This Week in Security News - Jan 8, 2021
Investigation Launched into Role of JetBrains Product in SolarWinds Hack and TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about how cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal. Also, learn about TeamTNT’s latest attack, which is capable of distributed denial of service (DDoS).
Read on:
Expanding Range and Improving Speed: A RansomExx Approach
RansomExx, a ransomware variant responsible for several high-profile attacks in 2020, has shown signs of further development and unhampered activity. The most recently reported development involves the use of newer variants adapted for Linux servers that effectively expanded its range to more than Windows servers. In this blog, Trend Micro takes a look into its current techniques.
Cyber Security Company Helps Kids, Parents Sort Out Facts from Fiction Online
Trend Micro released Trend Micro Check, a free tool that helps fight online misinformation. Users can open it through Facebook, WhatsApp, a Chrome Extension or directly on the Trend Micro website, then copy and paste the information they want to verify, whether it's an article or an image on social media, and Trend Micro Check will verify the information in real time. Lynette Owens, founder and global director of Internet Safety for Kids and Families at Trend Micro, joins ABC7 Chicago to talk about the tool.
An Overview of the DoppelPaymer Ransomware
In early December 2020, the FBI issued a warning regarding DoppelPaymer, a ransomware family that first appeared in 2019 when it launched attacks against organizations in critical industries. Its activities have continued throughout 2020, including a spate of incidents in the second half of the year that left its victims struggling to properly carry out their operations.
FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack
The U.S. government formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Russia, however, denied any involvement in the operation on December 13. The FBI, CISA, ODNI, and NSA are members of the Cyber Unified Coordination Group (UCG), a newly-formed task force put in place by the White House National Security Council to investigate and lead the response efforts to remediate the SolarWinds breach.
Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration
Trend Micro discovered a new campaign that it named “Earth Wendigo” that has been targeting several organizations in Taiwan since May 2019. The threat actor aims to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely used in Taiwan.
The Anatomy of a Modern-Day Ransomware Conglomerate
For school administrators, medical organizations and other crucial industries that haven’t already had enough bad news over the past year, there is a new hacking group that relies on emerging techniques to rip off its victims, dubbed Egregor. What’s worse is that the group is using an innovative structure that’s becoming more common in the cybercrime underworld. In this article, Bob McArdle, director of threat research at Trend Micro, explains how these sophisticated ransomware groups operate.
How to Protect Your Kid’s Privacy While At-Home Learning
Many school-aged children now have school-supplied computer equipment that they are using away from the school network. However, with this comes privacy and security concerns. Some are easy to avoid, but others need some modifications to ensure safety. In this blog, learn how to protect your child’s privacy during their remote learning.
Investigation Launched into Role of JetBrains Product in SolarWinds Hack: Reports
Cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal. JetBrains is a software development company based in the Czech Republic that has offices in Europe, Russia and the United States. The company claims its solutions are used by over 9 million developers across 300,000 companies around the world.
TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger
Earlier this year, cybercrime group TeamTNT attacked exposed Docker APIs using the XMRig cryptocurrency miner. Over time, TeamTNT has expanded the functionality of its attacks to include the stealing of Amazon Web Services (AWS) secure shell (SSH) credentials and a self-replicating behavior for propagation. TeamTNT’s latest attack involves the use of the group’s own IRC (Internet Relay Chat) bot, called TNTbotinger and it’s capable of distributed denial of service (DDoS).
Phishing Technique Uses Legitimate-looking Domains to Avoid Detection
Email threats continued to increase this year, and the number of phishing URLs rose along with it. During Trend Micro’s recent tracking efforts, it observed a phishing technique that involves a combination of phishing email and scam pages. This combination comprises an exact URL being the phishing page, and its domain being a scam website.
Health Care Organizations Under Siege from Ryuk Ransomware
In a new report, researchers from Check Point Software said that since the start of November, there has been a 45% increase in attacks targeting health care organizations globally, compared to an average 22% increase in attacks against other industry sectors. The average number of weekly attacks in the health care sector reached 626 per organization in November, compared with 430 in October. The main ransomware variant used in attacks is Ryuk, followed by Sodinokibi.
Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
Trend Micro recently encountered a Negasteal (also known as Agent Tesla) variant that used hastebin for the fileless delivery of the Crysis (also known as Dharma) ransomware. This is the first time that Trend Micro has observed Negasteal with a ransomware payload. Similar to Negasteal, Dharma works on a ransomware-as-a-service (RaaS) model that makes it accessible for other cybercriminals to pay for.
World Economic Forum Releases Insights on the State of IoT
In collaboration with the Global Internet of Things Council, the World Economic Forum released “State of the Connected World” which looks closely at the most pressing opportunities and challenges faced by the IoT ecosystem. The report shares that COVID-19 has accelerated trends toward remote working, distance learning, and telehealth. As such, it increased the risks associated with IoT, requiring good governance.
US IoT Improvement Act Becomes Law
The Cybersecurity Improvement Act of 2020 requires federal agencies to have cybersecurity requirements to all controlled and owned IoT devices. Under the new law, the National Institute of Standards and Technology (NIST) must release standards and guidelines for federal agencies on the use of IoT devices and parent with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) in releasing guidelines on security vulnerability.
Trend Micro Reports Finds AI Can Be Exploited to Attack Autonomous Cars
Autonomous cars are at risk of malicious use and abuse, especially in the era of 5G. Autonomous cars use a wide range of sensors such as cameras to perform machine learning(ML)-guided image recognition of signs and other elements of their surroundings. The ML models also determine the appropriate behavior for the vehicle to take. These functionalities be exploited to attack its AI models.
If you’re a parent or guardian, how are you working to ensure your child’s privacy while remote learning? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.