Cybersecurity Essentials

By Dom Chorafakis, CISSP

June 15, 2017

The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.

Cryptojacking

With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.

Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.

Malvertising

In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.

People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.

Email compromise

While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector.  From account compromise and phishing attacks to malicious attachments,  email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.

 

RSS Cisco Talos Blog

  • My Little FormBook June 20, 2018
    This blog post is authored by Warren Mercer and Paul Rascagneres.SummaryCisco Talos has been tracking a new campaign involving the FormBook malware since May 2018 that utilizes four different malicious documents in a single phishing email. FormBook is an inexpensive stealer available as "malware as a service." This means an attacker can purchase a compiled […]
  • Microsoft Patch Tuesday - June 2018 June 19, 2018
    Executive SummaryMicrosoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated "critical," and 39 rated "important." These vulnerabilities impact Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Windows Kernel and […]
  • Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub June 19, 2018
    Vulnerabilities discovered by Claudio Bozzato of Cisco TalosTalos is disclosing twelve new vulnerabilities in Insteon Hub, ranging from remote code execution, to denial of service. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy() function, leading either to stack overflow or global overflow. OverviewInsteon Hub is a central […]
  • Threat Roundup for June 1-15 June 15, 2018
    Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 01 and June 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
  • Vulnerability Spotlight: TALOS-2018-0545 - Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability June 15, 2018
    Vulnerabilities discovered by Marcin Noga from TalosOverviewTalos is disclosing a remote code execution vulnerability in the Microsoft wimgapi library. The wimgapi DLL is used in the Microsoft Windows operating system to perform operations on Windows Imaging Format (WIM) files. WIM is a file-based disk image format created by Microsoft to simplify the deployment of Windows […]
  • Vulnerability Spotlight: TALOS-2018-0523-24 - Multiple Vulnerabilities in Pixars Renderman application June 15, 2018
    Vulnerabilities discovered by Tyler Bohan from Talos OverviewTalos is disclosing two denial-of-service vulnerabilities in Pixar’s Renderman application. Renderman is a rendering application used in animation and film production. It is widely used for advanced rendering and shading in many large-scale environments. Both vulnerabilities are due to the lack of proper validation during the parsing process […]
  • VPNFilter Update - VPNFilter exploits endpoints, targets new devices June 6, 2018
    IntroductionCisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints. Talos recently […]
  • NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea June 6, 2018
    This blog post is authored by Warren Mercer and Paul Rascagneres with contributions from Jungsoo An.Executive SummaryTalos has discovered a new malicious Hangul Word Processor (HWP) document targeting Korean users. If a malicious document is opened, a remote access trojan that we're calling "NavRAT" is downloaded, which can perform various actions on the victim machine, […]
  • Talos Threat Research Summit Guide and Cisco Live Preview June 6, 2018
    The first Cisco Talos Threat Research Summit is coming up at Cisco Live! in Orlando, so we are providing a quick guide to all the activities going on at the summit and beyond. The response to the summit was stronger than we could have anticipated for the first year - it sold out fast!  Next […]
  • Vulnerability Spotlight: TALOS-2018-0535 - Ocularis Recorder VMS_VA Denial of Service Vulnerability June 5, 2018
    Vulnerabilities discovered by Carlos Pacho from TalosOverviewTalos is disclosing a denial-of-service vulnerability in the Ocularis Recorder. Ocularis is a video management software (VMS) platform used in a variety of settings, from convenience stores, to city-wide deployments. An attacker can trigger this vulnerability by crafting a malicious network packet that causes a process to terminate, resulting […]

RSS Dark Reading

RSS CISO Online

  • IDG Contributor Network: Navigating the gap between security and accessibility June 20, 2018
    Eliminating choke points As security providers, venues and law enforcement look to increase public safety while also reducing "soft target" dangers caused by security checkpoints, automated security tied to a person's identity is increasingly becoming the norm.More robust security protocols — accompanied by long waits — have become the new norm at large venues, transportation […]
  • IDG Contributor Network: 2018: The year data privacy got real June 20, 2018
    By now, we should all know that anything that you post or is posted about you on the Internet will likely be there forever, and all of our actions will ultimately be available for all eyes to see.  And while the older generations of users have long been skeptical about Internet privacy and security, it […]
  • The New Endpoint Security Market: Growing in Size and Scope June 20, 2018
    Venture capital investments in cybersecurity companies are aggressive these days but yesterday’s news was startling nonetheless.  Cylance announced a round of $120 million led by Blackstone Tactical Opportunities.  Cylance says that the funding will help it expand sales and marketing initiatives and extend its global footprint. Prior to the Cylance announcement, CrowdStrike announced a round of […]
  • IDG Contributor Network: What does GDPR mean for an organization's hybrid IT strategy? June 20, 2018
    On May 25, 2018, the European Union officially enacted the General Data Protection Regulation (GDPR), which will have a transformative effect on how companies manage and secure personal data.  The GDPR marks the biggest change to EU data privacy laws in more than 20 years and applies to any organization worldwide that collects and stores […]
  • IDG Contributor Network: It was 35 days to GDPR, and a lot of sleepless nights June 20, 2018
    If regulations are waves, then the General Data Protection Regulation (GDPR) is a tsunami. The GDPR is a European Union regulation on data protection. While other regulations are somewhat limited in what they do, GDPR touches every aspect of data. From the collection, processing, transmittal, application development, data handling and much more. Any firm that […]
  • IDG Contributor Network: Rose-colored glasses and sepia-tinted memories June 20, 2018
    Over the past two years, I have seen a number of memes across the Internet decrying personal income tax and how the government worked just fine without taxes before 1913.  Memes like this are destructive because they only show a portion of the true story and tell a false narrative.  Much like the perception that […]
  • The story of Mary June 20, 2018
    Not too long ago a colleague shared with me the story of Mary. It wasn’t that surprising. I’ve heard of stories like hers for many years: smart lady, up-and-comer who had been working at a mid-size pharmaceutical company for more than a decade. She started there, fresh out of college, and had just been made […]
  • Hardware, software options emerge for runtime encryption June 20, 2018
    When it comes to cloud applications, enterprises have an encryption gap. Encrypting data while it is in storage is straightforward, even if many companies are still neglecting to do it. So is encrypting data while it is in transit. But what about data in use?To read this article in full, please click here(Insider Story)
  • IDG Contributor Network: Ripped from the headlines – are your messages secure in these encrypted apps? June 19, 2018
    A few days ago, the FBI revealed that Michael Cohen’s messages sent with Signal and WhatsApp are now available as evidence in the on-going investigation into his various dealings. While thousands of emails and documents have already been recovered from Cohen’s devices, home, hotel room, and office, the recovery of data from messaging apps that […]
  • China increases its surveillance state June 19, 2018
    Apparently, China doesn’t believe it has enough surveillance yet to count as a dystopian hell, as there are plans to add bio-recognition technology to subways and install RFID chips in vehicle windshields.This goes beyond a person having their face scanned in order to be issued toilet paper at a historical park because visiting the Temple […]

