Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about a macOS backdoor variant that relies of multi-stage payloads and various anti-detection techniques. Also, learn about Trend Micro’s Cyber Risk Index (CRI): a collaborative effort between Trend Micro and the Ponemon Institute to measure organizational cyber preparedness and risk.
MacOS Users Targeted by OceanLotus Backdoor
A macOS backdoor variant has been uncovered that relies on multi-stage payloads and various updated anti-detection techniques. Trend Micro researchers linked it to the OceanLotus advanced persistent threat (APT) group. The Vietnam-backed OceanLotus (also known as APT 32) has been around since at least 2013, and previously launched targeted attacks against media, research and construction companies.
The 2020 Cyber Risk Index Goes Global
Trend Micro’s Cyber Risk Index (CRI) is a collaborative effort between Trend Micro and the Ponemon Institute to survey respondents from businesses of all sizes. The CRI looks to identify the risk level organizations have based on two areas: their ability to prepare for cyber attacks targeting them (cyber preparedness index) and the current assessment of the threats targeting them (cyber threat index).
Open Source Software Security Vulnerabilities Exist for Over Four Years Before Detection
It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say. According to GitHub's annual State of the Octoverse report, reliance on open source projects, components, and libraries is more common than ever.
How to Secure Slack for Remote Teams and Work from Home Employees
Slack has become an integral part of many teams’ daily functions and interactions. But have you stopped to think about its security? Trend Micro did a deep dive on Slack security to see how it holds up to scrutiny. In this blog, learn some of the key security changes that help keep business information safe, and the three big questions to keep in mind when securing Slack workspaces.
Managing Open-Source Risk Means Bridging the Gap Between Security Operations and DevOps
With the popularization of open-source software, the risks of malicious actors exploiting their vulnerabilities have also increased. The result is more threats to companies that use these codes and their customers. According to Wendy Moore, vice president of product marketing at Trend Micro, the solution is bridging a gap between DevOps and security teams within enterprises so they can work together to mitigate the risks.
The Impact of Modern Ransomware on Manufacturing Networks
Ransomware threats have disrupted the manufacturing industry significantly this year, and attacks have resulted in substantial losses in production and disjointed operations. In a disturbing trend during the third quarter of the year, attackers appeared to be singling out manufacturing organizations as a victim of choice in their ransomware operations.
EU Agency for Cybersecurity Releases New Report on CAM Ecosystem
Cybersecurity plays a vital role in the Connected Automated Mobility (CAM) sector and its evolution as increased connectivity and vehicle automation present more cybersecurity challenges. The European Union Agency for Cybersecurity (ENISA) issued a new report titled “Cybersecurity Stocktaking in the CAM” to provide in-depth mapping of key stakeholders and relevant bodies and organizations in the EU, as well as relevant critical services and infrastructure that are part of the CAM cybersecurity ecosystem.
One of the Internet’s Most Aggressive Threats Could Take UEFI Malware Mainstream
Once a simple banking fraud trojan, Trickbot over the years has evolved into a full-featured malware-as-a-service platform. Now, Trickbot has acquired a new power: the ability to modify a computer’s UEFI. Short for Unified Extensible Firmware Interface, UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of software to run when virtually any modern machine is turned on, it’s the first link in the security chain.
Australia’s Commonwealth Government Publishes IoT Security Code of Practice
The Commonwealth Government of Australia published its “Code of Practice: Securing the Internet of Things for Consumers” report, outlining principles that vendors of IoT devices and related services providers can use as a guide. This code is the Australian Government’s first step in its approach to improving the security of IoT devices in the country. It was also published to help raise awareness of security safeguards related to IoT devices and to create better consumer trust in IoT technology.
Securing IoT Apps
The abrupt shift to work-from-home arrangements has made users more dependent on the convenience of IoT technology, prompting a surge in IoT app development, deployment, and usage for “contactless” purposes. Home networks and devices are unlikely to have the same layered security as offices, and these added entry points could compromise users’ and organizations’ security and expose their data to threats. In this blog, learn key measures that organizations and users can take to mitigate these risks.
AI on the Factory Floor Challenges Cybersecurity
From the cybersecurity standpoint, use of AI and machine learning on the factory floor has both strengths and weaknesses. Both can help improve monitoring, detection and prevention of threats and attacks, especially for Industry 4.0 endpoints, but smart manufacturing systems that rely on these technologies can be probed and manipulated by bad actors. In this article, Trend Micro researchers Federico Maggi and Rainer Vosseler comment on how attackers gain access to manufacturing systems.
Scammers Use Home Addresses of Targets in France
Threat actors relaunched an online scam campaign aiming to steal the credit card information of users in France during Black Friday. France has been under Covid-19 lockdown during the past few weeks, so many people opted to order goods online instead of going to physical stores. Trend Micro internet monitoring caught the new campaign and revealed that it employs a more targeted social engineering technique: it uses each target’s actual home address and phone number.
From Geost to Locker: Monitoring the Evolution of Android Malware Obfuscation
In 2019, Trend Micro looked into Geost, an Android trojan with interesting layers of obfuscation. This blog shows the technical aspect of the obfuscation methods that were used and the evolution of the obfuscator‘s code over time as reflected in findings from 2019 with new samples from 2020. The investigation started with researchers looking into the activity of an Android trojan botnet.
G20 Global Smart Cities Alliance Issues Roadmap
The Global Smart Cities Alliance (GSCA) has published its Global Policy Roadmap for smart cities. The document consists of 16 model policies analyzed by government experts, private-sector partners and civil societies through GSCA. In this blog, read more about the 16 policies included in the roadmap.
Surprised by Trickbot’s new capability? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.