News Items

According to new research by Trend Micro, most global organizations anticipate suffering a data breach or cyberattack in the next 12 months. The security vendor's Cyber Risk Index (CRI), compiled every six months, was compiled from interviews with 3729 global organizations. The index itself is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber preparedness. The researchers stated that a risk index score of +0.01 for the second half of 2022 is the first time the index has moved into positive territory. The researchers noted that organizations may be taking steps to improve their cyber preparedness. Despite the positive direction of travel in risk scoring, most responding organizations are pessimistic about the year ahead. Most said it was "somewhat to very likely" that they would suffer a breach of customer data (70%) or IP (69%) or a successful cyberattack (78%). These figures have declined only between 1 and 7% from the previous study. Respondents pointed to both negligent insiders and mobile users and a lack of trained staff as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.

Infosecurity reports: "Three-Quarters of Firms Predict Breach in Coming Year"

International police have recently arrested nearly 300 individuals on suspicion of buying or selling drugs on the underground marketplace Monopoly Market. Operation SpecTor also led to the seizure of $53m in cash and virtual currency, 850kg of drugs, and 117 firearms. According to Europol, among the drugs haul were 258kg of amphetamines, 43kg of cocaine, 43kg of MDMA, and over 10kg of LSD and ecstasy pills. The operation involved police in Austria, France, Germany, the Netherlands, Poland, Brazil, the UK, the US, and Switzerland. The majority of arrests apparently took place in the US (153), UK (55), and Germany (52), with several suspects identified as high-value targets. Europol noted that following a secret police takedown of the market in 2021, investigators were able to obtain Monopoly Market vendors' buyer lists, meaning thousands more individuals worldwide are now also at risk of prosecution.

Infosecurity reports: "Dark Web Bust Leads to Arrest of 288 Suspects"

According to security researchers at Fortinet, a five-year-old vulnerability in TBK's DVR camera system (CVE-2018-9995) has been exploited in the wild in April 2023. The High severity flaw derives from an error the camera experiences when handling a maliciously crafted HTTP cookie. The researchers noted that a remote attacker might exploit this flaw to bypass authentication and obtain administrative privileges, eventually leading to access to camera video feeds. The researchers explained that they noticed a spike of more than 50,000 attempted attacks on these devices with unique IPS (intrusion prevention systems) detections last month. Despite the vulnerability being first discovered in 2018, a patch for it may not yet be available. The researchers stated that they are unaware of any patches provided by the vendor and recommend organizations to review installed models of CCTV camera systems and related equipment for vulnerable models. According to TBK's website, there are currently 600,00 cameras, 50,000 CCTV recorders, and 300,000 accessories installed worldwide across banking, retail, government, and other sectors, making the attack surface for the vulnerability particularly wide.

Infosecurity reports: "Hackers Exploit High Severity Flaw in TBK DVR Camera System"

The National Smallbore Rifle Association has recently warned members of possible follow-on fraud and cybercrime after its IT systems were breached. The association is working with the UK's South East Regional Organised Cybercrime Unit (SEROCU) to investigate the incident. The association noted that all their IT systems are fully operational, no funds have been lost, and they will communicate fully with their members after the police investigation. The company confirmed that this attack had not affected the membership portal, which remains secure. The cyberattack targeted legacy servers that contained working documents, not a full database. At this time, the company noted that it cannot say exactly who this affects as they have no access to the servers.

