Cybersecurity Digest #18: 01/02/2021 – 12/02/2021

Cybersecurity News

  • A small but complex malware variant called Kobalos is targeting supercomputers worldwide. The malware’s codebase is tiny but is sophisticated enough to impact at least Linux, BSD, and Solaris operating systems. ESET suspects it may possibly be compatible with attacks against AIX and Microsoft Windows machines, too.
  • The vulnerability, disclosed recently as CVE-2021-3156 by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Matthew Hickey, the co-founder of Hacker House, has discovered that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed.
  • NIST published a guidance helping to protect sensitive information in a variety of electronic systems. NIST’s Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, offers a set of tools designed to counter the efforts of state-sponsored hackers and complements another NIST publication aimed at protecting CUI.
  • Google has launched the Open Source Vulnerabilities (OSV) website, offering up a vulnerability database to help triage bugs in open-source projects and help maintainers and consumers of open source. The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consumers of open source software accurately identify if they are impacted and then make security fixes as quickly as possible.
  • Plex Media servers are actively abused to amplify DDoS attacks. Plex Media Server provides users with a streaming system compatible with the Windows, macOS, Linux, and FreeBSD platforms, as well as network-attached storage (NAS) devices, Docker containers, and more. Attackers can exploit roughly 27,000 exposed devices running Plex Media Server to amplify and reflect DDoS traffic onto their targets systems.

Cybersecurity Blog Posts

  • Nir Chako gave his Security Predictions For 2021: attackers’ tactics will evolve as personal islands of security form, deepfakes will make feature in enterprise attacks, 5G will leads to the biggest denial-of-service (DDos) attack yet and insiders will crack under pandemic-led pressure and make bad decisions.
  • Colin Connor in his post explained how to move threat identification from reactive to predictive and preventative. He moved deeper into the concept and expanded upon the threat identification process through example scenarios, helping translate the conceptual framework into daily practice.
  • IT Security Guru has published top 10 cybersecurity events and conferences in 2021 you shouldn’t miss, regardless if they are virtual or not.
  • Maddie Stone from Project Zero Team at Google states that 2020 was a year full of 0-day exploits.  The most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explored.

Research and analytics

  • According Tessian survey, 90% of people post information related to their personal and professional lives online, younger generations are more likely to have a social media presence than older generations. To find out how vulnerable people and businesses are, they have surveyed 4,000 employees and interviewed ten hackers.
  • The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q4 of 2020. Fewer companies are giving in to cyber extortion when they are able to recover from back ups. This inflection led to a large decline in average ransom amounts paid. The average ransom payment decreased 34% to $154,108 from $233,817 in Q3 of 2020.The median payment in Q4 also decreased to $49,450 from $110,532, a 55% reduction.
  • Cisco Talos specialists have interviewed a LockBit ransomware operator and experienced threat actor. He told about his professional background and personal interests and beliefs, what drove him to engage in cyber criminal activities, how he selects his targets and victims, his thoughts on the ransomware threat landscape, and more.
  • The ITRC’s Data Breach Report for 2020 shows the continuation of a trend from 2019: cybercriminals are less interested in stealing large amounts of consumers’ personal information. Instead, threat actors are more interested in taking advantage of bad consumer behaviors to attack businesses using stolen credentials such as logins and passwords. This report highlights a number of trends that indicate the dynamic nature of identity crimes and compromises. 1108 total data breaches, down 19% compared to 2019.
  • According to the Chainalysis 2021 Crypto Crime Report, darknet markets set a new revenue record in 2020, bringing in a total of $1.7 billion worth of cryptocurrency. Interestingly, this record comes as individual purchases from darknet markets declined, falling from 12.2 million in 2019 to fewer than 10 million in 2020. Nearly all of the growth in darknet market activity we see in 2020 can be attributed to one specific market: Hydra.
  • Claroty’s second Biannual ICS Risk & Vulnerability Report has showed that the sectors most affected by ICS vulnerability disclosures in 2H 2020 are critical manufacturing, energy, water and wastewater, and commercial facilities. The number of ICS vulnerabilities disclosed in 2020 increased by 32.89% compared to 2018 and 24.72% compared to 2019. The primary factors for the increase are likely heightened awareness of the risks posed by ICS vulnerabilities and increased focus from researchers and vendors on identifying and remediating such vulnerabilities as effectively and efficiently as possible.

Major Cyber Incidents

  • French cyber-security firm Stormshield, a major provider of security services and network security devices to the French government, has announced that a threat actor gained access to one of its customer support portals and stole information on some of its clients. The company also reported that attackers managed to steal parts of the source code for the Stormshield Network Security (SNS) firewall, a product certified to be used in sensitive French government networks, as part of the intrusion.
  • Hackers have published extensive patient information from two U.S. hospital chains in an apparent attempt to extort them for money. The files, which number in at least the tens of thousands and were posted to a blog on the dark web that the hackers use to name and extort their victims, includes patients’ personal identifying information, like their names, addresses and birthdays, as well as their medical diagnoses.
  • COMB, or the Compilation of Many Breaches, leaked online with 3.2 billion unique pairs of cleartext emails and passwords. many data breaches and leaks have plagued the internet in the past, this one is exceptional in the sheer size of it. To wit, the entire population of the planet is at roughly 7.8 billion, and this is about 40% of that.
  • A hacker breached computer networks at Oldsmar, Florida, water treatment plant, remotely delivering a 100-fold boost in a chemical that is highly dangerous in concentrated amounts. In an attack with the potential to harm public health, the hacker on Feb. 5 gained access to a city computer and changed the level of sodium hydroxide – which is used to remove metals and control acidity – from 100 parts per million to 11,100 parts per million.