
"In addition to a variety of ransomware at various price points, the research also uncovered a wide range of services and tools that help make it easier for attackers with minimal technical skills to launch ransomware attacks. Services with the greatest number of listings include those offering source code, build services, custom development services, and ransomware packages that include step-by-step tutorials.
"Generic ransomware build services also command high prices, with some listings costing more than $900. At the other end of the price spectrum, many low-cost ransomware options are available across multiple listings — with prices starting at just $0.99 for Lockscreen ransomware."