Cybersecurity Digest #19: 15/02/2021 – 26/02/2021

Cybersecurity News

• Security researchers have spotted a new malware operation targeting Mac devices named Silver Sparrow that has silently infected almost 30,000 systems. Despite the high number of infections, details about how the malware was distributed and infected users are still scarce.
• The Cofense Phishing Defense Center (PDC) has observed a new phishing campaign that posts the harvested credentials utilizing the Telegram API.
• Masslogger Trojan reinvented in quest to steal Outlook, Chrome credentials. The operators have also been linked to the use of AgentTesla, Formbook, and AsyncRAT. Cybersecurity researchers from Cisco Talos said the campaign is currently focused on victims in Turkey, Latvia, and Italy, expanding activities documented in late 2020 which targeted users in Spain, Bulgaria, Lithuania, Hungary, Estonia, and Romania.
• The GreatHorn Threat Intelligence Team has identified a new email attack trend, where cybercriminals are able to bypass traditional URL defenses to attack end users. The URLs are malformed, not utilizing the normal URL protocols, such as http:// or https://. Instead, they use http:/\ in their URL prefix.

Cybersecurity Blog Posts

• Andrew Snyder told about top 2021 banking and fintech security regulations. He highlighted Payment Services Directive 2 (PSD2), California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLB) etc.
• Galvinize experts explained how to choose between compliance and risk management and why choosing the right approach is so important. Here are some best practices from the experts: to implement a steering committee, to balance goals between aspirational and achievable, to focus on mission-critical systems and data assets, to evaluate GRC products to help streamline the process, to extrapolate the risk insights to other areas of security program and to promote the approach to clients and partners.
• Shane Cooper shared 5 Things MSPs Should Know Before Adopting EDR. He claims that all security tools with an endpoint agent are basically EDR and that response is a key to a successful EDR solution. He also explains how to maintain with EDR information and what’s behind the EDR hype and how to plan out next steps for adopting EDR at MSP.
• Check Point presented a new strategy which is addressing three key pillars to address cyberattacks and new attack surfaces: Harmony (highest levels of security for remote employees), CloudGuard (unified and automated approach to secure your cloud), Quantum (enterprise network security for perimeter and datacenter).

Research and analytics

• Check Point researchers have published Global Threat Index for December 2020. It has revealed that the Emotet trojan has returned to first place in the top malware list, impacting 7% of organizations globally, following a spam campaign which targeted over 100,000 users per day during the holiday season.
• WhiteHat Security published AppSec Stats Flash Volume 2. Manufacturing continues to have the highest window of exposure with close to 70% of applications in the sector having at least one serious exploitable vulnerability open throughout the year. Additionally, key industries (Public Administration, Real Estate, Health Care, Education, Retail, Utilities) continue to suffer from high windows of exposure (>50%) throughout the year.
• Recorded Future has announced Q4 2020 Malware Trends Report: year punctuated by ransomware and data breaches concludes with sophisticated SolarWindsa attack.
• NIST security vulnerability trends in 2020, a research performed by Redscan, has revealed that more security vulnerabilities were disclosed in 2020 (18,103) than in any other year to date–at an average rate of 50 CVEs per day. 57% of vulnerabilities in 2020 were classified as being ‘critical’ or ‘high severity’ (10,342).
• Cybersecurity experts introduced a new attack method that allows attackers to trick a POS payment terminal into thinking that a Mastercard contactless card is in fact a Visa card. It enables criminals to use a vic-tim’s Mastercard contactless card to pay for expensive goods without knowing the card’s PIN.

Major Cyber Incidents

• RIPE NCC, the organization that manages and assigns IPv4 and IPv6 addresses for Europe, the Middle East, and the former Soviet space, has disclosed today a failed cyber-attack against its infrastructure. The SSO service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. The agency said it mitigated the attack and found that no account was compromised but that an investigation is still underway.
• Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. Kia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has nearly 800 dealers in the USA with cars and SUVs manufactured out of West Point, Georgia.
• Clubhouse App Steps Up Security After Breach. New security concerns are raised about the popular audio chatroom app Clubhouse after a hacker was able to stream an audio feed from “multiple rooms”. A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn’t be stolen by malicious hackers or spies, at least one attacker has proven the platform’s live audio can be siphoned.
• UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover. UL is the largest and oldest safety certification company in the United States, with 14,000 employees and offices in over 40 countries.