Based on the incidents we saw in 2016, I recommend that organizations enter 2017 with caution. From the growth of Business Email Compromise (BEC) attacks to cybercriminals using more effective ways to exploit Internet of Things (IoT) devices, these security issues should serve as a reminder for businesses and individuals to be more vigilant. One of the most pressing matters that a lot of organizations need to pay attention to, however, is the forthcoming General Data Protection Regulation (GDPR). The new set of rules is designed to harmonize data protection across all EU member states and bring in a number of key components that will directly impact businesses—even businesses outside Europe.Read More
Two Italian citizens were arrested last Tuesday by Italian authorities (in cooperation with the FBI) for exfiltrating sensitive data from high-profile Italian targets. Private and public Italian citizens, including those holding key positions in the state, were the subject of an effective spear-phishing campaign that reportedly served a malware, codenamed EyePyramid, as a malicious attachment. This malware has been used to successfully exfiltrate over 87 gigabytes worth of data including usernames, passwords, browsing data, and filesystem content.Read More
Microsoft begins its monthly set of bulletins for 2017 with relatively few bulletins released in January. Four security bulletins make up this month’s Patch Tuesday—one of which is rated Critical to address vulnerabilities seen in Adobe Flash Player while the other three are tagged as Important to patch vulnerabilities in Microsoft Office, Edge, and the Local Security Authority Subsystem Service (LSASS).Read More
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human resource department. GoldenEye, a relabeled version of the Petya (RANSOM_PETYA) and Mischa (RANSOM_MISCHA) ransomware combo, not only kept to the James Bond theme of its earlier iteration, but also its attack vector.
Given ransomware’s likely outlook to reach a plateau, persistence in the threat landscape and diversification of target victims are the names of the game. GoldenEye exemplifies bad guys trying to gain scale, leverage, and profit with rehashed malware.Read More
This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went private and shifted focus to select clientele only. Now, the most prominent exploit kits in circulation are RIG and Sundown. Both gained prominence shortly after Neutrino dropped out of active circulation.Read More