Cybersecurity Digest #10: 10/08/2020 – 21/08/2020

Cybersecurity News

• Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw (CVE-2020-8708) ranks 9.6 out of 10 on the CVSS scale, making it critical.
• The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS traffic that uses TLS 1.3 with ESNI (Encrypted Server Name Indication) enabled.
• FireEye is extending its private bug-bounty program to the public. The expanded program, like its predecessors, will be run in partnership with Bugcrowd. Anyone with credentials on the Bugcrowd platform can submit vulnerabilities to the program, which will pay a bounty of $50 to $2,500 depending on the bug’s severity and potential impact.
• Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced that he is ready to make the code behind the site available in open source. According to him, the code will be turned over to the public for the betterment of the project and for the betterment of everyone who uses it.
• A group of academic researchers has devised practical attacks against major standards in email end-to-end encryption, which could lead to the exfiltration of sensitive information. The proposed attacks target the OpenPGP and S/MIME encryption schemes and can be used to leak private keys and other data, researchers with the Ruhr University Bochum and Münster University of Applied Sciences explain in a newly published paper.
• Security researchers have discovered what appears to be the first crypto-mining malware operation that contains functionality to steal AWS credentials from infected servers. This new data-stealing feature was spotted in the malware used by TeamTNT, a cybercrime group that targets Docker installs.
• A vulnerability affecting components used in millions of critical connected devices in the automotive, energy, telecom, and medical sector could let hackers hijack the device or access the internal network. Researchers found it in the Cinterion EHS8 M2M module from Thales but the vendor also confirmed it in BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, PLS62.
• The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a security alert warning of cybercriminals using phishing emails to deploy KONNI malware on target machines. KONNI is a remote administration tool (RAT) attackers use to steal files, capture keystrokes, take screenshots, and execute malicious code on infected machines.
• A sophisticated botnet campaign named FritzFrog has been discovered breaching SSH servers around the world, since at least January 2020. Written in Golang, FritzFrog is both a worm and a botnet that targets government, education, and finance sectors. The attack has already managed to infiltrate over 500 servers in the U.S. and Europe, of universities and a railway company.

Cybersecurity Blog Posts

• In the past few years, managed security service providers have come up with cloud-based SOCs used to monitor networks and computing infrastructure – no matter where they’re located. The virtual SOC takes this a step further and provides a wide range of services such as patching, malware remediation along with threat intelligence and defense. There are several things to consider in building the right virtual SOC, some of them are not as obvious and will require some effort to plan appropriate actions.
• An article by Recorded Future brings up an issue about the fast-converging worlds of information technology (IT) and operational technology (OT), along with new remote work challenges, and explores why OT and IT leaders must band together to tackle growing cybersecurity risks.
• Sean Gallagher, Senior Threat Researcher at Sophos, explains why Dharma, a family of ransomware first spotted in 2016, continues to be a threat to many organizations—especially small and medium-sized businesses. Part of the reason for its longevity is that its variants have become the basis for ransomware-as-a-service (RaaS) operations—the fast-food franchise of cybercrime.
• Brian Krebs explained the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

Research & Analytics

• In its “2020 Cloud Misconfigurations Report,” DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported. Organizations could therefore be leaking data from their cloud environments without their knowledge.
• Tripwire announced the results of a survey on the implementation of cloud security best practices among 310 security professionals. According to the survey, a number of organizations face shortcomings in monitoring and securing their cloud environments. A majority of security professionals (76%) state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment. Almost all (93%) are concerned about human error causing accidental exposure of their cloud data.
• According to Atlas VPN investigation, Google’s video platform YouTube removed 1.98 million channels between January and March of 2020. In 87.5% of the cases, the channels were terminated due to promoting scams, sending out spam, or posting misleading content.
• The second annual survey of application security professionals conducted by PerimeterX in conjunction with Osterman Research reveals the extent and the impact of Shadow Code across different organizations and industry verticals. The report shows results and trends from the 2020 survey about Shadow Code, Impact of Shadow Code on web application security, Key takeaways and best practices for managing the Shadow Code risk
• The average cost of a data breach has declined by 1.5% year-over-year, costing companies US$3.86 million per incident, according to IBM’s 2020 Cost of a Data Breach Report. The annual study analyzed data from 524 organizations that, while being based in 17 countries and regions and operating in 17 industries, have one thing in common – each of them has suffered a security breach over the past year.
• 2020 State of the Software Supply Chain Report delivers new evidence that faster innovation and better risk management do not have to be mutually exclusive – in fact, they feed off of each other. High Performance engineering teams are now accelerating velocity while simultaneously improving security outcomes. Experts revealed 430% increase in next-generation software supply chain attacks since last year’s report and shed light on download requests for 1 trillion npm and 376 billion java components.
• X-Force Red is unveiling a new research study, conducted by the Ponemon Institute, that highlights vulnerability management challenges for on-premises and cloud environments. According to this report, over six months, an average of 28% of vulnerabilities remain unmitigated, and organizations have a backlog of 57,555 identified vulnerabilities. 53% of respondents say their organization experienced a data breach in the past two years, with 42% saying the breach occurred because a patch was available for a known vulnerability, but not applied.
• The “Global Risks Report 2020,” published by the World Economic Forum (WEF), notes that cybercrime will be the second most-worrisome risk for global business until at least 2030. Every year, the world’s cybercriminals harvest at least $1.5 trillion in ill-gotten gains — as much as Russia’s gross domestic product (GDP). If cybercrime was a country, its GDP would be the 13th largest on Earth.
• Cyber-security firm Group-IB released a report RedCurl The pentest you didn’t know about. A new hacking group that has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data.
• Doctor Web published its July 2020 overview of malware detected on mobile devices. In July, the number of threats detected on Android devices decreased by 6.7% compared to June. The number of active malwares lowered by 6.75%, unwanted applications by 4.6%, riskware by 8.42% and adware by 9.83%.

Major Cyber Incidents

• A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. The databases contain 195,000 user records for the utahgunexchange.com, 45,000 records for their video site, 15,000 records from the hunting site muleyfreak.com, and 24,000 user records from the Kratom site deepjunglekratom.com.
• Brown-Forman Corp., a manufacturer of alcoholic beverages including Jack Daniel’s and Finlandia, said it was hit by a cyber-attack. The alleged hackers said they copied 1 terabyte of confidential data and promised to share it online. The website where they promised to share the information lists the victims of REvil ransomware, also known as Sodinokibi, a prolific ransomware-as-a-service threat that emerged on the threat landscape in early 2019.
• Carnival Corporation, the world’s largest cruise ship operator, disclosed a security breach, admitting to suffering a ransomware attack. Carnival said the attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. Based on a preliminary assessment of the incident, the attackers gained access to some guest and employees’ personal data.