Security Analysts Use Packet Capture to Investigate Malware
Critical Insight Security Analysts perform threat investigations every day. The investigations are in-depth and high-quality. They are carried out by real people who have the right tools and data, including full packet capture. Here is a story from one of the Critical Insight Security Analysts explaining what happened recently. It highlights why real MDR investigations need real people who can see and understand the metadata from packet capture (PCAP).
Online Voting Has Worked So Far. That Doesn’t Mean It's Safe
The Covid-19 pandemic has made internet voting options more tempting than ever for election officials across the US. But election integrity advocates and security experts continue to warn that remote digital voting systems, whether mobile apps or cloud portals, do not have strong enough security guarantees for prime time. On Friday, a group of federal agencies including the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and the Election Assistance Commission sent a risk assessment to states, warning that "electronic ballot return technologies are high-risk even with controls in place."
FBI, CISA warn China targeting orgs conducting Covid-19-related vaccine, treatment research
The bureau is investigating the activities of PRC-affiliated cyber actors as well as “non-traditional collectors” targeting and compromising U.S. organizations doing research related to the coronavirus. “These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” the FBI said in a separate release, noting that “the potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
Protecting healthcare and human rights organizations from cyberattacks
Every patient deserves the best possible healthcare treatment, and we all need to thank and applaud the truly heroic work by those risking their own health to help those who are sick. Their work is challenging enough but is being made more difficult by cyberattacks, now or in the future. Some attacks, such as the one on Brno University Hospital, have resulted in delays in COVID-19 testing, new patients being turned away and treatments being postponed. Others, such as the attack in Illinois, have held up access to critical COVID-19-related healthcare guidance.
Zoom security issues place spotlight on other video platforms' privacy troubles
Ransomware Attack on Magellan Health Results in Data Exfiltration
On April 11, the Fortune 500 company discovered it had fallen victim to a ransomware attack. Hackers first gained access to the Magellan Health network five days earlier, through a social engineering phishing scheme that impersonated a Magellan client. Upon discovery, an investigation was launched with assistance from a third-party cybersecurity forensics firm. Officials said they determined that before the ransomware payload was launched, the cybercriminals exfiltrated a subset of data from a single corporate server, which included personal data from some of its employees.
Celebrity law firm hit by “surgical” cyberattack, threatening A-list personal data
The attack saw the New York City, the US-based firm’s systems breach by hackers, enabling them to steal its vast repository of files, and infect them with strain of ransomware known as REvil/Sodinokibi. The perpetrators have posted a screenshot of the file directory along with what appears to be a Madonna contract, and are demanding payment of an unknown amount to prevent the full repository’s release.
Researcher Spots New Malware Claimed to be 'Tailored for Air‑Gapped Networks'
A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed 'Ramsay,' the malware is still under development with two more variants (v2.a and v2.b) spotted in the wild and doesn't yet appear to be a complex attacking framework based upon the details researcher shared.
Patch or Perish: Nation-State Hacker Edition
Vulnerability management programs enable organizations to stay on top of prioritizing security updates, patching them proactively and driving down remediation times...Enter the Top 10 Most Exploited Vulnerabilities 2016-2019 released by the U.S. Cybersecurity and Infrastructure Security Agency and the FBI on Tuesday. The list is intended to help all organizations "place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors," they say. Typically, "sophisticated nation-state hackers" refers to those who work for, or on behalf of, China, Iran, North Korea and Russia.
CISA releases analysis of three Hidden Cobra malware variants
The malware analyzed by CISA, the Department of Defense and the FBI are code-named Copperhedge, Taintedscribe and Pebbledash, all three of which are believed to be operated by the North Korean operated Hidden Cobra APT group. All act as persistent agents with malicious goals that include stealing cryptocurrency and data exfiltration. The remote access tool (RAT) Copperhedge uses the Manuscript family of malware, which is a full-featured RAT, to target cryptocurrency exchanges and related entities.
Coming or Going? In the Encryption Debate, U.S. Government Doesn’t Know
Currently, the biggest threat to encryption in the U.S. is the upcoming EARN IT Act. The bill is designed to combat online sexual exploitation of children. While absolutely a worthwhile goal that should be a priority for companies, governments and individuals alike, the bill is a pandora’s box of uncertainty when it comes to encryption. The bill addresses protection under Section 230 of the Communications Decency Act, wherein companies are not held liable for things people say or do on their communications platforms.
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
How agencies can defend against pandemic-fueled cyber threats
As the world struggles to curb the spread of COVID-19, seemingly every facet of “normal” has changed. What hasn’t slowed, however, are the myriad bad actors targeting the government for gain – whether that’s harvesting sensitive information or targeting local governments with ransomware. In fact, some agencies are already detecting an uptick in cyber adversary activity as these bad actors take advantage of perceived vulnerability amid the panic surrounding the pandemic.
Foreign countries’ Efforts to Influence U.S. Public's Understanding of COVID-19
In fact, the European External Action Service of the European Union recently stated in a report on disinformation and the COVID-19 pandemic that “despite their potentially grave impact on public health, official and state-backed sources from various governments, including Russia and—to a lesser extent—China, have continued to widely target conspiracy narratives and disinformation both at public audiences in the EU and the wider neighborhood.”
The Cybersecurity 202: Internet-based voting is the new front in the election security wars
Voting systems that rely on the Internet are fast becoming a major conflict zone in the battle to secure the 2020 election against hacking. The development comes as states are scrambling to revamp their voting procedures to respond to the novel coronavirus pandemic. In some cases that means allowing digital voting to play a more prominent role, despite persistent warnings from experts that it's highly insecure and often unverifiable.
Federal Commission Recommends Cybersecurity Overhaul
"For over 20 years, nation-states and non-state actors have used cyberspace to subvert American power, American security, and the American way of life," wrote the Cyberspace Solarium Commission, which Congress created in 2018. Lawmakers modeled the panel after President Dwight Eisenhower's Project Solarium, which developed a Cold War strategy to counter the Soviet Union. Today's Solarium is looking to defend against digital threats from Russia, China and elsewhere. "Despite numerous criminal indictments, economic sanctions, and the development of robust cyber and non-cyber military capabilities, the attacks against the United States have continued," it wrote.