Saturday Security Spotlight: Cryptomining, AWS, and O365


This post was originally published here by  Jacob Serpa.

Here are the top cybersecurity stories of recent weeks:

  • Malicious cryptomining the top cybercrime
  • New details emerge on unsecured AWS buckets
  • Data Keeper ransomware begins to spread
  • Office 365 used in recent mass phishing attacks
  • SgxSpectre attacking Intel SGX enclaves

Malicious cryptomining the top cybercrime

Since September of 2017, malicious cryptomining has been the most commonly detected cybercrime. With cryptocurrencies growing in value, hackers have increasingly altered their attacks so that victims’ devices can be hijacked to mine Bitcoin, for example. Desktops, mobile devices, and organizations as a whole have fallen prey to these attacks. 

New details emerge on unsecured AWS buckets

Over the last few moths, unsecured AWS instances have left many organizations vulnerable and, in some cases, have led to breaches. New research by HTTPCS found a variety of information about the rate at which enterprises’ AWS buckets are misconfigured to allow public access. 20% of public AWS S3 buckets can even be edited by the public at large. 

Data Keeper ransomware begins to spread

Data Keeper is a new ransomware as a service (RaaS) that is quickly growing in popularity. RaaS typically functions by providing malicious parties (customers on the dark web) with prebuilt platforms that they can use to spread infections and hold users’ data for ransomIn the case of Data Keeper, there were only two days between its creation and the first reported infections. 

Office 365 used in recent mass phishing attacks

Phishing attacks are constantly being refined to improve their success rates. In recent weeks, phishing emails disguised as tax-related messages from the government have included Office 365 attachments in an effort to appear more legitimate. Unfortunately, the strategy has been fairly effective – numerous users have opened the documents and unknowingly surrendered their credentials. 

SgxSpectre attacking Intel SGX enclaves

The recent Meltdown and Spectre attacks caused great concern throughout the business world, but proved unable to infiltrate Intel’s SGX (Software Guard eXtensions) enclaves. Unfortunately, the more recent SgxSpectre is capable of invading said enclaves and stealing information such as passwords, encryption keys, and more. 

Few security tools are capable of handling the breadth of cyberattacks faced by cloud-first organizations. As such, the enterprise must research advanced solutions like cloud access security brokers. To learn more about these next-gen security solutions, download the Definitive Guide to CASBs. 

Photo:CIO East Africa


No posts to display