Infosecurity reports: "UK Gun Owners May Be Targeted After Rifle Association Breach"

Purdue University has upgraded its Toolkit for Selective Analysis and Reconstruction of Files (FileTSAR+) to be easier and more cost-effective to set up and maintain. It can be used by law enforcement agencies that reconstruct and analyze digital evidence to solve crimes. FileTSAR+ enables selective reconstruction and analysis of multiple data types, including documents, images, email, and Voice over Internet Protocol (VoIP) sessions for large-scale computer networks. The toolkit was developed by a team led by Kathryn Seigfried-Spellar, an associate professor of computer and Information Technology (IT) at Purdue Polytechnic Institute. The team includes Marcus Rogers, John Springer, and Baijian Yang, all professors of computer and IT at Purdue Polytechnic Institute. Rogers is also the director of the Cybersecurity and Forensics Lab at Purdue. Seigfried-Spellar noted that law enforcement agency feedback prompted enhancements. As a first step toward improving the toolkit, the team eliminated the ability to capture digital evidence, as law enforcement agencies have already captured the data they need but lack a way to process and reconstruct files. Eliminating the ability to capture digital evidence has made FileTSAR+ significantly more resource efficient. The team's second step was to repackage the toolkit from an open-source, virtual machine-based system with a 15-step process to a single-step process that allows users to download and execute files on a laptop. The National Institute of Justice provided funding for the development of the toolkit, which was beta-tested by certified digital forensic examiners from the National White Collar Crime Center and the Tippecanoe County High Tech Crime Unit. This article continues to discuss FileTSAR+.

Purdue University reports "High-Tech Toolkit to Analyze Digital Evidence Made More Efficient and Budget-Friendly for Law Enforcement Agencies"

According to a report published by Radware, in just two months, hacktivists claimed to have launched over 1,800 Distributed Denial-of-Service (DDoS) attacks in an effort to advance various political and religious causes. The analysis of claims made on social media sites from February 18 and April 18 of 2023 revealed that while hacktivism increased at the beginning of the war in Ukraine, religious groups continue to launch more DDoS attacks. Pascal Geenens, director of threat intelligence at Radware, stated that Muslim-affiliated groups have been particularly active, with Anonymous Sudan, Mysterious Team, and Team Insane PK, ranking among the top four DDoS claimants. These four were followed by the pro-Russia hacktivist group NoName057(16), which accounted for 30 percent of all threat actors claiming credit for DDoS attacks. In the long term, organizations should expect that the number of DDoS attacks they face will only increase, either directly or as a result of being associated with other issues. Geenens noted that organizations operating in a particular country could be subjected to DDoS attacks because of politics or issues in which they are only tangentially involved. This article continues to discuss religion fueling DDoS attacks as well as the growth in such attacks.

Security Boulevard reports "Radware Report Sees Religion Fueling More DDoS Attacks"

A new threat analysis report released by the cloud security provider Zscaler reveals patterns in the growth of phishing attacks in 2022. Based on data including 280 million transactions and an analysis of eight billion attempted attacks, the report found a 47 percent increase in phishing attacks in 2022. Attackers are using newer tools, such as Artificial Intelligence (AI), to strike organizations with inadequate security mechanisms. Phishing scams are a growing problem, and threat actors' methods are becoming more complex, thus making them more difficult to detect and thwart, according to the report. The number of attacks against the education sector has increased more than fivefold. Attackers have also shifted away from exploits associated with the coronavirus pandemic. According to the report, COVID-themed attacks accounted for 7.2 percent of phishing schemes in 2021, but just 3.7 percent in 2022. Additionally, the US remains the most targeted country for phishing attacks, a position it has traditionally held, with more than 65 percent of all phishing attempts occurring in the country. Some of the most commonly used techniques are SMS phishing, which applies voicemail-related phishing (vishing) to trick victims into opening malware attachments. Another commonly encountered approach is the use of sophisticated adversary-in-the-middle (AiTM) attacks that can help hackers circumvent multi-factor authentication (MFA) security. This article continues to discuss key findings from Zscaler's phishing report.

