Author Archives: Jon Clay (Global Threat Communications)

This Week in Security News: Robots Running the Industrial World Are Open to Cyber Attacks and Industrial Protocol Translation Gone Wrong

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Based on research that Trend Micro released during Black Hat USA this past week, read about how some industrial robots have flaws that could make them vulnerable to advanced hackers, as well as the risks related to protocol gateways and how to secure these devices.

 

Read on:

Unveiling the Hidden Risks of Industrial Automation Programming

The legacy programming environments of widely used industrial machines could harbor virtually undetectable vulnerabilities and malware. Trend Micro’s recent security analysis of these environments, presented at Black Hat USA 2020 this week, reveals critical flaws and their repercussions for smart factories.

Top 6 Cybersecurity Trends to Watch for at Black Hat USA 2020

At this year’s Black Hat USA 2020 conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce. Trend Micro’s vice president of cybersecurity, Greg Young, said, “Cybercrime increased rather than slowed down due to the pandemic, as we saw 1 billion more threats blocked in the first half of 2020 compared to 2019.”

Lost in Translation: When Industrial Protocol Translation Goes Wrong

Also presented this week at Black Hat USA, this recent research from Trend Micro examines the risks related to protocol gateways, the possible impact of an attack or wrong translation, and ways to secure these devices.

‘Alarming’ Rate of Cyberattacks Aimed at Major Corporations, Governments and Critical Infrastructure Amid COVID-19: Report

As COVID-19 cases around the U.S. continue to rise, the International Criminal Police Organization (INTERPOL) says that governments are seeing an “alarming” rate of cyberattacks aimed at major corporations, governments and critical infrastructure.

Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of more than 1,000 companies globally since March. The campaigns target senior positions in the United States and Canada, and the fraudsters, dubbed “Water Nue” by Trend Micro, primarily target accounts of financial executives to obtain credentials for further financial fraud.

Robots Running the Industrial World Are Open to Cyber Attacks

Industrial robots are now being used to assemble everything from airplanes to smartphones, using human-like arms to mechanically repeat the same processes over and over, thousands of times a day with nanometric precision. But according to a new report from Trend Micro, some robots have flaws that could make them vulnerable to advanced hackers, who could steal data or alter a robot’s movements remotely.

Patch Fail Led to Password Leak of 900 VPN Enterprise Servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords as well as IP addresses for more than 900 Pulse Secure VPN enterprise servers. This vulnerability, CVE 2019-11510, was one of the several recently exploited vulnerabilities by Russia’s Cozy Bear, APT29, in an attempt to steal COVID-19 vaccine research.

U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling

The U.S. government is concerned about foreign interference in the 2020 election, so much so that it will offer a reward of up to $10 million for anyone providing information that could lead to tracking down potential cybercriminals aiming to sabotage the November vote.

TeamViewer Flaw Could be Exploited to Crack Users’ Password

A high-risk vulnerability in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. CVE-2020-13699 is a security weakness arising from an unquoted search path or element – more specifically, it’s due to the application not properly quoting its custom URI handlers – and could be exploited when the system with a vulnerable version of TeamViewer installed visits a maliciously crafted website.

Black Hat: How Your Pacemaker Could Become an Insider Threat to National Security

Implanted medical devices are an overlooked security challenge that is only going to increase over time. The emerging problem of vulnerabilities and avenues for attack in IMDs was first highlighted by the 2017 case of St. Jude (now under the Abbott umbrella), in which the US Food and Drug Administration (FDA) issued a voluntary recall of 465,000 pacemakers due to vulnerabilities that could be remotely exploited to tamper with the life-saving equipment.

What was your favorite session from Black Hat USA this week? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Robots Running the Industrial World Are Open to Cyber Attacks and Industrial Protocol Translation Gone Wrong appeared first on .

This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion. Also, learn about how the Vermont Department of Taxes may have been exposing taxpayer data for more than three years.

