Everyone, including bad actors, are back from holiday this month. Action in the cybersecurity realm is slowly picking up, for better and for worse—read on for the news we’ve been watching and sharing this month.
2021 Has Broken the Record For Zero-Day Hacking Attacks
This year, cybersecurity defenders have found the highest number of zero-day hacking attacks ever, and all this before the year is even up. 66 zero-days have been found in use this year, according to databases such as the 0-day tracking project—almost double the total for 2020, and more than in any other year on record. The reasons are nuanced, but hacker tools are more widely available than ever and the spotlight is on these vulnerabilities as cybersecurity becomes a more mainstream concern.
“This piece of news makes it clear that threats keep increasing. It does not seem this is going to change in a foreseeable future, so companies should increase their budget in order to fight against them.” — Fernando, Founder
Source: Technology Review September 24
HCRootkit / Sutersu Linux Rootkit Analysis
Lacework Labs recently examined a new publicly shared rootkit, identifying its core capabilities and level of threat it represents to Linux hosts. The rootkit was first shared by Avast, which triggered Lacework Labs to confirm coverage and investigate further. Our analysis below provides insight into the installer (droppers), in addition to the Kernel module and userland samples dropped. In this article they build on top of the findings from Avast, share an analysis, and provide defenders with detection options in the form of Yara rules and IOCs.
“This Linux Rootkit Analysis includes dropper, Kernel module and userland component. The rootkit has capabilities to hide files, network and processes among others….the article includes IOCs and Yara rules for detection.” — Alonso, Security Software Engineer
Source: Lacework, September 25
They’re Back…Notorious Russian Ransomware Group ‘REvil’ Has Reappeared
REvil disappeared without explanation in June, but this month they returned to the dark web. The infamous criminal ransomware group behind the JBS SA cyberattack is among the most prolific cyber gangs to hold data for ransom. The group operates from Russia, according to cybersecurity firms and the U.S. government, and is accused of leading a flurry of attacks this year against companies and organizations, including JBS.
“Any person that works on cybersecurity should be aware of this development. REvil is a very active threat actor and companies should do their best to protect against them.” — Member of the Development Team
Source: Bloomberg, September 8
French Defense Wants to Strengthen its Cyber Combatant Troops
Europe is joining other global countries in placing emphasis on their cybersecurity response. The Ministry of the Armed Forces has increased the number of “cyber combatants” they plan to recruit by 163%. France affirmed their mission to become a champion of cybersecurity, reaching 5000 people in their cyber troops by 2025.
“With the attacks to SolarWind and Microsoft, France has seen that the “new wars” will be carried out in cyberspace. Cyberwars need “cybersoldiers” and, seeing that that “war” is coming quicker than expected, French Government has decided to increase the number of “cybersoldiers” forecasted for the next 4 years.This increase demonstrates an awareness of the increasing vulnerability of our societies and the need to face it and take action.” – Alex Oier, Legal Specialist
Source: The Canadian, September 8
Hackers Breached Computer Network At Key US Port But Did Not Disrupt Operations
The Port of Houston was breached by a suspected foreign government-backed hacker recently. One of the largest ports on the US Gulf Coast, it was hacked using stolen log-in credentials. 247 million tons of cargo pass through the port each year, and a hack could have gravely affected port operations.
“Luckily, they managed to detect the attack before it got worse. Protecting critical national infrastructure is so important, and deception technology is one of the best ways to detect breaches on an early stage or even before the breach has happened at all.” – Fernando, Founder
Source: CNN, September 24