Project Hyphae

Information Security News 2-5-2024

Share This Post

Threat Actor Used Vimeo, Ars Technica to Serve Second-Stage Malware

Article Link:

  • Threat actors, presumably based in Italy, have recently launched attacks which combine booby-trapped USB devices with payloads located on popular, public websites.
  • Specifically, the attackers send out malware-laden USB devices with “highly clickable” malicious shortcuts embedded within. From there, a PowerShell script grabs a text file located on GitHub or GitLab and a JSON payload from Vimeo or an image on a user’s profile on Ars Technica.
  •  The content located on public websites doesn’t exploit any vulnerabilities and merely takes advantage of their built-in functionality, such as posting images to a forum.
  • Link to Ars Technica’s Report:

Clorox Estimates the Costs of the August Cyberattack Will Exceed $49 Million

Article Link:

  • In August 2023, the Clorox Company reported that they were the victim of a cybersecurity incident that led to some of their systems being taken offline.
  • While Clorox has yet to provide any technical details relating to the incident, it did inform the SEC that the economic impact of the incident was $25 million at the three-month mark and $49 million at the six-month mark. Clorox also didn’t record any insurance proceeds within the three or six months.

Ransomware’s Impact Could Include Heart Attacks, Strokes & PTSD

Article Link:

  • The article reviews a report from the British security think tank Royal United Services Institute (RUSI), which looks at the deeper impact of cyberattacks, especially ransomware.
  • The report breaks the impact of an incident into three categories or harms. These are first-order harms which are the impact to the victim organization and its staff, second-order harms that indirectly impact organizations and individuals who may be clients or patients to the impacted organization, and third-order harms which impact a wider portion of society or a nation’ security.
  • In addition to tactile repercussions as a result of cyberattacks, such as the loss of money, incidents also have an impact on the physical and mental health of those in an incident’s wake. The report suggests that personnel responding to a given incident have a heightened level of stress and may experience PTSD.
  • Link to RUSI’s Report:

Ransomware Payments Drop to Record Low as Victims Refuse to Pay

Article Link:

  • According to the cybersecurity firm Coveware, the number of ransomware victims paying ransom demands dropped to a record low of 29% in Q4 2023. Additionally, the payment rate has generally declined since the start of 2019, when there was an 85% payment rate.
  • Additionally, Coveware noticed that the median size of victimized organizations and average ransom costs dropped in Q4 2023 as well.
  • Coveware suggested that these drops are due to better preparedness by organizations, a lack of trust in cybercriminals decrypting files, and legal pressure in some regions where paying ransoms is illegal.
  • Link to Coveware’s Report:

CMMC Is the Starting Line, Not the Finish

Article Link:

  • The article discusses how compliance frameworks, such as CMMC, will harden organizations but will not be the end of securing an organization.
  • The author suggests that policy, controls, and secure configurations provide security professionals with continuously rotting processes and a “top-down” mindset. Instead, the author suggests a Harden-Detect-Respond (HDR) methodology for organizations to go beyond compliance.
  • The article highlights seven key HDR practices. These include hardening people with training, hardening IT and cloud infrastructure via vulnerability scanning, hardening the network with endpoint protection tools, increasing visibility into IT and cloud environments, increasing detection with logging capabilities, hunting for threats, and investigating and responding to events 24/7.

Why the Right Metrics Matter When It Comes to Vulnerability Management

Article Link:

  • As the article emphasizes, vulnerability metrics play a critical role in gauging the effectiveness of your vulnerability and attack surface management, especially when security personnel need to communicate program efficacy to leadership.
  • While just knowing the number of vulnerabilities and what vulnerabilities your organization has is a great starting point, additional metrics allow for better resource allocation and vulnerability prioritization for organizations.
  • The article reviews five beneficial metrics that organizations should track to enhance their vulnerability management programs. These include tracking what devices are actually being scanned, the average time to fix vulnerabilities, the risk score of vulnerabilities, how quickly vulnerabilities are detected after becoming public, vulnerability priority, and regularly monitoring and identifying your most vulnerable devices.

Hook Younger Users With Cybersecurity Education Designed for Them

Article Link:

  • This article looks at “right-sizing” security training for different demographics to meet people where they’re at rather than simply checking a box.
  • According to a Yubico and OnePoll October 2023 survey of 2,000 U.S. and U.K. consumers, 20% of people in the Baby Boomer demographic reuse passwords, compared to 47% of Millennials. Additionally, 47% of Baby Boomers don’t use MFA compared to 52% of Millennials.
  • Another October 2023 survey run by the National Cybersecurity Alliance (NCA), which surveyed 6,000 people in the U.S., U.K., Canada, Germany, Frane, and New Zealand highlighted that about half of Millennials and 56% of Gen Z have access to cybersecurity training, compared to 20% and 15% for the Silent Generation and Baby Boomers, respectively. Despite this, the survey highlighted that 36% of millennials and 43% of Gen Z had been cybercrime victims.
  • Overall, the article suggests training employees in ways that they will understand and will resonate with them. For some employees, it may be short videos, comedic training content, or engaging the audience during a training session. Beyond that, the article emphasizes reaching out to users directly via direct phish training or other personalized exercises.
  • Link to Yubico’s Report:
  • Link to NCA’s Free Kubicle Training Videos:

Reach out to our incident response team for help

More To Explore

CVE-2024-3596 | Attackers Blasting RADIUS

CVE-2024-3596 | CVSS:9.0 A new and emerging attacked named “Blast-RADIUS”, allows a man-in-the-middle attack between the RADIUS client and server to forge a valid protocol

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.