Read on:

Ransomware is Still a Blight on Business

Ransomware has been with us for years, but only really became mainstream after the global WannaCry and NotPetya incidents of 2017. Now mainly targeting organizations in lieu of consumers, and with increasingly sophisticated tools and tactics, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.

Garmin Outage Caused by Confirmed WastedLocker Ransomware Attack

Wearable device maker Garmin shut down some of its connected services and call centers last week following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Garmin’s product line includes GPS navigation and wearable technology for the automotive, marine, aviation, marine, fitness, and outdoor markets.

Trend Micro Launches Cloud Solution for Microsoft Azure

Trend Micro announced the availability of its Trend Micro Cloud One – Conformity offering to Azure customers, helping global organizations tackle misconfigurations, compliance challenges and cyber-risks in the cloud. The company also achieved the CIS Microsoft Azure Foundation Security Benchmark, certifying that the Conformity product has built-in rules to check for more than 100 best practices in the CIS framework.

Ensiko: A Webshell with Ransomware Capabilities

Ensiko is a PHP web shell with ransomware capabilities that targets platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. It can also execute shell commands on an infected system and send the results back to the attacker via a PHP reverse shell.

‘Boothole’ Threatens Billions of Linux, Windows Devices

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details this week about how the flaw can take over nearly any device’s boot process.

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

Following the initial disclosure of two F5 BIG-IP vulnerabilities in early July, Trend Micro continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion and deliver the malicious payload.

Hackers Stole GitHub and GitLab OAuth Tokens from Git Analytics Firm Waydev

Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers’ work output by analyzing Git-based codebases. Earlier this month, the company disclosed a security breach, saying that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database.

Application Security 101

As the world currently grapples with the disruption brought about by the coronavirus pandemic, the need for digital transformation has become not only more apparent but also more urgent.  Applications now play an integral role, with many businesses and users relying on a wide range of applications for work, education, entertainment, retail, and other uses.

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice posted on the department’s website warned taxpayers who filed a Property Transfer Tax return through the department’s online filing site between Feb. 1, 2017, and July 2, 2020, may have had their personal information leaked.

Guidelines Related to Security in Smart Factories Part 6: MITRE ATT&CK

This blog series explains examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. Thus far, part one through part five have explained IEC62443, the NIST CSF, part of the P800 series, and CIS Controls. In part six, Trend Micro explains MITRE ATT&CK, although not a guideline, it is a knowledge base in which offensive and defensive technologies in cyber-attacks are clearly organized.

If You Own One of These 45 Netgear Devices, Replace It: Firm Won’t Patch Vulnerable Gear Despite Live Proof-of-Concept Code

Netgear has decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code. The vulnerability was revealed publicly in June by Trend Micro’s Zero Day Initiative (ZDI).

Online Dating Websites Lure Japanese Customers to Scams

In May, Trend Micro observed a sudden increase in traffic for online dating websites primarily targeting Japanese customers. After analyzing and tracking these numbers, we found that these dating scam campaigns attract potential victims by using different website domains that have similar screen page layouts. By the end of the transactions, the fraudsters steal money from victims without the subscribers receiving any of the advertised results.

ESG Findings on Trend Micro Cloud-Powered XDR Drives Monumental Business Value

Trend Micro’s cloud-powered XDR and Managed XDR offerings optimize threat detection and response across all critical vectors. In a recent survey commissioned by Trend Micro and conducted by ESG, organizations surveyed experience faster detection and less alert fatigue as a result of intelligently using data from all their security controls (including those covering endpoints, email, servers, cloud workloads and networks).

How does your organization manage threat detection and response? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years appeared first on .

This Week in Security News: Trend Micro Research Uncovers the Business Infrastructure of Cybercrime and Apple Launches Security Device Research Program

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read new insights from Trend Micro that look at the market for underground hosting services and where cybercriminals rent the infrastructure for their business. Also, learn about Apple’s new iPhone Research Device Program that will provide certain hackers with special devices to conduct security research.

Read on:

Trend Micro Research Uncovers the Business Infrastructure of Cybercrime

This week Trend Micro released new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business. This first report of a planned three-part series details the market for buying and selling these services, which are the backbone of every other aspect of the cybercriminal business model, whether that includes sending spam, communicating with a command and control server, or offering a help desk for ransomware.

