Cybersecurity Digest #16: 01/01/20201 – 15/01/2021

Cybersecurity News

  • At the 2021 Consumer Electronics Show, Intel announced it is adding ransomware detection capabilities to its new 11th Gen Core vPro processors through improvements to its Hardware Shield and Threat Detection Technology (TDT).
  • Microsoft has released Sysmon 13 with a new security feature that detects if a process has been tampered using process hollowing or process herpaderping techniques. Microsoft Sysmon now detects malware process tampering attempts.
  • Microsoft has released fixes for 83 vulnerabilities last Patch Tuesday, among which 10 are classified as critical and 73 as Important. Along with these vulnerabilities, Microsoft has also released fixes for one zero-day, and one publicly disclosed vulnerability this month.
  •  Bitdefender has announced the availability of a decryptor for Darkside. This family of ransomware has emerged in August 2020 and operates under a ransomware-as-a-service business model.
  •  The world’s largest illegal marketplace on the dark web, Dark Market, has been taken offline, with German authorities arresting an Australian man over the alleged operation of the nefarious site. More than 2,400 sellers on the marketplace mainly traded drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards, and malware.

Cybersecurity Blog Posts

  • Narendra Sahoo tells about PCI DSS Gap Analysis which is usually the first step performed in the PCI Compliance process. The main purposes and benefits are listed in the article.
  • Threat actors’ dangerous and rising interest in the global energy industry – the heading of the article published in Blueliv blog. The author gives us examples of successful cyberattacks on energy infrastructure and explain how to avoid further attacks of this nature.
  • NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry. In their intrusions they regularly abused cloud services from Google and Microsoft to achieve their goals.
  • Lenny Zeltser has shared a roadmap for getting into malware analysis. He advised to understand your fit into the malware analysis process, to review and learn from others and to start experimenting with malware in your lab.

Research and analytics

  • The Forrester Wave published Static Application Security Testing, Q1 2021. The report details essential elements of AppSec solutions and ranks SAST vendors based on their current offering – including criteria such as breadth of coverage, remediation guidance and education, findings accuracy, reporting, rule management, and SDLC integration – as well as their strategy and market presence.
  • Google published a six-part report detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices. The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks.
  • In 2020 ESET saw several attacks targeting Colombian entities exclusively. These attacks are still ongoing at the time of writing and are focused on both government institutions and private companies. For the latter, the most targeted sectors are energy and metallurgical. The attackers rely on the use of remote access trojans, most likely to spy on their victims.

Major Cyber Incidents