MeriTalk reports "Zscaler ThreatLabz Finds Alarming Growth in Phishing Attacks"

Hundreds of pension funds in the UK have been instructed to check whether their clients' data was stolen due to the Capita breach in March. Capita, the country's largest outsourcing firm, has contracts to manage the payment systems for pension funds used by more than 4 million people in the UK. Following the publication of sensitive data referencing home addresses and passport photos by the Black Basta ransomware gang, the company confirmed that it was investigating the release of the data allegedly stolen by the ransomware group. The Pensions Regulator has written to hundreds of pension funds, requesting that trustees contact Capita to find out if their data has been compromised. Capita has verified that there are currently some signs of limited data exfiltration from a small proportion of the impacted server estate, which could include customer, supplier, or colleague data. This article continues to discuss the Capita breach and UK pension funds being told to check on whether their clients' data had been stolen because of the breach.

The Record reports "UK Pension Funds Warned to Check on Clients' Data After Capita Breach"

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently announced that proposed guidance for secure software development is now open to public review and opinion. For 60 days, the public can provide feedback on the draft self-attestation form for secure software development, which requires the providers of software for the government to confirm that specific security practices have been implemented. CISA stated that the self-attestation form has been drafted in line with the requirements of Memorandum M-22-18 (Enhancing the Security of the Software Supply Chain through Secure Software Development Practices) that the Office of Management and Budget (OMB) released in September 2022. CISA noted that this self-attestation form identifies the minimum secure software development requirements a software producer must meet and attest to meeting before their software subject to the requirements of M-22-18 may be used by Federal agencies. Per M-22-18's requirements, federal agencies may use specific software only if the developer has attested compliance with government-issued guidance on software supply chain security. The self-attestation requirement applies to software produced after September 14, 2022, to software-as-a-service products and other software receiving continuous code changes and to existing software when major version changes occur. Software developed by the federal agencies and freely available software used by the agencies does not fall in scope for M-22-18 and does not require self-attestation. CISA stated that software producers who utilize freely obtained elements in their software are required to attest that they have taken specific steps to minimize the risks of relying on such software in their products. Suppose a software producer cannot provide a completed self-attestation form. In that case, federal agencies are required to obtain documentation on development practices, to document measures taken to mitigate resulting risks, and to require a plan of actions and milestones (POA&M) from the software producer. Minimum attestation requirements described by the new guidance include secure development environments, efforts to maintain trusted source code supply chains, maintaining provenance data for all code, and automated vulnerability checks.

SecurityWeek reports: "CISA Asks for Public Opinion on Secure Software Attestation"

Even though the Biden administration recently reaffirmed its commitment to Electric Vehicles (EVs), concerns remain about the ability of charging infrastructure and vehicles to withstand a cyberattack. If charging stations are designated as critical infrastructure, the challenge will become significantly more difficult, especially when states add them to public property. Many state and local governments have cybersecurity insurance to cover some of the financial costs of an attack on their Information Technology (IT) systems, but insurance for EVs and charging stations is new territory. Recent research from the IBM Institute for Business Value discussed these emerging cybersecurity risks and their insurance implications. According to IBM's report, "software-heavy" EVs and charging stations are constantly communicating with other vehicles and the world around them, and while software updates may be sent quickly to address security flaws, the enormous attack surface catches cybercriminals' attention. The effects are also affecting the insurance industry, which is struggling to assess an unfamiliar set of risks and losses. Mike Hamilton, CISO of Critical Insight, agreed that the absence of precedent is concerning for the future of insurance. Hamilton emphasized the difficulty of determining how to price this insurance based on risk. This article continues to discuss EV owners, charging stations, and fleet managers being vulnerable to hackers without a meaningful way to secure and insure the EV infrastructure.

