Cybersecurity Digest #41: 3/01/2022 – 21/01/2022

Cybersecurity news

• EU to Stage Large-Scale Cyberattack Exercise on Supply Chains. The aim of the six-week exercise is to stress-test Europe’s resilience, strengthen preparedness and cooperation among member states, and improve the effectiveness of a joint response.
• The research arm of Palo Alto Networks, revealed how attackers are using the service to carry out a supply chain attack to inject card skimming malware onto victim sites. Web skimming attacks occur when malicious script is injected into sites to steal information entered into web forms.
• SentinelLabs has discovered a high severity flaw in the KCodes NetUSB kernel module used bya large number of network device vendors and affecting millions of end user router devices.
• A Safari bug has surfaced, that can leak browsing history and information related to Google account. Apple’s browser, which is the default on macOS, iOS, and iPad OS has a security issue related to IndexedDB. This is an API that is used by websites to store data on the device, and uses the same-origin policy.
• AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.
• VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found. With a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools.
• A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations has been discovered to be active since at least 2019, targeting over fifteen entities worldwide. The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source intelligence) techniques like DNS scans and public sandbox submissions.

Cybersecurity Blog Posts

• Securing secrets in containerized environments requires the collaboration of both development and security teams. There are three potentially vulnerable areas within Kubernetes to focus on as part of a true DevSecOps approach.
• AI and ML implementation in cybersecurity programs pushes for a change in people’s mindset. In the interview with Help Net Security, Scott Laliberte, Managing Director at Protiviti, talks about the implementation of AI and ML in cybersecurity programs, why this is a good practice and how it can advance cybersecurity overall.
• Hikvision specialists have prepared a list of key trends that will shape the security industry in 2022.
• Specialists of Quantum Xchange, a company engaged in providing “quantum-stable” cybersecurity, published in a corporate blog five brief industry forecasts related to the development of quantum computers and told what is becoming extremely relevant this year against the background of the rapid approach of the “quantum turn”.

Research and analytics

• Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Operators of these campaigns hunt for corporate credentials, aiming to commit financial fraud or to sell them to other malicious actors.
• Earth Lusca employs sophisticated infrastructure, varied tools and techniques. Trend Micro experts provided an in-depth look at Earth Lusca’s activities, the tools it employs in attacks, and the infrastructure it uses.
• Hyperautomation, just-in-time infrastructure, and composable technologies are among the key trends infrastructure and operations (I&O) professionals can expect to see in the coming months, according to Gartner.
• Check Point Research (CPR) reports that from mid-2020 throughout 2021, there has been an upwards trend in the number of cyber-attacks. This trend  reached an all-time high at the end of the year, peaking to 925 cyber attacks a week per organization, globally. Overall in 2021, researchers have seen 50% more attacks per week on corporate networks compared to 2020.
• Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.
• A team of researchers from University of Arizona, University of South Florida and University of Georgia, USA, published Counteracting Dark Web Text-Based CAPTCHA with Generative Adversarial Learning for Proactive Cyber Threat Intelligence. According to their research, DW-GAN significantly outperformed the state-of-the-art benchmark methods on all datasets, achieving over 94.4% success rate on a carefully collected real-world dark web dataset.
• Research And Markets has published a report «Zero-Trust Security – Global Market Trajectory & Analytics». Amid the COVID-19 crisis, the global market for Zero-Trust Security estimated at US$18.3 Billion in the year 2020, is projected to reach a revised size of US$64.4 Billion by 2027, growing at a CAGR of 19.7% over the period 2020-2027.
• The global market for Network Security Sandbox estimated at US$4 Billion in the year 2020, is projected to reach a revised size of US$43 Billion by 2027, growing at a CAGR of 40.2% over the period 2020-2027 by Reasearch And Markets.
• Check Point Research issued Q4 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up personal data. Twenty-three percent of all brand phishing attempts were related to DHL, up from just 9% in the previous quarter. The Microsoft brand, meanwhile, only accounted for 20% of all phishing attempts in Q4 versus 29% in Q3.

Major Cyber Incidents

• Utilizing threats and other “social engineering” methods, individuals acting maliciously were able to exploit human error within EA customer experience team and bypass two-factor authentication to gain access to player FIFA accounts. Less than 50 accounts have been taken over using this method.
• Liechtenstein-based crypto exchange LCS has confirmed the compromise of one of its hot wallets after temporarily suspending all deposits and withdrawals on the platform. LCX loses $6.8M in a hot wallet compromise over Ethereum blockchain. The hot wallet compromise was followed by an unauthorized transfer of eight types of ERC-20 tokens including THE, USDC, LINK and MKR.
• Five days after the new year, the Metropolitan Detention Center (MBC) in Bernalillo County, New Mexico suddenly went on lockdown. A ransomware cyberattack has knocked the jail’s internet connection offline, rendering most of their data systems, security cameras, and automatic doors unusable. Prisoners were confined in their skills while MDC technicians struggled to get everything back up and running again.
• At least 15 websites belonging to various Ukrainian public institutions were compromised, defaced, and subsequently taken offline. This includes the websites of the ministry of foreign affairs, agriculture, education and science, security and defense, and the online portal for the cabinet of ministers.
• Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary’s systems were compromised in a ransomware attack Lorenz.