Have You Considered your Organization’s Technical Debt?

In the tech world where one seemingly tiny vulnerability can bring down your whole system, managing technical debt is critical. Fixing issues before they become emergent situations is necessary in order to succeed. By spending a little time each day to tidy up a few things, you can make your system more stable and provide a better experience for both your customers and your fellow developers.

New ‘Shadow Attack’ Can Replace Content in Digitally Signed PDF Files

Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research published this week by academics from the Ruhr-University Bochum in Germany.

Cleaner One Pro Speeds Up Your Mac: Part 2

In the first part of this blog series, Trend Micro introduced its Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the quick optimizer, the main console, and the cleaning tools. In part two, Trend Micro resumes the discussion of how to make your Mac run faster with more Cleaner One Pro features: system and application management, privacy protection and other options.

Multi-Platform Malware Framework Linked to North Korean Hackers

Security researchers at Kaspersky have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years. Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.

Updates on ThiefQuest, the Quickly-Evolving macOS Malware

In early July, Trend Micro noticed a new malware dubbed ThiefQuest, a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems. However, new reports on the malware state the assumption that the malware’s ransomware activity is not its main attack method; rather, it is a pre-emptive move to disguise its other capabilities such as file exfiltration, Command and Control (C&C) communication, and keylogging.

Apple’s Long-Awaited Security Device Research Program Makes its Debut

In order to make it easier for security researchers to find vulnerabilities in iPhones, Apple is launching an iPhone Research Device Program that will provide certain hackers with special devices to conduct security research. Beyond enhancing security for iOS users and making it easier to unearth flaws in iPhones, the program also aims to improve the efficiency of ongoing security research on iOS.

Guidelines Related to Security in Smart Factories Part 5: CIS Controls

The purpose of this blog series is to explain typical examples of general-purpose guidelines for ICS and OT security and understand the concepts required for security in smart factories. As a subset of NIST SP800-53 which was introduced in part four, part five explains the CIS Controls that correspond to practical guides.

US Charges Two Chinese Spies for a Global Hacking Campaign that Targeted COVID-19 Research

U.S. prosecutors have charged two Chinese nationals, said to be working for China’s state intelligence bureau, for their alleged involvement in a massive global hacking operation that targeted hundreds of companies and governments for more than a decade. The 11-count indictment, unsealed Tuesday, alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes of data from high-technology companies around the world—including the United States.

Twitter Hacked in Bitcoin Scam

Are Apple, Elon Musk, Barrack Obama, Uber, Joe Biden, and a host of others participating in a very transparent bitcoin scheme? No. The question was whether individual accounts were compromised or if something deeper was going on. Underlying this whole situation is a more challenging issue: The level of access that support has to any given system.

What are your thoughts on Apple’s new iPhone Research Device program? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Trend Micro Research Uncovers the Business Infrastructure of Cybercrime and Apple Launches Security Device Research Program appeared first on .

This Week in Security News: Trend Micro Research Discovers Cybercriminal Turf War on Routers and a Massive Twitter Breach Compromises Some of the World’s Most Prominent Accounts

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s report on the botnet battle for IoT territory and how attacker groups are trying to gain control of vulnerable routers and other devices. Also, learn about a Twitter breach that happened earlier this week, involving some of the most well-known and wealthiest people and brands globally.

Read on:

‘DDoS-For-Hire’ is Fueling a New Wave of Attacks

Earlier this week, Trend Micro released a report about escalating global turf wars between attacker groups vying to seize control of vulnerable routers and other devices, titled “Worm War: The Botnet Battle for IoT Territory.” Robert McArdle, director of Trend Micro’s forward-looking threat research (FTR) and David Sancho, senior threat researcher, spoke with WIRED about findings from the report and how the aim of attacker groups is to power botnets that can direct a firehose of malign traffic or requests for DDoS attacks.

