Cybersecurity Digest #23: 12/04/2021 – 23/04/2021

Cybersecurity News

  • The US administration approved a 100-day plan to protect electrical infrastructure from cyber threats from adversaries. This is stated in a statement by the official representative of the National Security Council of the White House, Emily Horne.
  • Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312 with the title ‘Windows NTFS Denial of Service Vulnerability.’
  • Nato holds Locked Shields 2021 – cyber war games with hackers targeting fictional island nation. The drills involving 30 countries are meant to test Nato’s defences during a global pandemic that is making the world more dependent on virtual systems. Hackers targeted vaccine developers during the Covid-19 crisis and the US government was the target of a major cyber attack, which was discovered last year.
  • A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.
  • According to coordinated reports published by FireEye and Pulse Secure, two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide. The attacks were first discovered by the cybersecurity firm FireEye early this year. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks.

Cybersecurity Blog Posts

Research and analytics

  • Check Point Research’s latest Global Threat Index for March 2021 has revealed that the banking trojan IcedID has entered the Index for the first time, taking second place, while the established Dridex trojan was the most prevalent malware during March, up from seventh position in February.
  • McAfee have published McAfee Labs Threat Report Q4 2021. The volume of malware threats observed by McAfee Labs averaged 588 threats per minute, an increase of 169 threats per minute (40%) in the third quarter of 2020. The fourth quarter volume averaged 648 threats per minute, an increase of 60 threats per minute (10%).
  • Veracode has released Biggest Data Breaches 2020 Report. The data reveals that information leakage, CRLF injection, cryptographic issues, and code quality are the most common security vulnerabilities plaguing applications today.
  • Threat Intelligence Executive Report 2021 Vol. 2 by Secureworks had reviewed the events and trends from the information security world from January through February 2021. You’ll learn about Emotet botnet disrupted by coordinated law enforcement action, compromised water treatment facility in Florida, USA and scan-and-exploit victims listed on ransomware leak site.
  • Check Point Research issued Q1 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up personal data. In Q1, Microsoft was again the brand most frequently targeted by cybercriminals, as it was in Q4 2020. Thirty-nine percent of all brand phishing attempts were related to the technology giant (down slightly from 43% in Q4), as threat actors continued to try to capitalize on people working remotely during the Covid-19 pandemic.
  • According to M-Trends 2021 Report performed by Fireeye, one of the most striking trends for the period of October 1st, 2019 to September 30th, 2020 was the significant reduction in the global median dwell time. This is the first time Mandiant has observed the global median dwell time dip below one month.

Major Cyber Incidents