Security News > 2022 > April

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. Microsoft Threat Intelligence Center, which dubbed the defense evasion malware "Tarrask," characterized it as a tool that creates "Hidden" scheduled tasks on the system.

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit," U.S. Attorney Damian Williams said in a statement.

A threat group that pursues crypto mining and distributed denial-of-service attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet FortiGuard Labs said in a report this week.

In this video for Help Net Security, Zur Ulianitzky, Head of Research at XM Cyber, talks about the top attack techniques used by threat actors to compromise critical assets in enterprise and cloud environments. Based on a research of attack techniques exploiting vulnerabilities, misconfigurations and mismanaged or stolen credentials to compromise critical assets, the most impactful technique turned out to be the used of compromised domain credentials, which allow the attacker to spread throughout the enterprise environments.

While the details vary by service, the concept is basically the same: you remain responsible for maintaining general security hygiene, ensuring the cloud security controls are properly configured, and protecting your data on the system. Over the course of two decades, cloud computing has transformed the way people use the internet for work and play.

In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow attackers to target packages for account takeover. Npm is the default package manager for Node.js, an open-source, crossplatform JavaScript runtime environment.

Key findings reveal that organizations value security product innovation, especially at the hardware level, when purchasing technologies and services. Organizations recognize hardware-assisted security capabilities are critical to a robust security strategy, with many searching out transparent technology providers to supply innovative security solutions.

"Many recent breaches and data leaks have been tied back to misconfigurations. Whereas most research related to misconfigurations has focused strictly on the IaaS layers and entirely ignores the SaaS stack, SaaS security and misconfigurations are equally, if not more, important when it comes to an organization's overall security." "We wanted to gain a deeper understanding of the use of SaaS applications, how security assessments are conducted and the overall awareness of tools that can be used to secure SaaS applications," said Hillary Baron, lead author and research analyst, Cloud Security Alliance.

In an increasingly digital world, consumers feel trapped: sharing personal data is a requirement to use digital services, but the majority do not trust these organizations to protect their data. Trends related to consumer perception of trust, data security, and privacy Exhausted consumers have given up on security.

In Q4, the rate of ransomware claims reached just half of the peak seen in Q1 2021 - decreasing from 0.6% to 0.3%. While the Q3 2021 average ransom paid was atypically high, the entire 2021 ransoms paid by quarter average was ~$167k, 44.2% less than the Q3 figure. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50%. As recently as Q3 2020, the ratio was 44%. This decrease in cost and severity can be partially attributed to underwriting entities requiring stronger backups for insurance coverage, which is helping to drive the broader trend toward more sophisticated and resilient approaches to mitigating ransomware risk.