Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about what a Swiss firm discovered after accessing servers used by a hacking group tied to the SolarWinds breach. Also, learn about how Trend Micro’s Vision One platform detected and tracked the Conti ransomware.
Read on:
Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker
A Swiss cybersecurity firm, PRODAFT, says it has accessed servers used by a hacking group tied to the SolarWinds breach, revealing details about who the attackers targeted and how they carried out their operation. The firm also said the hackers have continued with their campaign through this month. Rik Ferguson, VP of security research at Trend Micro, comments on how the threat actor was highly skilled, well-funded and operating with a clearly defined mission brief.
Trend Micro Vision One: Tracking Conti Ransomware
Conti has been described as the successor to the popular Ryuk ransomware family. Increasingly, threat actors are now distributing the malware via the same methods used to distribute Ryuk in the past. In this blog, learn how the Trend Micro Vision One platform is used to track the Conti ransomware.
Hackers Infecting Apple App Developers with Trojanized Xcode Projects
Threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers with malicious attacks. Researchers from Trend Micro previously unearthed a similar threat that spread via modified Xcode projects, which were configured to install a mac malware called XCSSET to steal credentials, capture screenshots, sensitive data from messaging and note taking apps, and even encrypt files for a ransom.
Websites Hosting Cracks Spread Malware, Adware
Trend Micro investigated several pay-per-install (PPI) websites with cracks and pirated software that start an infection chain spreading multiple malware and adware, including CopperStealer and LNKR. The stealer’s main goal is acquiring various cookies and taking control of advertisement accounts, granting the threat actor the ability to spread advertisements that bring malware and adware to more potential victims.
Hackers Are Exploiting New F5 Bug in The Wild
Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions. Government agencies and big corporations alike use the F5 software BIG-IP to manage data on their networks. The vulnerability could allow an attacker to execute code remotely on a system and delete data.
In this blog, Trend Micro zeroes in on security considerations that developers need to know and the ways that they can build the best defense for container-based and serverless applications through runtime application self-protection (also known as RASP), a tool that incorporates security into an application at runtime.
Purple Fox Malware Evolves to Propagate Across Windows Machines
Purple Fox, first discovered in 2018, is a malware that used to rely on exploit kits and phishing emails to spread. However, a new campaign taking place over the past several weeks reveals new worm capabilities that have resulted in a rapidly increasing infection rate.
World Economic Forum Welcomes 15 New Manufacturing Sites in its Global Lighthouse Network
The World Economic Forum (WEF) unveiled an additional 15 new sites as parts of its Global Lighthouse Network, a community consisting of world-leading manufacturers that use Fourth Industrial Revolution technologies to enable growth. WEF’s Global Lighthouse Network is an avenue to develop, recreate and scale innovations.
Security Analysis Clears TikTok of Censorship, Privacy Accusations
Nebulous privacy and censorship criticisms about video social media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards of security and privacy.
Keeping Cyber Risk Under Control: Spotting and Thwarting ICS Threats
Industrial control systems (ICSs) are integral to smart factories, but gaps in the security of these systems could be exploited by malicious actors for cyberattacks. Enterprises should therefore address weak links in ICSs in their cybersecurity strategy.
Women in Cybersecurity: Why Diversity Matters
March is Women’s History Month, so it’s a perfect time of the year to look back and see how far women in cybersecurity have come. From pioneering tech to achieving a gender-equal future in today’s world, it’s a story of invention, strength and achievement. Today, women comprise 24% of the cybersecurity workforce. They act as leaders in all fields, being role models and setting great examples in the workplace.
Cyber Threats, Ongoing War for Talent, Biggest Concerns for Tech Leaders
Nearly half of CNBC’s Technology Executive Council (TEC) members say that aside from cybersecurity threats, the biggest risk they face over the coming year is finding enough talent. Against the backdrop of the pandemic, ongoing remote work, and breaches such as the SolarWinds hack, a majority of tech leaders say that cloud computing, machine learning, and software-defined security are critically important to their organization’s tech strategy over the next 12 months.
What will the long-term ramifications of the SolarWinds hack be? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.