RSS Krebs On Security

  • AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties June 19, 2018
    In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, the four major wireless carriers have responded to requests from a U.S. senator for more details about how the carriers are managing access to this extremely sensitive information. While three […]
    BrianKrebs
  • Google to Fix Location Data Leak in Google Home, Chromecast June 18, 2018
    Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local […]
    BrianKrebs
  • Librarian Sues Equifax Over 2017 Data Breach, Wins $600 June 13, 2018
    In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court. […]
    BrianKrebs
  • Microsoft Patch Tuesday, June 2018 Edition June 12, 2018
    Microsoft today pushed out a bevy of software updates to fix more than four dozen security holes in Windows and related software. Almost a quarter of the vulnerabilities addressed in this month's patch batch earned Microsoft's "critical" rating, meaning malware or miscreants can exploit the flaws to break into vulnerable systems without any help from […]
    BrianKrebs
  • Bad .Men at .Work. Please Don’t .Click June 11, 2018
    Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren't a whole mess of nasty .com, .net and .biz domains out there, but relative to their […]
    BrianKrebs
  • Adobe Patches Zero-Day Flash Flaw June 7, 2018
    Adobe has released an emergency update to address a critical security hole in its Flash Player browser plugin that is being actively exploited to deploy malicious software. If you've got Flash installed -- and if you're using Google Chrome or a recent version of Microsoft Windows you do -- it's time once again to make […]
    BrianKrebs
  • Further Down the Trello Rabbit Hole June 6, 2018
    Last month's story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the […]
    BrianKrebs
  • Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage June 5, 2018
    MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.
    BrianKrebs
  • Are Your Google Groups Leaking Data? June 1, 2018
    Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who've been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and […]
    BrianKrebs
  • Will the Real Joker’s Stash Come Forward? May 29, 2018
    For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known "carding" markets, or online stores […]
    BrianKrebs

RSS The Hacker News

  • Google Developer Discovers a Critical Bug in Modern Web Browsers June 20, 2018
    Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Google Chrome, the vulnerability resides in the way browsers handle cross-origin […]
  • Popular Flight Tracker Flightradar24 Suffers Data Breach June 20, 2018
    One of the world's most popular flight tracking services Flightradar24, which shows real-time aircraft flight information on a map, has suffered a massive data breach that may have compromised email addresses and hashed passwords for more than 230,000 customers. Without revealing any information about the breach publically via their blog or social media accounts, Flightradar24 […]
  • OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks June 20, 2018
    Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks. Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading (SMT) that allows the operating system to use a virtual core for each physical core present in processors
  • Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware June 20, 2018
    Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and […]
  • Email Phishers Using A Simple Way to Bypass MS Office 365 Protection June 19, 2018
    Security researchers have been warning about a simple technique that cyber criminals and email scammers are using in the wild to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners. Dubbed ZeroFont, the technique involves inserting hidden words with a font size of zero within the actual content […]
  • Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking June 19, 2018
    Remember the 'Olympic Destroyer' cyber attack? The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia. Earlier this year, an unknown group of notorious hackers targeted Winter Olympic Games 2018, held in South Korea, […]
  • TRON Cryptocurrency Founder Buys BitTorrent, µTorrent for $140 Million June 19, 2018
    BitTorrent, the company which owns the popular file-sharing client uTorrent, has quietly been sold for $140 million in cash to Justin Sun, the founder of blockchain-focused startup TRON. TRON is a decentralized entertainment and content-sharing platform that uses blockchain and distributed storage technology. It allows users to publish content without having to use third-party platforms […]
  • Ex-CIA employee charged with leaking 'Vault 7' hacking tools to Wikileaks June 19, 2018
    A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency's history. Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the […]
  • Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives June 18, 2018
    Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula from SecuRing published a blog post, about the "Quick Look" feature in macOS […]
  • Epic Games Fortnite for Android–APK Downloads Leads to Malware June 18, 2018
    Given Fortnite's current popularity and craziness across the globe, we understand if you have been searching the web for download links to Fortnite APK for Android phone. However, you are not alone, thousands of people out there are also searching tutorials and links for, "how to install Fortnite on Android" or "how to download Fortnite […]