GCN reports "EVs Rev up Cybersecurity Challenges"

According to US law firm BakerHostetler, lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken more frequently, even in cases where the number of impacted individuals is smaller. Last week, the company published its 2023 Data Security Incident Response Report based on data collected from more than 1,100 cybersecurity incidents investigated by the company in 2022. The report shows that 45% of incidents were network intrusions, followed by business email compromise (30%) and inadvertent data disclosure (12%). Following initial access, the most common actions were ransomware deployment (28%), data theft (24%), email access (21%), and malware installation (13%). Data collected by BakerHostetler shows that ransomware victims that did pay a ransom in 2022 paid more compared to 2021. The largest ransom demand seen by the firm in 2022 exceeded $90 million (compared to $60 million in 2021), and the largest ransom that was paid in 2022 was more than $8 million (compared to $5.5 million in 2021). The average ransom amount paid last year was roughly $600,000, up from $511,000 in 2021. The cost of forensic investigations has also increased. For the 20 largest network intrusions, the average cost increased by 24%, from $445,000 in 2021 to $550,000 in 2022. In addition to higher ransom demands and increased forensic costs, the company also found that a bigger percentage of incidents where the impacted organization notified individuals of a data breach resulted in at least one lawsuit. Specifically, the numbers have increased from four lawsuits out of 394 incidents in 2018 to 42 lawsuits filed for 494 incidents in 2022. Four of the lawsuits filed last year were in response to incidents where fewer than 1,000 people were impacted, and 14 lawsuits were filed over incidents that hit between 1,000 and 100,000 people. The company noted that another category of lawsuits has also increased: privacy-related class actions. BakerHostetler is aware of more than 50 lawsuits filed since August 2022 against hospital systems that allegedly shared patient identities and online activities via third-party website analytics tools without the user's knowledge and consent.

SecurityWeek reports: "Companies Increasingly Hit With Data Breach Lawsuits: Law Firm"

According to new research by Check Point, weekly cyberattacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The company found that the education and research sector experienced the highest number of attacks, rising to an average of 2507 per organization per week (a 15% increase compared to Q1 2022). While the volume of attacks has only risen marginally, the company noted that they have witnessed several sophisticated campaigns from cyber criminals who are finding ways to weaponize legitimate tools for malicious gains. Check Point stated that geographically, the APAC region experienced the highest year-on-year (YoY) increase in weekly attacks, with an average of 1835 per company (16% more than last year). North America followed with a 9% YoY increase resulting in 950 average weekly attacks per organization. The company noted that in the United States, cybersecurity regulations have recently been revised, and regulators are currently considering proposals aimed at improving incident reporting, information disclosure, oversight, and the modernization of outdated legislation. During the study, the company also found that 1 in 31 organizations worldwide experienced a ransomware attack weekly over the first quarter of 2023. This represents a 1% increase compared to the same period in 2022, when a similar number of organizations fell victim to such attacks. Latin America saw the most significant year-over-year increase of 28% when 1 out of 17 organizations experienced a ransomware attack.

Infosecurity reports: "Global Cyberattacks Rise by 7% in Q1 2023"

An analysis of more than 70 billion DNS records resulted in the discovery of Decoy Dog, a new sophisticated malware toolkit aimed at enterprise networks. Decoy Dog is evasive and uses techniques such as strategic domain aging and DNS query dribbling, in which a series of queries are sent to command-and-control (C2) domains in order to avoid detection. According to Infoblox, Decoy Dog is a cohesive toolset with several odd traits that make it distinctly identifiable, particularly when looking at its domains at the DNS level. The cybersecurity company said the malware was discovered due to unusual DNS beaconing activity, and its uncommon properties allowed it to map more domains that are part of the attack infrastructure. Researchers have found that the use of Decoy Dog in the wild is "very rare," with the DNS signature matching less than 0.0000027 percent of the 370 million active domains on the Internet. Pupy RAT, an open-source Trojan delivered using DNS tunneling, in which DNS queries and responses are used as a C2 for dropping payloads, is one of the toolkit's main components. This article continues to discuss researchers' findings and observations regarding the new sophisticated malware toolkit dubbed Decoy Dog.

