Saturday Security Spotlight: Cryptomining, AWS, and O365

This post was originally published here by Ā Jacob Serpa.

Here are the top cybersecurity stories of recent weeks:

  • Malicious cryptomining the top cybercrime
  • New details emerge on unsecured AWS buckets
  • Data Keeper ransomware begins to spread
  • Office 365 used in recent mass phishing attacks
  • SgxSpectreĀ attacking Intel SGX enclaves

Malicious cryptomining the top cybercrime

Since September of 2017,Ā malicious cryptomining has been the most commonly detected cybercrime. WithĀ cryptocurrenciesĀ growing in value, hackers have increasingly altered their attacks so that victims’ devices can be hijacked to mine Bitcoin, for example. Desktops,Ā mobile devices, andĀ organizations as a wholeĀ have fallen prey to these attacks.Ā 

New details emerge on unsecured AWS buckets

Over the last few moths, unsecuredĀ AWSĀ instances have left many organizations vulnerable and, in some cases, have led to breaches.Ā New research by HTTPCSĀ found a variety of information about the rate at which enterprises’ AWS buckets are misconfigured to allow public access. 20% of public AWS S3 buckets can even be edited by the public at large.Ā 

Data Keeper ransomware begins to spread

Data KeeperĀ is a newĀ ransomwareĀ as a service (RaaS) that is quickly growing in popularity. RaaS typically functions by providing malicious parties (customers on the dark web) with prebuilt platforms that they can use to spread infections andĀ hold users’ data for ransom.Ā In the case of Data Keeper, there were only two days between its creation and the first reported infections.Ā 

Office 365 used in recent mass phishing attacks

Phishing attacks are constantly being refined to improve their success rates. In recent weeks, phishing emails disguised as tax-related messages from the government haveĀ included Office 365 attachmentsĀ in an effort to appear more legitimate. Unfortunately, the strategy has been fairly effective ā€“ numerous users have opened the documents and unknowingly surrendered their credentials.Ā 

SgxSpectre attacking Intel SGX enclaves

The recent Meltdown and Spectre attacks caused great concern throughout the business world, but proved unable to infiltrateĀ Intel’sĀ SGX (Software Guard eXtensions) enclaves. Unfortunately, the more recentĀ SgxSpectreĀ is capable of invading said enclaves and stealing information such as passwords,Ā encryption keys, and more.Ā 

Few security tools are capable of handling the breadth of cyberattacks faced by cloud-first organizations. As such, the enterprise must research advanced solutions likeĀ cloud access security brokers. To learn more about theseĀ next-gen security solutions, download the Definitive Guide to CASBs.Ā 

Photo:CIO East Africa

Ad

No posts to display