Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that have taken place over the past few days. This week, learn about the activity of the HCrypt variant in August 2021. Also learn about new initiatives by the Biden administration to deter cyber attacks.
Water Basilisk Uses New HCrypt Variant To Flood Victims With RAT Payloads
Trend Micro encountered a fileless campaign that used a new HCrypt variant to distribute numerous Remote Access Trojans (RATs) to victimized systems. This new variant uses a more recent obfuscation mechanism compared to what has been observed in previous reports. It reached its peak of activity in mid-August 2021.
Treasury Sanctions Cryptocurrency Platform to Work with Ransomware Payments
The Treasury Department on Tuesday announced sanctions against a cryptocurrency exchange for facilitating transactions involving money illegally earned through ransomware hacking, the first of its kind. Sanctions against the Russia-based exchange Suex are an important step for the Biden administration to make it harder for cybercriminals to access payments, with the ultimate goal of disrupting the rapid rise in ransomware attacks.
Cryptominer z0Miner uses newly discovered vulnerability CVE-2021-26084 to its advantage
Trend Micro discovered that the z0Miner cryptomining Trojan took advantage of Atlassian’s Confluence remote code execution (RCE) vulnerability, known as CVE-2021-26084, which Atlassian disclosed in August. Given the growing popularity of the cryptocurrency market, Trend Micro expects the malware authors behind Trojans like z0Miner to constantly update the techniques and input vectors they use to become established within a system.
How the mafia is turning to cybercrime
There is a new trend in cybercrime. Traditional organized crime groups, such as the Italian Mafia and the Camorra, are now engaging in cybercrime to support their traditional offline activities, according to Spanish and Italian police investigators. Speaking with Motherboard, investigators said they are transforming into a digital world and using hackers within their organization.
Why CEOs Should Absolutely Care About Cloud Security
Cloud security is no longer just the responsibility of your IT department. The reality today is that cybersecurity absolutely needs to be a top concern for C-level leaders because of the effect it can have on both leaders and the business as a whole.
CISA reports the main vulnerabilities of remote work
As COVID-19 moves people to the cloud, cyber actors are now aiming to shoot in the skies.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top vulnerabilities exploited in 2020 and 2021. The report shows that the new preferred targets for attackers are vulnerabilities released after 2019 and relevant to work. remote, VPN and cloud-based technologies.
Google: this major privacy change will soon affect billions of Android devices
In December, Google plans to increase the availability of “auto-reset permissions,” an Android privacy feature that automatically revokes permissions previously granted to an app to access location, camera, microphone, and more. of a device.
Iowa Grain Cooperative Affected by Cyberattack Linked to Ransomware Group
An Iowa grain cooperative said it was hit by a cyberattack that security researchers link to the new ransomware group BlackMatter, which the researchers say has asked for $ 5.9 million to unlock the organization’s data . U.S. officials say they are particularly concerned about attacks on critical infrastructure that could disrupt broader economic sectors or supply chains.
Smart grids could soften the blow of cyber attacks, but make them more common
The tradeoff is that hackers might have easier access to (usually) less secure local networks. This means that we would likely see smaller but more frequent attacks with more smart grid projects deployed, but the spread of the risk could be worth it, in part because it reduces the financial incentive for attacks. by leveraging the infrastructure of an entire region.
CISA, FBI and NSA warn of increase in Conti ransomware attacks
The FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency have issued a joint alert regarding the increased use of Conti ransomware, which has been observed in more than 400 attacks against U.S. and international organizations. Conti is considered a model of ransomware as a service; However, the variation in its structure differentiates it from a typical affiliate model, the alert says. Conti developers are likely to pay attackers who deploy the ransomware a salary rather than a percentage of the proceeds.
What is web application security? A protective primer for security professionals
Web application security focuses on reducing threats by identifying, analyzing, and remedying potential weaknesses or vulnerabilities. Web application security is also essential, as the volume and variety of applications deployed by enterprises make it difficult to properly monitor large-scale risks.
Biden administration issues new corporate security guidelines aimed at dulling cyber attacks
The Biden administration is issuing new security guidelines to critical infrastructure companies in an attempt to mitigate the impact of ransomware and other hacks, following a series of attacks on U.S. companies. The recommendations aim to protect computer systems that end up in sensitive US facilities against hacking.
2021 broke the record for zero-day hacking attacks
This year, cybersecurity advocates detected the largest number of zero-day exploits on record, according to several databases, researchers and cybersecurity companies who spoke to MIT Technology Review. At least 66 zero-days have been found in use this year, according to databases such as the 0-Day Tracking Project, nearly double the total for 2020, and more than any other year on record.
What do you think of the Biden administration’s latest efforts to deter ransomware attacks? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.