Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn how Poly Network has become a victim of a cyberheist in which hackers managed to steal $611 million worth of cryptocurrencies. Also, read how cybersecurity is being called the “new great game” in government.
Read on:
Chaos Ransomware: A Proof of Concept with Potentially Dangerous Applications
Trend Micro has been monitoring an in-development ransomware builder called Chaos. While it’s purportedly a .NET version of Ryuk, closer examination of the sample reveals that it doesn’t share much with the notorious ransomware. In fact, early versions of Chaos were more akin to a destructive trojan than to traditional ransomware. This blog entry looks at some of the characteristics of the Chaos ransomware builder and how its iterations added new capabilities.
Cybersecurity Is the New ‘Great Game’
Building a national cyber-defense plan took center stage at this year’s Black Hat cybersecurity conference. “The [Great Game] is playing out in cyberspace right now,” said Homeland Security Secretary Alejandro Mayorkas. Cyberattacks on companies like Colonial Pipeline, JBS foods, and Kaseya, as well as interference in the U.S. elections, have reinforced the importance of cybersecurity, how to govern the internet, and why we need free and secure cyberspace. In this article, Kevin Simzer, COO at Trend Micro, shares why he believes there is more than can be done from the government level.
Cinobi Banking Trojan Targets Users of Cryptocurrency Exchanges with New Malvertising Campaign
Trend Micro found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan. Trend Micro considers this to be a new campaign from Water Kappa that is aimed at users of web browsers other than Internet Explorer.
10 Initial Access Broker Trends: Cybercrime Service Evolves
The rise of ransomware as a moneymaking powerhouse for online attackers parallels the services being offered by initial access brokers. Such brokers sell access as a service to others, saving them the time, effort and expense of gaining a toehold in an organization's network. $5,400 is the average price for access to hacked networks.
August Patch Tuesday: A Quiet Month for Microsoft
This month’s Patch Tuesday updates prove to be a calmer month for Microsoft, compared to the more eventful July security bulletin. This is evident in the short list of only 44 patched vulnerabilities published this month, of which seven are noted as critical and the rest as important. Eight were also submitted via the Trend Micro Zero Day Initiative. What is notable for this month is the inclusion of three vulnerabilities in Print Spooler, given how flaws in this service have garnered much attention in the last month.
Accenture Hit by Ransomware Attack, Latest Victim Of ‘Cyber-Pandemic’
Accenture confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information. Accenture reported there was no impact on the company.
ENISA says System Failure is on the Rise
The European Union Agency for Cybersecurity (ENISA) recently released two annual reports on telecom security incidents and trust security incidents for 2020. According to Telecom Security Incidents 2020, faulty software changes and/or updates are a major factor in terms of impact, resulting in more than 300 million hours lost or 40% of the total number of hours lost. The report also revealed that system failures continue to be the most prominent cause of incidents, leading to severe impact.
QR Code Scammers Get Creative with Bitcoin ATMs
With the use of QR codes rising, so are the numbers of scams that aim to take advantage them. Researchers warned that threat actors are going so far as to send potential victims to gas stations to use Bitcoin ATMs in their endeavors to exploit the technology.
Biden Releases Memo on Critical Cybersecurity Infrastructure Bill
United States President Joe Biden recently released a memorandum on improving cybersecurity for critical infrastructure control systems. The memo is a product of a 100-day cybersecurity initiative, furthering the Biden administration’s move to safeguard US critical infrastructure.
Hackers Steal $600 million in Largest Ever Cryptocurrency Heist
One of the industry’s leading decentralized finance platforms (DeFi) Poly Network has become a victim of a cyberheist in which hackers managed to steal $611 million worth of cryptocurrencies. However, hackers have started returning some of the stolen funds.
Most Supply Chain Attacks Target Supplier’s Code—ENISA
Cybersecurity experts have long been concerned about supply chain attacks because a single attack can wreak havoc and compromise a network of providers. According to the European Union Agency for Cybersecurity’s (ENISA) Threat Landscape for Supply Chain Attacks, 62% of supply chain attacks use malware as a technique. The report also mentioned that strong security protection is no longer adequate for enterprises when attackers have already targeted suppliers.
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
In this analysis, Trend Micro looks into the implementations of PrintNightmare and the visibility enabled by Trend Micro Vision One™ and Trend Micro Cloud One™ to mitigate the risks brought on by critical gaps found in systems such as the Print Spooler service. Using the indicators and attributes of exploitation attempts logged from network and endpoints, both platforms allow security teams and analysts a wider view of attack attempts for immediate and actionable response.
What are your thoughts on the $600 million cryptocurrency heist? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.