This Week in Security News: Ransomware Campaigns and Cryptocurrency Miners

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about continuing cybersecurity attacks targeting small governments. Also, read how XDR, Trend Micro’s newest solution, is more comprehensive than EDR and helps better meets the security needs of IT departments.

Read on:

 Why XDR Is A Big Deal, and is Different from SIEM and Platforms

Greg Young, vice president of cybersecurity at Trend Micro, explains the benefits of XDR’s data lake regarding SIEM (security information and even management) and platforms and how XDR is EDR for more than endpoint alone as it covers the entire IT stack of an organization.

Digital Skimmers: What Are They and How Can I Keep My Card Details Safe Online?

British Airways was recently hit with a whopping $228m regulatory fine after global customers had their card data stolen through a “digital skimming” attack. Trend Micro discusses what we need to know about digital skimmers and ways to stay safe.

Capital One Breach Raises Questions About Security and Cloud-First Strategies

As Capital One faces intense scrutiny from its recent data breach, its cloud provider Amazon Web Services is also facing regulator pressure on its security protocols. Trend Micro’s Mark Nunnikhoven discusses configuration and data leaks regarding S3, Amazon’s Simple Storage Service.

US$1.7 Million Stolen From North Carolina County After BEC Scammers Posed as Contractor

Cabarrus County, North Carolina, announced that it lost US$1.7 million after a series of email exchanges that began in November 2018. The public sector, particularly smaller government institutions, is becoming a frequent target of cybercriminals for business email compromise (BEC). 

California City Confirms Phone Line and Financial Data System Disruptions Caused by Ransomware

The ransomware was disguised as an invoice attachment in an email to city staff that, when opened, spread to the city’s network of computers, rendering several critical phone lines out of service and affecting the city’s payment and financial systems. The cybercriminals behind the attack demanded 75 bitcoins (approximately US$400,000 at the time) to return the city’s systems back to normal.

Russian Hackers Spy on Companies with Insecure Office Devices

In April, the hackers compromised VoIP phones, office printers, and video decoders across multiple corporations. Evidence of the attack includes a simple computer script installed on the affected IoT devices, which allowed the hackers to persist on the affected product. 

Flawed Office Printers Are a Silent but Serious Target for Hackers

In the course of three months, researchers found and reported 45 separate vulnerabilities from six of the largest printer makers — HP, Lexmark, Brother, Xerox, Ricoh and Kyocera — which could have allowed attackers to, among other things, siphon off copies of print jobs to an attacker-controlled server.

ENTSCRYPT aka GermanWiper, SYRK, and STOP Ransomware Variants Usher in August

Incidents of ENTSCRYPT aka GermanWiper, a fileless ransomware and wiper that makes file retrieval from an infected machine impossible, were reported two days before August began. Subsequently, incidents of SYRK and STOP, ransomware variants encrypting files on infected machines, were reported in the first few days of August.

Lord Exploit Kit Rises, Delivers njRAT and Eris Ransomware

NjRAT is a known information stealer and backdoor whose capabilities are constantly reworked or updated, given how it’s readily shared in the cybercriminal underground. The Eris ransomware was first seen in May being distributed through a malvertising campaign that employed the Rig exploit kit. 

AT&T Workers Took $1 Million in Bribes to Unlock 2 Million Phones, DOJ Says

According to the US Department of Justice, Muhammad Fahd bribed AT&T call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones. Three former AT&T customer service reps in Bothell, Washington already pleaded guilty and agreed to pay the money back to AT&T.

Cybercrime Costs Continue to Soar More for Financial Firms than Other Companies

According to a report by Accenture and the Ponemon Institute, on the average, financial organizations with 5,000+ employees each lose US$18.5 million in direct cybercrime costs. This massive amount towers over the rest of the annual average of around $13 million (per industry) for all other industries.

Many Local Governments Face a Cybersecurity Awareness Gap (requires a device with Apple News)
According to a report from the International City Management Association, one in three local governments are oblivious about how often their information systems are attacked by would-be cybercriminals.

A Machine Learning Model for Detecting Malware Outbreaks Using Only a Single Malware Sample

Malware outbreaks pose a challenge for machine learning in security since samples are scarce during the critical first hours. Trend Micro recently conducted a collaborative study on how machine learning performs dynamic malware detection given a case where only a single malware sample is available.

5G is Here—and Still Vulnerable to Stingray Surveillance

Rollout of high-speed 5G mobile data networks has begun in some US cities. As researchers comb through the 5G standard to see if it delivers on lightning speeds and improved security, they’re finding that flaws meant to thwart surveillance devices, known as “stingrays,” need to be addressed.

Mirai Spawn Echobot Found Using Over 50 Different Exploits

A variant of the Echobot botnet was found using over 50 exploits that lead to remote code execution (RCE), arbitrary command execution, and command injection in internet of things (IoT) devices. The malware dropper was reportedly hosted on an open server.

Phishing: Watch Out for this New Version of Trojan Malware that Spreads through Malicious Word Documents

A new version of Ursnif is being pushed via malicious Word documents with the aim of stealing bank information and other credentials. Ursnif has become incredibly popular with cyber criminals in recent years, due to the source code being leaked online, enabling attackers to take advantage of it for free.

XDR Needs Network Data and Here’s Why

In one of my blogs this week, I explain how XDR is a better way to detect attacks within a network compared to EDR, since it is able to coordinate and collaborate threat intelligence and data across multiple threat vectors including endpoint (including mobile and IIoT), server, network, messaging, web, and cloud.

Are you keeping an eye out for malicious spam emails containing fake job applications to avoid a GermanWiper attack? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.