Security Wrap-Up (December 22nd, 2020)

Happy Tuesday! This year has been a doozy, but I’m taking time this week to try and relax a little, I think we all need it. And whatever holiday you are celebrating (or not celebrating), I hope you can find your own time to rest and recover. Anyways, let’s go ahead and get into this week’s Security Wrap-Up -

SolarWinds releases more details in a new report
In an 8-K filing to the US Securities and Exchange commission, SolarWinds has given more details on its recent security troubles. The notice says that FireEye notified the network management biz’s CEO of a serious security issue on December 12th. But by then, the SUNBURST malware had already spread to 18,000 customers. A new report released last Friday show that hackers conducted a dry run in October of 2019. These October files, distributed to customers on October 10th, did not have a backdoor embedded in them and went undetected until this month. By conducting a dry run, hackers were able to determine if an intrusion would be detected. At this time, FireEye has confirmed that the main malware controller being used in the SolarWinds attacks has been killed off this week.

Law enforcement disrupts VPN services enabling cybercrime
Global law enforcement agencies have shut down three VPN services built to help criminals launch ransomware campaigns, phishing attacks, and other illicit activity. “Operation Nova” was led by German Reutlingen Police Headquarters, Europol, the FPI, and other agencies around the world. The investigation revealed three domains offered “bulletproof hosting” services, which are designed to offer Web hosting or VPN services for criminal activity, allowing them to operate uninterrupted. Hosting providers work to defend this criminal customer base, moving data to various IP addresses to evade detection and deflect complaints made by a client’s victims.

Zero-click Apple Zero-Day uncovered in Pegasus spy attack
Four nation-state-backed advanced persistent threats (APTs) hacked Al-Jazeera journalists, producers, anchors, and executives in an espionage attack leveraging a zero-day exploit for the Apple iPhone. This particular attack, carried out in July and August, compromised 36 personal phones belonging to the victims. All operators used the NSO Group’s infamous Pegasus spyware (a mobile phone surveillance solution) as their final payload. With the latest Pegasus implant version, attackers could record audio from the microphone (including both ambient recording and audio of encrypted voice calls), take pictures, track device location, and access passwords and stored credentials.

Institute for Security and Technology launches mulitsector ransomware task force
The Institute for Security and Technology (IST) announced it would host a new multisector task force to find solutions to ransomware, with delegates from a broad set of industries. The Ransomware Task Force (RTF) involves a number of players including: cybersecurity firms, the Global Cyber Alliance, the law firm Venable, think tanks, and tech companies such as Microsoft and Citrix, among others.

Any security news you’d like to share? Leave it in the comments below!

1 Like