A roundup of the top news stories in information security this week, including researchers discovering the largest spambot to date, the infosec industry is booming in India, and cybercriminals taking advantage of the Hurricane Harvey news.
RANSOMWARE
Defray Ransomware Targets Healthcare and Manufacturing Sectors
A new ransomware strain is wreaking havoc on businesses in the healthcare, manufacturing, and education sectors. The highly targeted malware was discovered by researchers at security firm Proofpoint. Defray propagates via emails that contain malicious Microsoft Word documents embedded with an executable OLE packager shell object. Each campaign is said to demand a ransom of $5,000.
GOVERNMENT
President Trump’s Cybersecurity Advisors Resign
Citing his “insufficient attention,” a quarter of the members of the National Infrastructure Advisory Council have resigned. Citing shortfalls in the administration’s approach to cybersecurity, in addition to concerns regarding the Trump administration’s “moral infrastructure” of the U.S., the resignations came on Monday, August 21. A total of seven members have resigned.
PHISHING
Spike in Phishing Scams After Cyber Scammers Leverage Hurricane Harvey News
Online miscreants are taking advantage of the Hurricane Harvey news to lure victims into downloading malware or making donations into phony accounts. On Monday, August 28, US-CERT issued a warning asking those looking to donate to remain vigilant for malicious cyber activity that aims to capitalize on interest in Hurricane Harvey.
Competitors Band Together to Take Down Mobile Botnet
Content delivery networks and technology companies that would normally view each other as competitors have banded together to dismantle one of the largest mobile device bonnets ever recorded. Detected on August 17, the WireX botnet was launching DDoS attacks on a number of industries including hospitality, porn, and gambling, in addition to domain registrars. The attacks were emanating from tens of thousands of Android devices.
MOBILE SECURITY
IoT Threat Landscape Shifted No Thanks to Mirai
Although the technological landscape hasn’t changed too much, the real evolution tied to connected devices come in the form in which cybercriminals leverage them for their dirty deeds. In a recent video interview with Justin Fier, director of cyber intelligence and analysis at Darktrace, he discusses the impact that IoT attacks have had on enterprises and highlights what security managers can do to face these challenges head on.
INFOSEC
Infosec Spending in India to grow to $1.5 Billion
This year alone, spending on information security solutions is expected to grow 12% to $1.5 billion, according to Gartner. Spending increases are also expected in 2018. Right now, security services are 63% of the country’s total enterprise market and is expected to continue to grow by 66% going into 2021.
Large Spambot Traps 711 Million Email Accounts
A Paris-based security researcher has discovered what’s considered one of the largest spambots to date. Dubbed “Onliner,” the spambot is used to deliver the Ursnif banking malware into millions of inboxes. Thus far, the researcher told ZDNet that the malicious campaign is responsible for more than 100,000 unique infections across the world.
CYBERESPIONAGE
Researchers Believe Turla APT Group is Behind Gazer Backdoor
Security researchers at ESET have released new research that points to ties between the Russian cyberespionage group Turla and the “Gazer” backdoor malware. The connection was made due to the many commonalities between the group’s previous operations, such as delivery methods, anti-detection features, and targets, and how the Gazer spyware is used.
Report: Ransomware On Track to Surpass 2016 Wave of Attacks
A new study by Symantec’s Internet Security Threat Report points to another big year for ransomware attacks. After analyzing the 319,000 Symantec-blocked ransomware incidents in the first half of the year, the security firm is expecting the number of attacks this year to surpass the 470,000 incidents in 2016 easily. On average, cybercriminals are charging $544 for ransom per device.
XSS Flaw Patched in Popular WordPress Plugin
A vulnerability in a popular WordPress plugin that’s used by 28% of all online stores has been addressed. The WooCommerce Product Vendors WordPress plugin was affected by a cross-site scripting vulnerability. Versions 2.0.35 and earlier were impacted by the flaw, which could allow an attacker to hijack sessions ultimately. Site owners are being urged to patch the vulnerability immediately.