Project Hyphae

Information Security News – 9/13/2022

Share This Post

Ransomware Gangs Switching to New Intermittent Encryption Tactic

Article Link: https://www.bleepingcomputer.com/news/security/ransomware-gangs-switching-to-new-intermittent-encryption-tactic/

  • A growing number of ransomware groups are adopting a new tactic, called intermittent encryption, that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This allows hackers to only encrypt parts of the targeted files’ content, which still render the data unrecoverable without using a valid decryptor.
  • Additionally, because the encryption is milder, automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.
  • Intermittent encryption seems to have significant advantages and virtually no downsides, so security analysts expect more ransomware gangs to adopt this approach shortly.

Most Educational Institutions Store Sensitive Data in the Cloud. Is it Safe?

Article Link: https://www.helpnetsecurity.com/2022/09/09/educational-institutions-cyberattack/

  • A Netwrix survey revealed that 47% of educational institutions suffered a cyberattack on their cloud infrastructure within the last 12 months. For 27% of them, incidents in the cloud were associated with unplanned expenses to fix security gaps. Likewise, 83% of educational organizations confirmed they store sensitive data in the cloud.
  • With educators and students constantly sharing information, they are more concerned about insider threats than other industries. 48% of respondents in this sector consider cybersecurity risks associated with their own employees to be the biggest ones.
  • The educational sector has a good reason to be concerned about insider threats since 42% of them experienced account compromise attacks in 2022 compared to the average of 31% from the other industries surveyed.

Global Companies Say Supply Chain Partners Expose Them to Ransomware

Article Link: https://www.csoonline.com/article/3672155/global-companies-say-supply-chain-partners-expose-them-to-ransomware.html

  • Out of 2,958 international IT decision makers, 79% believe their partners and customers are making their organization a more attractive ransomware target, according to research by Trend Micro.
  • 52% of the global organizations surveyed say they have a supply chain partner that has been hit by ransomware. However, only 47% of the organizations Trend Micro interviewed share knowledge about ransomware attacks with their suppliers and 25% don’t share potentially useful threat information with partners.
  • One of the best practices to reduce risk is to gain a comprehensive understanding of the supply chain itself, as well as corresponding data flows, so that high-risk suppliers can be identified.

Medical Device Vulnerability Could Let Hackers Steal Wi-Fi Credentials

Article Link: https://www.csoonline.com/article/3673208/infusion-pump-vulnerability-could-have-let-hackers-steal-wi-fi-credentials.html

  • A vulnerability found in an interaction between a Wi-Fi-enabled battery system and an infusion pump for the delivery of medication could provide bad actors with a method for stealing access to Wi-Fi networks used by healthcare organizations. One of the vulnerabilities requires physical access to the infusion pump, although another can access the batteries using telnet and TCP/UDP connections.
  • The vulnerability carries the additional risk that discarded or resold batteries could also be acquired in order to harvest Wi-Fi credentials from the original organization, if that organization hadn’t been careful about wiping the batteries before getting rid of them.
  • Remediation for the first vulnerability entails securing the physical access to the pumps. Meanwhile, the second vulnerability requires monitoring for unusual hosts connection to port 51243 on the devices and restricting network access to the pumps.

With Cyber Insurance Costs Increasing, Can Smaller Firms Avoid Getting Priced Out?

Article Link: https://www.helpnetsecurity.com/2022/09/08/cyber-insurance-becoming-unavoidable/

  • In many cases, premiums have rapidly increased as providers have become more cautious about being left on the hook for multi-million-dollar breaches. Accordingly, cyber insurance has become inaccessible for many smaller firms. Research indicates that the number of businesses that cannot afford the cost is set to double.
  • What makes cyber insurance uniquely complex is the numerous variables that are introduced with each new software release or update, complicated demands, and numerous clauses that void coverage in the wake of an incident.
  • As a result, small business efforts should be focused on reducing as much risk exposure as possible with each investment. This includes looking towards automation and preventing data exfiltration.

Microsoft, Cloud Providers Move to Ban Basic Authentication

Article Link: https://www.darkreading.com/cloud/microsoft-cloud-providers-ban-basic-authentication

  • Microsoft and major cloud providers are starting to take steps to move their business customers toward more secure forms of authentication and the elimination of basic security weaknesses, such as using usernames and passwords over unencrypted channels to access cloud services.
  • For example, Microsoft will remove the ability to use basic authentication for Exchange Online starting October 1st, requiring token-based authentication instead.
  • The deadlines are a warning to companies that efforts to secure their access to cloud services can no longer be put off, says Pieter Arntz of Malwarebytes.
  • All of this is rooted in numerous organizations, like Microsoft and Google, trying to limit identity-related breaches and edge further towards zero-trust architectures.

7 Free Online Cybersecurity Courses You Can Take Right Now

Article Link: https://www.helpnetsecurity.com/2022/09/07/7-free-online-cybersecurity-courses-you-can-take-right-now/

  • The cybersecurity skills shortage continues to present multiple challenges and have repercussions for organizations. The skills gap can be addressed through training and certifications to increase employees’ education. Several free trainings have been noted in this article.
  • These include Cryptography 1 through Stanford University, DDoS Attacks and Defenses through the University of Colorado, Hardware Security through the University of Maryland, Software Security through the University of Maryland, Web Security Fundamental through KU Leuven University (Belgium), Security Governance & Compliance through the University of California – Irvine, and Windows Server Management and Security through the University of Colorado.

The Rise of Linux Malware: 9 Tips for Securing the OSS

Article Link: https://www.techrepublic.com/article/linux-malware-tips-securing-oss/

  • In the past, Linux has been considered one of the most secure operating systems on the market. However, over the last several years, Linux has become a target for many malicious actors, in addition to other, easier to breach operating systems.
  • This article highlights the importance of updating your Linux OS, choosing the right distribution of Linux, deploying Linux intelligently and responsibly, reading the fine logs, employing scanning software, restricting user access, adopting a strong password policy, running regular penetration testing, and utilizing SELinux and your firewall.

More To Explore

The Teams Call is Coming from Inside the House

Researchers at Vectra stumbled across some genuinely troubling design flaws in Microsoft Teams.  Essentially, Teams stores authentication tokens in plaintext capable of granting access to

When Oktapuses Attack

Group-IB, a Singapore based security and threat research company, identified a multiphase smishing (I really hate that word) campaign complete with MFA capture. The campaign

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.