THN reports "New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks"

According to HUMAN, a global leader in protecting enterprises by disrupting digital fraud and abuse with modern defense, bot attacks were viewed as a relatively insignificant type of online fraud, and that thinking has remained even as threat actors can now inflict major damage to revenue and brand reputation. Even as people spent less time online, bad bot traffic grew overall. Legitimate human traffic decreased by 28 percent, but bad bot traffic surged by 102 percent, meaning that the percentage of bad bots in total traffic has climbed even faster. The number of automated attacks has increased. Three common types of bot attacks on web applications increased year over year. Carding attacks increased 134 percent, account takeover attacks increased 108 percent, and scraping increased 107 percent. Certain industries were more vulnerable to bot attacks than others. Bad bots accounted for 57 percent of traffic to online businesses in the Media and Streaming industry. Just under half of traffic to organizations in the Travel and Hospitality (49 percent) and Ticketing and Entertainment (46 percent) industries were automated. This article continues to discuss key findings from HUMAN's 2023 Enterprise Bot Fraud Benchmark Report

Help Net Security reports "Cybercriminals Use Proxies to Legitimize Fraudulent Requests"

One company is helping developers research open-source software packages to discover code components that are secure from attacks. Endor Labs, a startup that helps governments and businesses secure open-source software, has released its DroidGPT tool in private beta, with plans to make it fully available in the next two months. Developers can log into the company's platform and use a conversational style to ask different questions, such as which packages have the fewest vulnerabilities. DroidGPT then generates results based on Endor Labs' massive and frequently updated database of open-source software. The results overlap with the company's data on the quality, popularity, trustworthiness, and security of each package. Developers in both the public and private sectors are increasingly reliant on open-source software, which has become the foundation of numerous technologies and applications. The Biden administration's 2021 executive order called for open-source software's "integrity and provenance" to be checked, as well as a Software Bill of Materials (SBOMs) to keep a formal record of the software supply chain used in building applications. Varun Badhwar, CEO of Endor Labs, stated that about 80 percent of the code that makes up applications is open-source, making it easier for developers but raising concerns about where it originates from, especially since there is no support structure in place to identify faulty code. This article continues to discuss Endor Labs' DroidGPT tool aimed at helping developers spot malicious open-source code.

GCN reports "Generative AI Helps Spot Malicious Open-Source Code"

Carnegie Mellon University's competitive hacking team, the Plaid Parliament of Pwning (PPP), won the top prize at the MITRE Embedded Capture-the-Flag (eCTF) cybersecurity competition for the second year in a row. PPP and 79 other collegiate-level teams worked for three months to design and implement a key fob system for a car door lock, securing the car from unauthorized entry and preventing attacks such as replays and key fob cloning. The yearly competition drew teams from around the world, with a record-breaking 546 student participants. The competition was divided into two parts: design and attack. Each phase provided chances to earn points by collecting flags and sending them to the live eCTF scoreboard. Hackers acted as a team of engineers at a car manufacturer throughout the design process, designing and building the embedded software that would be provisioned on the next line of cars and key fobs sold to customers. During the attack phase, teams had the opportunity to assess the designs of other groups, uncovering security holes as they attempted to unlock and start the vehicles without the vehicle owners' authorization. This article continues to discuss CMU's competitive hacking team PPP winning at the MITRE eCTF cybersecurity competition as well as the structure and benefits of eCTF competitions.

CyLab reports "CMU Hacking Team Defends Title at MITRE Cybersecurity Competition"

On Thursday, Senator Michael Bennet introduced a bill that would create a task force to look at U.S. policies on artificial intelligence and identify how best to reduce threats to privacy, civil liberties, and due process. The widespread use of ChatGPT and other AI, which have been used for years to create text, imagery, and other content, has sparked a rush around the globe to figure out if and how it should be regulated. The job of the AI Task Force, which could include cabinet members, will be to identify shortfalls in regulatory oversight of AI and recommend reforms if needed. Bennet stated that there's going to have to be a lot of education around this set of issues because they're not well understood. He noted that there is going to be a lot of improvisation and iterative approaches to try to wrestle with this because AI is so new to everyone in the government. Under the bill, the task force would include an official from the Office of Management and Budget, the National Institute of Standards and Technology, and the Office of Science and Technology Policy as well as privacy and civil liberties officers from the Departments of Justice, State, Treasury, Defense, and other executive branch agencies. Under the terms of the bill, the task force would work for 18 months, issue a final report, and then shut down.