Extraordinary Twitter Hack Compromises Some of the World’s Most Prominent Accounts

Earlier this week, hackers hijacked the Twitter accounts of some of the world’s most prominent and wealthiest people and brands including Barack Obama, Joe Biden, Kanye West, Jeff Bezos, Bill Gates, Elon Musk and tech giant Apple. These hacked accounts sent out messages promising bitcoin payments as part of a scam.

Tax Scams – Everything You Need to Know to Keep Your Money and Data Safe

Cybercriminals are always on the hunt for two things: people’s identity data from their accounts and their money. Both can be exposed during the tax-filing season, and cybercriminals have adapted multiple tools and techniques to obtain this information. In this blog, take a look at some of the main threats during tax-filing season and what you can do to stay safe.

Russia is Trying to Hack and Steal Coronavirus Vaccine Data, U.S., Canadian and UK Officials Claim

Officials said that hackers linked to Russian intelligence services are trying to steal information about coronavirus vaccine research in the U.S., Canada and the U.K.  They said that a group known as APT29 — also known as “Cozy Bear” and believed to be associated with Russian intelligence — was likely to blame for the attack, which used spear phishing and custom malware to target vaccine researchers.

Trend Micro and Girls in Tech to Provide Cybersecurity Training to Girls Around the World

Trend Micro recently announced that it is expanding its partnership with non-profit Girls in Tech with a new initiative aimed at closing the gender diversity and talent gap in the technology industry. Together, the organizations will provide cybersecurity training to girls around the world to help develop a large talent pool of women eager to get their start in the industry.

Microsoft Tackles 123 Fixes for July Patch Tuesday

A critical DNS bug and a publicly known elevation-of-privilege flaw top this month’s Patch Tuesday list of 123 fixes. This article includes data from the Trend Micro Zero Day Initiative (ZDI) July Patch Tuesday blog post, which says that this Patch Tuesday “makes five straight months of 110+ CVEs released and brings the total for 2020 up to 742. For comparison, Microsoft released patches for 851 CVEs in all of 2019. At this pace, Microsoft will eclipse that number next month.”

Guidelines Related to Security in Smart Factories (Part 4) NIST SP800 Series

This blog series explains examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. Based on the NIST CSF that was introduced in Part 3, from the SP800 series which are guidelines with high specificity, Part 4 explains SP800-53, SP800-82, and SP800-171, which are considered to be particularly relevant to general manufacturing industries.

TikTok’s Huge Data Harvesting Prompts U.S. Security Concerns

Security researchers say TikTok’s information collection practices are consistent with Facebook Inc., Google and other U.S. tech companies looking to tailor ads and services to their users. The bigger issue lies in what TikTok does with the intel it gathers. Some groups like the Democratic and Republican national committees and Wells Fargo & Co. have discouraged or banned people from using the app.

Infrastructure as Code: Security Risks and How to Avoid Them

Infrastructure as Code (IaC) is a key DevOps practice that bolsters agile software development. In this report, Trend Micro identifies security risk areas in IaC implementations and the best practices in securing them.

Lost in Translation: Serious Flaws Found in ICS Protocol Gateways

Marco Balduzzi, senior research scientist with Trend Micro, will disclose details of multiple vulnerabilities he and his team discovered in a sampling study of five popular ICS gateway products at Black Hat USA’s virtual event next month. Their findings focus not on the gateways’ software nor the industrial protocols as in previous research, but rather on a lesser-studied function: the protocol translation process that the devices conduct.

Fixing Cloud Migration: What Goes Wrong and Why?

As part of our #LetsTalkCloud series, Trend Micro is sharing some of its deep, in-house expertise on cloud migration through conversations with company experts and folks from the industry. To kick off the series, this blog covers some of the security challenges that solution architects and security engineers face with customers when discussing cloud migrations. Spoiler: these challenges may not be what you expect.

Has your organization experienced security challenges related to cloud migration? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Trend Micro Research Discovers Cybercriminal Turf War on Routers and a Massive Twitter Breach Compromises Some of the World’s Most Prominent Accounts appeared first on .