Cyber Weekly Roundup - October 13, 2017 - NetCentrics

Weekly Roundup

Cyber Weekly Roundup – October 13, 2017

By Andrew Paulette and Colby Proffitt

1.)  In-progress email threads were hacked to spearphish private companies, report says (October 5, 2017)

Summary: A newly identified spearphishing campaign targeting banks, companies and individuals across Eurasia wielded particularly effective tactics and malware, according to new research published by the cybersecurity firm Palo Alto Networks.

Why it matters: The idea of using stolen credentials to log into a user’s business account and insert themselves into an email conversation is a level of social engineering not often reported. This technique would prey on the user’s trust of the attacker’s false identity due to the fact they were responding to an email thread already in progress from a known email account. As always, solutions such as two-factor authentication will help prevent attacks with knowledge of a victim’s password from accessing their accounts, as they would not be in possession of the physical key that authenticates the user’s access.​

2.)  Over 37,000 Chrome Users Installed a Fake AdBlock Plus Extension (October 10, 2017)

Summary: Google has removed a malicious extension from its Chrome Web Store that posed as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users.

Why it matters: Similar to supply chain attacks such as the recent CCleaner compromise, this social engineering attack takes advantage of a user’s trust in the software they are installing (or think they are installing) to allow the attacker to deliver a malicious payload such as a remote access tool to the target. Fortunately in this case, the implementation of the malicious code seemed poor, as it instantly opened ads in a user’s browser after the user had installed an ad-blocker. Regardless, we can expect to see more attacks like this in the future as users become more resilient to other forms of social engineering.

3.) How Israel Caught Russian Hackers Scouring the World for U.S. Secrets (October 10, 2017)

Summary: It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

Why it matters: On the one hand, anti-virus adds a layer of security by checking against known signatures of malware to protect computers from similar exploits. In addition, anti-virus can also learn about new malware attacks through the analysis of a user’s computer.  This means the more computers it is on, the better. On the other hand, anti-virus requires a high level of privileged access to a user’s device, and is susceptible to the same vulnerabilities and exploits that plague other software. As with all things in information security, organizations and users alike cannot rely on anti-virus to protect their devices, but must instead use defense-in-depth to fill in the cracks should one solution​ fail.

4.)  Equifax website hit by malvertising – will the pain never end? (October 13, 2017)

Summary: We suspect that you’ve heard the proverb, “It never rains but that it pours”.  It means that when bad stuff starts, you often get a whole lot of it hammering down on you – a literary way of suggesting that things are going to get worse before they get better.  People have been saying that proverb for 300 years or more, but it could have been written especially for Equifax, the way things are going.

Why it matters: Malvertising is a tricky problem for the sites affected by it – on the one hand, it is not necessarily the fault of the company where the malvertisement is located, but rather an issue with a third party that provides advertising services. On the other hand, it still looks bad for the company affected by the malvertisement. Companies should always check the policies and processes in place by third party advertising agencies to ensure proper steps are taken to reduce the amount of malvertising on a platform.​

5.) Cyberattack to cause power disruption within five years, utility execs fear (October 4, 2017

 Summary: Three-quarters of North American utility executives believe there is at least a moderate chance that the electrical grid in their nation will be interrupted by a cyberattack sometime in the next five years.

 Why it matters: Attacks can take many forms, depending on the attacker, their motivation, and intentions. Ransomware attacks can target individuals, or large companies, for example. An attack on a nation’s critical infrastructure, such as a power grid, would likely be launched by another nation-state. Understanding the identity and motivation behind such potential attacks is just as important as understanding the means used by the attackers to achieve their goal. There’s good reason for utility execs to worry – Symantec recently revealed that a hacker group gained “operational access” to power grid controls. An attack on critical infrastructure is a very real threat that could have a catastrophic impact. Utility companies should remain on high alert and take every cyber precaution possible.