Jun 2023

Activision Blizzard games crippled by hours-long DDoS attack

Daryna Antoniuk

https://therecord.media/activision-blizzard-crippled-by-ddos?&web_view=true

Excerpt:

“Gamers were thrilled when the fourth part of the legendary action role-playing game Diablo was released earlier this month. But as they geared up for a leisurely summer weekend of playing, their excitement quickly turned to frustration when the game was unavailable due to a prolonged cyberattack.”


An Overview of the Different Versions of the Trigona Ransomware

Arianne Dela Cruz, Paul Pajares, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Nathaniel Morales

https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.html?&web_view=true

Excerpt:

“The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.”


How cybercrime is impacting SMBs in 2023

Kaspersky

https://securelist.com/smb-threat-report-2023/110097/

Excerpt:

“According to the United Nations, small and medium-sized businesses (SMBs) constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries’ economies. Hit hardest by the COVID pandemic, geo-political and climate change, they play a critical role in a country’s recovery, requiring greater support from governments to stay afloat.”


Securing the AI Pipeline

DAN BROWNE, MUHAMMAD MUNEER

https://www.mandiant.com/resources/blog/securing-ai-pipeline

Excerpt:

“Artificial intelligence (AI) is a hot topic these days, and for good reason. AI is a powerful tool. In fact, Mandiant analysts and responders are already using Bard in their workflows to identify threats faster, eliminate toil, and better scale talent and expertise. Organizations are keen to understand how best to integrate it into their own existing business processes, technology stacks, and delivery pipelines, and ultimately drive business value.”


Why endpoint management is key to securing an AI-powered future

Steve Dispensa, Steve Dispensa,

https://www.microsoft.com/en-us/security/blog/2023/06/26/why-endpoint-management-is-key-to-securing-an-ai-powered-future/

Excerpt:

“The chief information security officer (CISO) agenda has a new set of priorities. Hybrid work and the resultant architecture updates, so prevalent at the beginning of the pandemic, are no longer top of mind. Instead, the thinking is focused on tackling ever more sophisticated threats and integrating Zero Trust in a more nuanced fashion through the concept of data security posture management.1 With the coming wave of AI, this is precisely the time for organizations to review that new CISO agenda and prepare for the future. To be properly ready for AI, Zero Trust principles take on new meaning and scope. The right endpoint management strategy can help provide the broadest signal possible for AI large language models and make your organization more secure and productive for years to come.”


Uncovering attacker tactics through cloud honeypots

https://www.helpnetsecurity.com/2023/06/26/cloud-environments-honeypots/?web_view=true

Excerpt:

“Attackers typically find exposed “secrets” – pieces of sensitive information that allow access to an enterprise cloud environment — in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive cloud security, according to Orca Security.”


Researchers observed threat actors spreading a trojanized Super Mario Bros game installer to deliver multiple malware.

Pierluigi Paganini

https://securityaffairs.com/147809/malware/trojanized-super-mario-bros-game.html?web_view=true

Excerpt:

“Researchers from Cyble Research and Intelligence Labs (CRIL) discovered a trojanized Super Mario Bros game installer for Windows that was used to deliver multiple malware, including an XMR miner, SupremeBot mining client, and the Open-source Umbral stealer.”


LockBit Green and phishing that targets organizations

GREAT

https://securelist.com/crimeware-report-lockbit-switchsymb/110068/

Excerpt:

“In recent months, we published private reports on a broad range of subjects. We wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. For this post, we selected three private reports, namely those related to LockBit and phishing campaigns targeting businesses, and prepared excerpts from these. If you have questions or need more information about our crimeware reporting service, contact crimewareintel@kaspersky.com.”


IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

Microsoft Threat Intelligence

https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign/

Excerpt:

“Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to generate revenue from targeting a wide range of vulnerable systems, including Internet of Things (IoT) devices. Microsoft researchers have recently discovered an attack leveraging custom and open-source tools to target internet-facing Linux-based systems and IoT devices. The attack uses a patched version of OpenSSH to take control of impacted devices and install cryptomining malware.”


Can ChatGPT detect phishing sites based on URLs?

Helga Labus

https://www.helpnetsecurity.com/2023/06/22/chatgpt-detect-phishing-sites/?web_view=true

Excerpt:

“ChatGPT can be used to generate phishing sites, but could it also be used to reliably detect them? Security researchers have tried to answer that question.”


Operationalizing zero trust in the cloud

Ian Farquhur

https://www.helpnetsecurity.com/2023/06/23/cloud-environments-security-issues/?web_view=true

Excerpt:

“Some organizations have bought into the idea that workloads in the cloud are inherently more secure than those on premises. This idea is reinforced by the concept that the cloud service provider (CSP) assumes responsibility for security. However, while a secure cloud workload is possible, one should not automatically assume this as there are important steps to ensure its security.”


How Computer Security Exercises Help Increase Readiness for Response to Cyberattacks in Nuclear Security

Emma Midgley

https://www.iaea.org/bulletin/how-computer-security-exercises-help-increase-readiness-for-response-to-cyberattacks-in-nuclear-security

Excerpt:

“Historically, nuclear facilities have focused on securing their nuclear material against malevolent attacks by putting in place physical protection measures such as guns, guards and gates. These measures are still used to successfully build fortresses around nuclear facilities, preventing theft of nuclear or other radioactive material, sabotage or unauthorized access to control systems. However, in recent decades, the threat of cyberattacks has escalated in our increasingly digital world. Any country, even those with the most advanced nuclear power and research programmes, can be vulnerable to attack. The development of national frameworks for computer security and response against cyberthreats to nuclear facilities have become necessary. Through large-scale exercises, the IAEA assists countries in improving their protection against cyberattacks and helps them improve their detection of and response strategies to cyberattacks against nuclear facilities.”


Understanding Malware-as-a-Service

Kaspersky Security Services, Alexander Zabrovsky

https://securelist.com/malware-as-a-service-market/109980/

Excerpt:

“Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. The Malware-as-a-Service (MaaS) business model emerged as a result of this, allowing malware developers to share the spoils of affiliate attacks and lowering the bar even further. We have analyzed how MaaS is organized, which malware is most often distributed through this model, and how the MaaS market depends on external events.”