CS Nov-Dec 2020

More documents

Recommendations

Info

threat intelligence APTS AND COVID-19 A RECENT INTELLIGENCE REPORT REVEALS HOW ADVANCED PERSISTENT THREATS ARE USING THE CORONAVIRUS AS A LURE KHNP (Korea Hydro & Nuclear Power) cyber terrorism attacks of 2014. Since it first showed itself, Covid-19 has had a catastrophic impact on our lives, turning into a global pandemic that has upended economies, livelihoods and hospital systems - almost all facets of everyday life has been touched. Such uncertainty and fear surrounding the virus and its impact represents a golden opportunity for threat actors to exploit the situation, as Malwarebytes points out in one of its latest Threat Intelligence Reports. "By using social engineering tactics such as spam and spear phishing campaigns, with Covid-19 as a lure, cybercriminals and threat actors increase the likelihood of successful attack. From late January on, several cybercriminal and state-sponsored groups have been doing just that, using coronavirus-themed phishing emails as their infection vector to gain a foothold on victim machines." In its white paper, Malwarebytes provides an overview of several APT groups using coronavirus as an enticement, as well as a description of their varied attack vectors, categorising the APT groups according to the technique they used to send spam or phishing emails: template injection, malicious macros, RTF exploits and malicious LNK files. Here, we look at just a few it singles out. TEMPLATE INJECTION Template injection refers to a technique in which threat actors embed a script moniker in the lure document - usually a Microsoft Office document - that contains a link to a malicious Office template via an XML setting. Upon opening the document, the remote template is dropped and executed. Kimsuky and Gamaredon are examples of APTs using template injection. Kimsuky (also known as Velvet Chollima) is a North Korean threat actor group active since 2013 and is known to be behind the Gamaredon, a Russian APT, primarily performs cyber espionage operations against Ukrainian military forces, as well as individuals related to the Ukrainian government. Gamaredon has been active since 2013 and often uses spear phishing as its initial infection vector. MALICIOUS MACROS Embedding malicious macros is the most popular method of infection used by APTs, warns Malwarebytes. In this attack vector, a macro is embedded in the lure document that will be activated upon its opening. APT36 is another threat group that has employed macro-embedded COVID-19 themes in its recent campaigns. The group, believed to be Pakistani state-sponsored, mainly targets the defence, embassies and government of India. The primary targets of this APT are organisations related to diplomatic and government agencies in the UK, China, Japan, the Middle East, the US, Bangladesh, Sri Lanka and Pakistan. Hades is the APT group behind the attack against the Pyeongchang Winter Olympics. "Evidence suggests that this group is connected to the well-known Russian threat actor APT288," points out Malwarebytes. In their recent campaign, called Tricky Mouse, Hades targeted Ukrainian users using COVID-19 lures." The Malwarebytes Threat Intelligence team is "monitoring the threat landscape and paying particular attention to attacks trying to abuse the public's fear of the COVID-19 crisis". 30 computing security Nov/Dec 2020 @CSMagAndAwards www.computingsecurity.co.uk
GDPR THE GOOD… AND THE BAD LACK OF CLARITY AROUND CERTAIN NEW TECHNOLOGIES IS HITTING MANY LAW-ABIDING COMPANIES TRYING TO BE COMPLIANT WITH THE GDPR More than two years after the EU introduced the General Data Protection Regulation (GDPR), a report from the European Commission on the regulation’s progress makes for interesting reading. In it, the commission speaks of the many positives delivered. "Citizens are more empowered and aware of their rights. The GDPR enhances transparency and gives individuals enforceable rights, such as the right of access, rectification, erasure, the right to object and the right to data portability Individuals also have the right to lodge a complaint with a data protection authority and to seek an effective judicial remedy." Today, around 69% of the population above the age of 16 in the EU are said to have heard about the GDPR and 71% of people about their national data protection authority, according to results published in a survey from the EU Fundamental Rights Agency. "The GDPR has empowered individuals to play a more active role in what is happening with their data in the digital transition." While GDPR has been widely celebrated - and even mirrored in some countries, like the United States with the California Consumer Privacy Act - it's also clear that the EU needs to take additional steps to make it a more effective deterrent, according to Chris Harris, EMEA technical director at Thales. "Since its inception, there has been murmurs about its effectiveness, due to lack of clarity on compliance and fears around the resources and power each data protection authority (DPA) has to track and investigate the number of breaches that occur in their country. This is something that should have been sorted from the start, and not something that we are still talking about more than two years later - four plus, if you include the transition period!" Harris acknowledges that there have been some hefty fines justifiably dished out, which have caught the headlines and impressed. But he also points to how, as organisations continue to digitally transform, the lack of clarity around new technologies like blockchain and AI is actually mostly hitting law-abiding companies that are just trying to be compliant. "We need to ensure GDPR operates as the protective bubble around personal information that we all want, without restricting the innovation and development that the world needs from these disruptive technologies. "Smaller companies may have found compliance harder, not only due to the complexity and potentially onerous nature of the requirements, but because many vendors with GDPR-focused solutions were understandably scaling their offerings for the larger organisations. With a continued increase in the migration to the cloud, this has perhaps now become simpler with the advent of solutions such as cloud-agnostic key management solutions and subscription-based data-protection-on-demand services." In order to be truly effective, the EU needs to give clearer instructions on how to be compliant that are consistent across each country, he adds, "while giving local DPAs more resources to pursue heavy penalties against companies that are intentionally putting their customers' data at risk". Chris Harris, Thales: we need to ensure GDPR operates as the protective bubble around personal information. www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2020 computing security 31
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment TIME TO TAKE GDPR UP A GEAR
Page 5 and 6: Pragmatic and experienced risk mana
Page 7 and 8: editor's focus "Well trained staff
Page 9 and 10: health monitoring within the compan
Page 12 and 13: smishing SMISH, SMASH, BASH! A RELA
Page 14 and 15: smishing scams, while the Associati
Page 16 and 17: industry insights THE NEW ORDER IS
Page 18 and 19: mergers & acquisitions HITTING THE
Page 20 and 21: Data privacy BEYOND THE EU-US PRIVA
Page 22 and 23: contact tracing WE HAVE CONTACT THE
Page 24 and 25: contact tracing smartphones in mind
Page 26 and 27: hacking surge HACKERS FOR HIRE HACK
Page 28 and 29: hacking surge Adrian Rowley, Gigamo
Page 32 and 33: gender inequality TIME TO REBALANCE
Page 34 and 35: gender inequality equates to - and
Page 36: NEW Sensitive Data Discovery and Re

CS Nov-Dec 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?