Reuters reports: "U.S. Senator Introduces Bill Targeting AI's Shortfalls"

A UK secondary school has recently revealed that it was hit by a cyberattack affecting its IT network. Hardenhuish School in Chippenham, Wiltshire, confirmed the attack on Thursday, saying hackers gained access to network infrastructure and then demanded a ransom for restoring access. It is currently unclear whether the school paid the ransom, but the school said its pupils' learning was their absolute focus, so they were doing their best to restore access to the affected systems. Rob Bolton, VP of EMEA at Versa Networks, stated that to protect against cyber threats, schools must implement advanced security controls to detect and resolve security issues quickly. Bolton noted that network segmentation is also a critical security control that limits malware movement and minimizes the impact of breaches. By prioritizing cybersecurity measures and investing in the necessary resources, schools can reduce the risk of falling victim to a cyberattack and ensure a safe and secure learning environment for their students. The Hardenhuish school cyberattack comes a few months after an audit by the National Cyber Security Centre (NCSC) showed that three-quarters (78%) of UK schools had experienced at least one type of cyber-incident.

Infosecurity reports: "Ransomware Attack Disrupts IT Network at Hardenhuish School"

Immersive Labs' research found that while businesses are confident in their overall resilience against cyberattacks, security teams are inadequately prepared for cyber threats. The study surveyed 316 global cybersecurity training strategy decision-makers in the UK, the US, Canada, Germany, and Sweden. Eighty-two percent agree that if they had been better prepared, they could have mitigated some to all of the damage caused by their most significant cyber incident over the past year. Over 80 percent of respondents do not believe or are uncertain that their teams have the capability to respond to future attacks. Only 17 percent of respondents believe their cybersecurity team is fully staffed, and nearly half confess they are unable to measure their cyber capabilities, further undermining confidence in their organization's readiness. This article continues to discuss the need for cyber leaders to have a more effective approach to building resilience.

BetaNews reports "Cybersecurity Teams Are Overconfident of Their Ability to Deal With Threats"

According to researchers at Pennsylvania State University, showing users that visual data input into Artificial Intelligence (AI) systems was correctly labeled could increase people's trust in AI. The team added that the findings could pave the way for scientists to better measure the relationship between labeling credibility, AI performance, and trust. In the study, the researchers discovered that high-quality image labeling increased people's perception of the credibility of the training data and their trust in the AI system. However, when the system displays additional signs of bias, some aspects of their trust decrease while others remain high. In order for AI systems to learn, they must first be trained using data that humans often label. According to S. Shyam Sundar James P. Jimirro Professor of Media Effects at the Donald P. Bellisario College of Communications and co-director of the Media Effects Research Laboratory at Penn State, the majority of users never see how the data is labeled, which raises questions about the accuracy and bias of those labels. Sundar explained that trusting AI systems involves having trust in AI's performance and its ability to accurately reflect reality and truth. This is only possible if the AI has been trained on a good data set. Ultimately, concerns regarding AI trust should be directed toward the training data upon which the AI is built. However, it has been difficult to convey the quality of training data to the general public. This article continues to discuss the research on boosting trust in AI through transparent labeling.

