What’s the worst malware so far into 2018? The worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.
And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10.
Other cybersecurity news:
Beware of these vulnerabilities
- Researchers from the Netherlands warned (pdf) about vulnerabilities in solid-state drives (SSDs) that could allow attackers to bypass disk encryption. SSDs that were tested and found to be affected include Samsung 840 Evo, Samsung 850 Evo, Samsung T3, Samsung T5, Crucial MX100, Crucial MX200, and Crucial MX300. Also, when possible, Windows 10 Bitlocker defaults to SSD encryption, meaning attackers could “easily” gain access to the files you thought were encrypted and protected.
- Evernote patched a vulnerability in its app for Microsoft Windows; the flaw allowed for stored XSS attacks.
- The Apache Struts Foundation advised users to “immediately upgrade” Struts 2.3.36-based projects to the latest version of Commons FireUpload library 1.3.1 to prevent sites from being exposed to DoS attacks.
- F-Secure’s Andrea Barisani, posted an security advisory about a U-Boot (Universal Boot Loader) verified boot bypass.
- U.S. Cyber Command announced that it uploaded its first malware sample to VirusTotal. The sharing of unclassified malware samples with the global cybersecurity community is meant to help prevent harm by malicious cyber actors.
HSBC Bank data breach
HSBC Bank disclosed a data breach but didn’t say how many customer’s were affected. The banking giant said it became aware of unauthorized users accessing online account Oct. 4-14. Attackers may have accessed full names, mailing and email addresses, phone numbers, dates of birth, account numbers, account balances, transaction histories, payee account information, and statement histories. The bank claims to have now added a layer of security and enhanced its authentication process.
Security company acquisitions
- Symantec acquired Appthority, since mobile apps are a critical threat vector and mobile users increase the enterprise attack surface. The tech will be included in Symantec’s Endpoint Protection Mobile. Symantec also acquired Javelin Networks. Javelin’s tech, which defends against Active Directory-based attacks, will be part of Symantec’s endpoint security business.
- Thoma Bravo plans to acquire Veracode from Broadcom for $950 million. As pointed out by The Register, Thoma Bravo is already a private equity owner of McAfee and Barracuda Networks and either owns or has stakes in Centrify, Compare Corp, Koufax, LogRhythm, Riverbed and SolarWinds, Blue Coat Systems, and SonicWall.
Chrome to block all ads on ‘abusive’ websites
You might want to check if your company’s website is deemed by Google as “abusive” because starting in December 2018, Chrome 71 will “remove all ads” on sites that have “persistent abusive experiences.” Google warned that site owners have 30 days to fix the abusive experience flagged by the Abusive Experience Report before Chrome removes all the ads.