1. How the NSA infiltrated a Middle East banking network
The Shadow Brokers leak has brought to light many things, some of which would have been better left in the dark. But it has also highlighted some interesting activities. For example, some clues came to light on how the NSA broke into the SWIFT service of a Middle Eastern bank network.
- Shadow Brokers lessons: First, Don’t panic
- Microsoft’s Quiet Patching of Shadow Brokers’ NSA Hacks Signals Policy Win
- Shadow Brokers IoCs (OTX)
2. IoT Botnet rivalry
I grew up with epic rivalries, like the bloods and the cribs, the East vs West side hip hop battles, the Rockers vs the Hart Foundation.
And now we have Mirai vs Hajime.
True, it kind of lacks that visual punch, but from a technical perspective it's pretty much the same thing.
There’s also the possibility that the Hajime worm could be the work of a frustrated white hat who has taken matters into their own hands. It wouldn’t be the first time such a thing has happened. Back in 2001, the year DMX sold 439,000 copies of the album The Great Depression, the “good” code green worm went around patching systems that were vulnerable to the code red worm.
- Rival IoT malware clash in a botnet territory battle
- Is a white hat hero trying to protect the IoT from Mirai with a vigilante computer worm?
3. Get your ransomware source code
Ransomware has been an increasingly-favoured technique by cyber criminals in recent times. Various business models are in use, from direct use to ransomware as a service (RaaS).
CradleCore deviates from the RaaS model and allows the customer to customise the malicious source code as they wish. This could lead to an increase in CradleCore variants.
4. Vendors pose a security risk says SWIFT
Following a leak of SWIFT documents, the global bank messaging system has advised clients to place close attention to security.
Third parties are increasingly part of the fabric of all enterprises. This can include using a cloud provider to host apps or entire infrastructure, or an outsourced HR function, or a hiring a specialist firm to prepare financial statements.
So while it’s not possible to avoid third parties, many fundamental security practises can help mitigate the risks. Examples of such would include:
- Knowing your assets – by understanding your assets, particularly critical ones, it can be easier to determine effectively what systems third parties should have access to and restricting access to those.
- Monitoring controls – having in place effective monitoring to determine whether third parties are only accessing systems they should and in an appropriate manner. Behavioural monitoring can help in this regard by highlighting where activity falls outside of normal parameters.
- Segregation – by segregating networks and assets, one can contain any breaches to one specific area.
- Assurance – proactively seeking out regular assurance that the security controls implemented are working as intended is advantageous.
5. BankBot Malware
It's a constant struggle for defenders when it comes to vetting apps on stores. On one hand automated scanners speed up the process, but once the process is understood, attackers can adapt their attacks to bypass controls.
- BankBot malware targeting hundreds of Android apps sneaks onto Google play store
- Hundreds of Google Play Apps infected with the BankBot Trojan
6. Rise in healthcare breaches
1.5m records lost in March health care industry data breaches represents a rather unsettling trend. While it’s not pleasant to see personal data compromised at any time, healthcare often holds details of people at their most vulnerable time. No good can come from criminals having access to such data.
Is healthcare the newest cyber-puppy that every miscreant wants to kick?
After all, several healthcare facillities have been targeted by ransomware over the last year. One would hope its a wakeup call to healthcare to start investing in more robust and appropriate security controls.
7. Security risks of the citizen developer
Just like Digital SLR's have enabled anyone willing to put down a couple of hundred bucks on a camera the ability to tout themselves as a wedding or fashion photographer; the commoditisation of software development tools has brought development capabilities to the keyboards of anyone.
This isn't quite a new problem, Sarbanes Oxley (SOX) called out the issues with end user computing and mandated controls. However, these controls were primarily focused around in-house excel spreadsheets that traders were fond of building into frankenstein-esque applications with no controls.
So, it's not the challenge that is necessarily new, it's the sheer scale of it.
8. Intercontinental Hotels Credit Card Breach
The hotel industry collects a lot of data on people. Their travel patterns, their preferences, their locations, even what paper they like to read with their morning breakfast.
While everyone is pointing to the credit card breach, how long before someone start correlating the data from a hotel breach with, say, data from Ashley Madison?
9. Medium finds
As more bloggers turn to Medium as a blogging platform, there are some gems to be found. These two caught our eye as great reads.
- How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)
- Bait and Switch: The Failure of Facebook Advertising — An OSINT Investigation
10. Stop saying cyberattack!
The Associated Press (AP) Stylebook is the go-to publication for journalists, PR, corporate marketers, or any other writers.
One of the interesting points in latest updates was that the term cyber attack was deemed overused and that the term should be reserved for significant issues rather than minor incidents.