This Week in Security News - September 24, 1021
Water Basilik Uses New HCrypt Variant to Flood Victims With RAT Payloads & Biden Administration Issues Sanctions To Counter Ransomware
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about the HCrypt variant activity in August 2021. Also, learn about new initiatives from the Biden administration to deter cyberattacks.
Trend Micro encountered a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant uses a newer obfuscation mechanism compared to what has been observed in past reports. It reached the peak of activity in the middle of August 2021.
The Treasury Department on Tuesday announced sanctions against a cryptocurrency exchange for facilitating transactions involving money illegally gained via ransomware hacking, the first action of its kind. The sanctions against Russia-based exchange Suex are a significant step by the Biden administration in making it harder for cybercriminals to access payments, with the ultimate goal of disrupting the rapid rise of ransomware attacks.
Trend Micro discovered that the cryptomining trojan z0Miner has been taking advantage of Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August. Given the increasing popularity of the cryptocurrency market, Trend Micro expects malware authors behind trojans like z0Miner to constantly update the techniques and entry vectors they use to gain a foothold within a system.
There is a new trend in cybercrime. According to investigators from Spanish and Italian police, traditional organized crime groups, such as the Italian Mafia and Camorra, are now dabbling in cybercrime to support their traditional offline activities. When speaking with Motherboard, the investigators stated that they are transforming toward the digital world and using hackers within their organization.
Cloud security is no longer just the responsibility of your IT department. The reality today is that cybersecurity absolutely has to be front and center for C-level execs because of the effect it can have on both executives and the company as a whole.
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN, and cloud-based technologies.
Come December, Google plans to ramp up the availability of "permissions auto-reset", an Android privacy feature that automatically winds back an app's previously granted permissions to access a device's location, camera, microphone and so on.
An Iowa grain co-op said it was hit with a cyberattack that security researchers are linking to newly launched ransomware group BlackMatter, which the researchers said demanded $5.9 million to unlock the organization’s data. U.S. officials say they are particularly concerned with attacks on critical infrastructure that could disrupt broader economic sectors or supply chains.
The trade-off is that hackers could have easier access to (typically) less-secure local networks. That means we’d likely see smaller but more frequent attacks with more smart-grid projects deployed but spreading the risk could be worthwhile in part because it reduces the monetary incentive for attacks—holding an individual household’s network ransom is less lucrative than, say, leveraging an entire region’s infrastructure.
The FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency have issued a joint alert warning of increased use of Conti ransomware, which has been seen in more than 400 attacks on US and international organizations. Conti is considered a ransomware-as-a-service model; however, variation in its structure differentiates it from a typical affiliate model, the alert states. It's likely that Conti's developers pay the attackers who deploy the ransomware a wage rather than a percentage of the proceeds.
Web application security focuses on the reduction of threats through the identification, analysis and remediation of potential weaknesses or vulnerabilities. Web app security is also critical because the sheer volume and variety of applications deployed by businesses make it challenging to monitor risk at scale well.
The Biden administration is issuing new security guidance to critical infrastructure firms in an attempt to blunt the impact of ransomware and other hacks, following a series of attacks on US companies. The recommendations are aimed at protecting the computer systems that end up in sensitive US facilities from hacking.
This year, cybersecurity defenders have caught the highest number ever of zero-day exploits, according to multiple databases, researchers, and cybersecurity companies who spoke to MIT Technology Review. At least 66 zero-days have been found in use this year, according to databases such as the 0-day tracking project—almost double the total for 2020, and more than in any other year on record.
What do you think about the Biden administration’s latest efforts to deter ransomware attacks? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.