Cybersecurity Digest #39: 29/11/2021 – 10/12/2021

Cybersecurity news

Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android. The first flaw, tracked as CVE-2021-34423, is a high-severity buffer overflow vulnerability that received a CVSS base score of 7.3.
Password-stealing and keylogging malware is being spread through fake downloads. Cisco Talos cybersecurity researchers disclose a newly discovered campaign that users custom malware to steal usernames, passwords and other sensitive information from victims.
An independent security researcher discovered a way to brute force Verizon PINs online, meaning they could potentially break into Verizon customer accounts. In response, Verizon has taken the impacted web pages offline.
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version. The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515) which could allow attackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers. Desktop Central Cloud is not affected.
Recorded Future Expert Allan Liska has published a new free e-book to explain: why ransomware exploded in recent years, how to stop a ransomware attack in its tracks and survive with minimal damage and should you pay the ransom or not.
German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims’ files after infection. This vaccine may cause your security software to believe your system is infected since it works by adding files the malware usually deploys on infected systems to trick the ransomware the device was already compromised.
Cybercriminals can now gain instant access to networks compromised by the infamous Emotet malware by installing Cobalt Strike beacons directly on infected machines. Emotet research group Cryptolaemus has confirmed that, instead of taking the regular route of dropping Cobalt Strike beacons through intermediate QakBot or TrickBot payloads, Emotet now deploys the beacons directly onto compromised devices.

Cybersecurity Blog Posts

Damian Chung explained how to combat ransomware with visibility. Most organizations start with basic email security, deploying a secure email gateway (SEG) — but that only gets you so far.
Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities. Rene Holt told in his post what buffer overflow attacks are and how to thwart them.
Dancho Danchev revealed his analysis results – automated social engineering driven OTP (One-Time-Passwords) and two factor authentication bypassing platform and mobile application spotted in the wild.
Sally Adam shared what the IT professionals that attended the Sophos Cybersecurity Summit 2021 had to say about emerging tech, risk management, cyber threats, SOCs, and bringing young people into the industry.

Research and analytics

According to PwC 2022 Global Digital Trust Insights, 69% of organisations predict a rise in cyber spending in 2022 compared to 55% last year. More than a quarter (26%) predict cyber spending hikes of 10% or more; only 8% percent said that last year. More than 50% organisations expect a surge in reportable incidents next year above 2021 levels.
APWG Phishing Trends Report 3rd Quarter 2021 revealed 260,642 phishing attacks in July 2021, which was the highest monthly in APWG’s reporting history. The number of phishing attacks has doubled from early 2020. The software-as-a-service and webmail sector was the most frequently victimized by phishing in the third quarter, with 29.1% of all attacks.
A new Juniper Research study has found that total SMS firewall revenue will increase from $911 million in 2021 to $4.1 billion in 2026; representing an absolute growth of 346%. SMS firewalls are third-party solutions that sit within operator networks; enabling the real-time monitoring of network traffic, enhancing operator capabilities to block fraudulent traffic and minimise revenue loss.
Based upon research conducted by Picus Labs, The Picus Red Report 2021 highlights the ten most common MITRE ATT&CK tactics and techniques used by adversaries over the last 12 months. Between October 2020 – October 2021, Picus Labs analyzed 231,507 unique files. 204,954 of these files (89%) were categorized as malicious. 2,197,025 actions were extracted from these files and mapped to 1,871,682 MITRE ATT&CK techniques.
Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average. The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February.
A new parasitic malware targets the popular Nginx web server, Sansec Threat Research discovered. This novel code injects itself into a host Nginx application and is nearly invisible. The parasite is used to steal data from eCommerce servers, also known as “server-side Magecart”. The malware was found on servers in the US, Germany and France. In this post, we show you how to find and remove it.
According to Data Privacy Priorities Report 2021 performed by BigID and ServiceNow, the majority of respondents (61%) are taking a proactive approach to overcoming privacy shortcomings by identifying and preventing the problems. However, a third of the respondents (33%) are simply being reactive to privacy threats by responding to incidents after they occur.
To help CEOs around the globe better understand cyber risks and how to make their businesses more secure, (ISC)² conducted an online poll of 200 cybersecurity practitioners, whose roles range from cybersecurity leadership to cybersecurity team member, and asked them a simple question: What do you feel every CEO needs to know to make their business more secure heading into next year? After analyzing the responses, below are five recommendations every CEO should know going into 2022.

Major Cyber Incidents

Global furniture giant IKEA has launched an investigation into an ongoing malware campaign targeting its computer systems. Cybercriminals exploit a vulnerability in Microsoft Exchange servers to distribute the Qakbot malware.
Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network. As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion.
The director of the mobile operator Mitto was selling access to the company’s networks. Mitto’s networks were accessed by private companies and government intelligence agencies that spied on users. Mitto has partnered with dozens of telecom companies and has contracts with Twitter, Google, WhatsApp, Telegram, TikTok, Instagram, LinkedIn, and Slack.
As a result of the cyber attack, the Bitmart marketplace lost $ 100 million in air and $ 50 million in other cryptocurrencies. Cybersecurity firm Peckshield, which specializes in blockchain security, tweeted on December 5 that cryptocurrency exchange Bitmart has been cyberattacked. Hackers hacked cryptocurrency wallets and stole assets worth about $ 200 million from the exchange. The exchange itself reported smaller losses.
Someone drained funds from multiple cryptocurrency wallets connected to the decentralized finance platform BadgerDAO. According to the blockchain security and data analytics Peckshield, which is working with Badger to investigate the heist, the various tokens stolen in the attack are worth about $120 million.
Researchers from cybersecurity firm Cybereason has released a “vaccine” that can be used to remotely mitigate the critical ‘Log4Shell’ Apache Log4j code execution vulnerability running rampant through the Internet. Apache Log4j is a Java-based logging platform that can be used to analyze web server access logs or application logs.