Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about a victim case study of the Nefilim ransomware through a MITRE att&ck lens. Also, learn about a proof-of-concept for a critical Windows security vulnerability that allows remote code execution (RCE).
Nefilim Ransomware Attack Through a MITRE Att&ck Lens
In this blog, follow the story of Company X as they suffer an attack from the notorious modern ransomware family, Nefilim, and their affiliates, to learn how you can better mitigate against the common tactic and techniques used in their attacks.
PoC Exploit Circulating for Critical Windows Print Spooler Bug
A proof-of-concept for a critical Windows security vulnerability that allows remote code execution (RCE) was dropped on GitHub on this week. The bug exists in the Windows Print Spooler and has been dubbed “PrintNightmare” by researchers. It was originally addressed in June’s Patch Tuesday updates from Microsoft as a minor elevation-of-privilege vulnerability, but the listing was updated. The patch, according to many, appears to fail against the RCE aspect of the bug.
Secure Secrets: Managing Authentication Credentials
Secret management plays an important role in keeping essential information secure and out of threat actors’ reach. In this blog, learn what secrets are and how to store them securely.
CISA Adds Ransomware Module to Cyber Security Evaluation Tool
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA). The module gets defenders through a step-by-step process to assess their threat readiness in respect to ransomware attacks.
Best Practices for Social Media Security
Social media has become an integral part of peoples’ lives, as it is a primary channel through which we get information and interact with others. The pandemic has only exasperated this as isolation pushed people to lean even more on social media platforms as their primary connection to the rest of the world. This has resulted in the amount of information people are sharing to skyrocket. In this blog, learn best practices for using social media platforms securely.
Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia
Colombian authorities said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Gozi (aka ISFB, Snifula, or Ursnif), a Windows-based banking trojan, had its roots dating as far back as 2005 prior to its deployment in 2007. At least 40,000 computers in the U.S., including those belonging to NASA, are said to have been infected with the virus.
Top Countries with ICS Endpoint Malware Detections
The Trend Micro research paper, "2020 Report on Threats Affecting ICS Endpoints,” presents findings on ICS endpoints and the threats that plague them. In this article, find the list of the top ten countries with the most malware and grayware detections.
Vendors Lead the 10 Biggest Health Care Data Breaches of 2021 So Far
The health care sector has been among the hardest hit by hacking exploits in 2021. Perhaps even more concerning, 60% of the reported breaches this year were caused by vendors. Thus, the mid-year breach update should serve as a wake-up call for the sector to review vendor contracts and assess their security processes.
Still Leading in Endpoint and Cloud Workload Security
Cloud workload security and endpoint protection are key to managing security risk. Two new IDC studies validate that Trend Micro should be your platform security partner of choice. They show Trend Micro has a healthy market lead in the strategically critical corporate endpoint and cloud workload security segments.
Lorenz Ransomware Attack Victims Can Now Recover Files with this Free Decryption Tool
Cybersecurity researchers have released a decryption tool which allows victims of Lorenz ransomware to decrypt their files for free – and crucially, without the need to pay a ransom demand to cyber criminals. The decryption key for Lorenz ransomware is the 120th decryptor to be made available on No More Ransom since the project from Europol began in 2016.
PurpleFox Using WPAD to Target Indonesian Users
Recently, Trend Micro researchers found that PurpleFox added a very old tactic to increase its delivering performance. This time PurpleFox EK is making use of WPAD domains to infect users. While a WPAD abuse attack is a technique that has been around for approximately 14 years, it still works. Initiatives to prevent this attack help, but they are not sufficient.
Cyberattacks and Ransomware Are No Longer Burglary; They're Home Invasion, Expert Says
The ransomware game has changed. The cyberspace has become more punitive. It's become more hostile. It's really become home invasion. More than 3.5 million people worldwide are needed to play defense against cyberattacks.
2020 Report: ICS Endpoints as Starting Points for Threats
ICS endpoint security has become more important as the interconnection between IT and OT continues to grow. New research from Trend Micro shares the status of global industrial systems in terms of security against both known and new threats that hound ICS endpoints.
What are your thoughts on the increase of data breaches in the health care sector? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.