Pennsylvania State University reports "Transparent Labeling of Training Data May Boost Trust in Artificial Intelligence"

Google recently claimed that it is making it harder for malicious developers to get their software published on its Play Store while removing large volumes of bad accounts. Google has revealed that it removed 173,000 bad accounts in 2022 and raised the bar for new developers by adding phone, email, and "other identity verification methods." This helped the firm to reduce the number of accounts used to publish apps that violate its policies. Google said it prevented 1.43 million of these apps from being published on the Play marketplace. All told, Google estimated that it prevented $2bn in "fraudulent and abusive" transactions. Google noted that they continued to partner with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over one million apps on Google Play. Google said thanks to stronger Android platform protections and policies, and developer outreach and education, it also prevented around 500,000 submitted apps from unnecessarily accessing sensitive permissions over the past three years. Last year Google launched an App Security Improvements program which it claimed helped developers fix 500,000 security weaknesses impacting 300,000 apps with around 250 billion installs.

Infosecurity reports: "Google Bans 173,000 Bad Developers in 2022"

A 36-year-old Ukrainian citizen was recently arrested for allegedly selling personal information belonging to over 300 million people to Russia, according to a statement from the Ukrainian cyber police. The individual used the messaging platform Telegram to sell the stolen information, which included passport data, taxpayer numbers, birth certificates, driver's licenses, and bank account data belonging to Ukrainian citizens and citizens of other European countries. Depending on the amount and nature of the information sought, he would sell access to the data for a price between $500 and $2,000. According to the cyber police, the individual sold the data to Russian citizens for rubles, a currency that is banned in Ukraine. When police arrived to search the suspect's home in Netishyn, a town of 36,000 people in western Ukraine, they seized several mobile phones, about 30 hard drives, SIM cards, computer equipment, and server equipment. The police stated that they are also investigating databases with restricted access that the suspect operated. The individual is facing charges for creating malicious software, illegally accessing information stored on computer networks, and more. The arrest brings further attention to how Telegram has become a popular but flawed cybercriminal tool. This article continues to discuss the arrest of a Ukrainian man for selling personal data on 300 million people to Russia and the increase in hacker-related posts on Telegram.

The Record reports "Ukrainian Man Arrested for Selling Data on 300 Million People to Russians"

Many consumers and businesses in Australia, Japan, the US, and India have been infected with the evasive information-stealing malware ViperSoftX. ViperSoftX was first discovered in 2020, and in November 2022, the cybersecurity company Avast described a campaign that involved the malware in distributing a malicious Google Chrome extension capable of stealing cryptocurrencies from wallet applications. A new analysis by Trend Micro reveals that the malware now uses more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking. The vector of entry for ViperSoftX is typically a software crack or a key generator (keygen), but it also uses non-malicious applications such as multimedia editors and system cleaners as "carriers." Before downloading the first-stage PowerShell loader, the malware performs a series of anti-virtual machine, anti-monitoring, and anti-malware checks. The loader then decrypts and initiates a second-stage PowerShell script retrieved from a remote server, which launches the primary routine responsible for installing malicious browser extensions to exfiltrate passwords and cryptocurrency wallet data. This article continues to discuss researchers' findings and observations regarding the ViperSoftX information-stealing malware.

THN reports "ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection"

According to Yubico, organizations have continued to rely on the least secure forms of authentication, such as traditional usernames and passwords and one-time passwords (OTPs), over the past two years, based on a survey of over 500 Information Technology (IT) leaders in the US and Canada. Fifty-nine percent of respondents reported a security breach in the past year, an increase of 6 percent over the past two years. In addition, there has been a significant increase in MFA deployment among customers, which increased from 45 percent to 57 percent. Ronnie Manning, CMO of Yubico, noted that not all MFA tools are created equal, and despite the fact that businesses are aware that legacy MFA tools are ineffective for maintaining security, they continue to rely on them as their primary line of defense. Manning added that education regarding the significance of phishing-resistant MFA is more important to move away from legacy MFA tools that leave thousands of businesses vulnerable to attacks. This article continues to discuss key findings from research on the top MFA trends among businesses today and the critical forces shaping authentication.

Help Net Security reports "Phishing-Resistant MFA Shapes the Future of Authentication Forms"