BF-SIRT Newsletter 2017-33

This weeks top stories is that Maersk Shipping reports $300m loss stemming from NotPetya attack, which hopefully will help decision makers understand that infosec is not pure cost. To follow up that some attackers seem to be searching for softer targets, Checkpoint has a nice case study on the real identity behind a wave of cyber attacks on energy, mining and infrastructure companies worldwide. AP is also running a story on how attackers are looking to shut down factories for pay, but it could also be a general ransomware-story, either way it shows how infosec can be an investment.

There are a couple of stories related to DDoS this week, Imperva Incapsula reports to have witnessed the emergence of a new assault pattern, which they have come to call a “pulse wave” DDoS attack(“audio autoplay”-link) where the attacker split resources to hit more targets utilizing same amount of bandwith, and Talos has a nice writeup about the rise of chinese online DDoS platforms.

Also Paloalto Networks threat research unit Unit42 has been looking into attacker infrastructure, and was lead down a rabbit hole while investigating malware utilizing PowerShell, uncovering malicious infrastructure supporting Chthonic, Nymaim, and other malware and malicious websites.

There has been several examples of supply chain attacks in the last few weeks, Proofpoint analyzes one specific compromise of a Chrome extension, but report that several other extensions has been modified using the same modus operandi by the same actor. Also, researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang’s server management software called Xmanager, dubbed it ShadowPad.

In other news, USB connections are found to leak information between each other, making that public airport USB-charger even more capable, surreptitiously.

The new NIST draft embeds privacy into US govt security for the first time, showing that there indeed is a solid connection between infosec and privacy.

London council ‘failed to test’ parking ticket app, exposed personal info and got fined for it, even though there never was any actual leak performed.

Top 5 Security links
Maersk Shipping Reports $300m Loss Stemming from NotPetya Attack
Attackers Use DDoS Pulses to Pin Down Multiple Targets
Creepy backdoor found in NetSarang server management software
New NIST draft embeds privacy into US govt security for the first time
USB connections make snooping easy