Posted November 21, 2017
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“Operators, vendors, academics, and government officials offered new insights into meeting the growing incidence of cyber-threats across the industry during the 12th Annual American Petroleum Institute Cybersecurity Conference on 7–8 November in The Woodlands, Texas.
In a session on cyberattacks and emerging threats, Michael Leigh, the global head of incident response at consultant NCC Group, said his company sees a lot of ransomware attacks on companies that seek his firm’s help in response. The firm has looked at all different types of ransomware and how long certain ransomware attack models have been around, and the effort has led to the realization that tactics and methods do not change, but the vulnerability is always the same, a clear sign that security professionals are not enforcing adaptation. Justin Harvey, managing director and lead for the FusionX global incident response practice at Accenture Security said that “cyber defense is no longer a digital or an IT problem, it is a health, safety, and environment problem.” The grand strategy is to stop data breaches, and the strategy for directly accomplishing it is to adopt a “zero trust” practice toward those seeking to use any part of an organization’s system.”
Information Security Risk
“Several popular antivirus products are affected by a type of vulnerability that allows an attacker to escalate privileges on a compromised system by abusing the quarantine feature, a researcher warned on Friday. Once an attacker hacks into a system, they might need to somehow obtain higher privileges in order to access information that would allow them to move laterally within the network. An information security auditor at an Austria-based security firm, claims to have discovered a new way to achieve this: abusing the uarantine feature of some antiviruses. The attack method, dubbed by the researcher AVGater, relies on a combination of flaws and known techniques. According to the researcher, an attack starts with a malicious DLL file being placed into quarantine by the antivirus software.”
“Several MailChimp Accounts Compromised as Phishing Attack Impersonates Major Brands – Aldi, Bunnings, Amcal and Others. In the latest example of brandjacking, this evening we are seeing a run of phishing emails impersonating major retail brands. The criminal emails are leveraging several different compromised MailChimp accounts to bypass traditional email scanning software, and then using the power of major household name brands to entice users to click. Despite being simple HTML emails that are emanating from the compromised MailChimp accounts, the emails are well formatted and could be easily mistaken for the real thing by unsuspecting recipients. Carrying links that redirect to a survey page, they ultimately lead users to a phishing page to steal their credentials and to deliver adware”
– IT Security Guru
“An in-development ransomware named J. Sterling Ransomware has been discovered that targets the high school students of a district in Cicero, Illinois by pretending to be a student survey. While this ransomware currently does not encrypt files, it shows how a developer can make an effective and targeted ransomware attack. When run, this ransomware will display a screen called the “J. Sterling Student Survey”, which prompts the student to login into the survey and select their school grade. In order to make the survey look legitimate, the developer included the school’s logos and slogans. Once the student enters any email or password and selects their grade, the screen will change to a ransomware message.”