Weekly News Digest #45

COVID-19 pandemic: data breach costs experienced by enterprises have reached a record high

According to the estimates provided by IBM, the average cost of a data breach now amounts to over $4 million and the dramatic increase compared to previous estimates is attributable to the COVID-19 pandemic. For example, compared to 2020, this figure has increased by 10%. When speaking about so-called “mega” breaches affecting large corporations, the average cost of a data breach now amounts to over $400 million. The key reasons behind a huge increase in the cost of a data breach for companies during the COVID-19 pandemic are remote work and the need to increase operational speeds. 

The most widespread attack vector for enterprises facing data breaches was compromised credentials. Hackers could either obtain data by carrying out brute force attacks or found them online. On average, companies needed 287 days to detect a data breach. When speaking about sectors, the data breaches affecting healthcare organizations were the most expensive. The companies that have actively integrated security solutions based on AI, machine learning, and encryption could significantly mitigate the losses experienced as the result of data breaches.

Read more

Windows internet-facing servers targeted by “Praying Mantis” threat actor

A new threat targeting Windows internet-facing servers is almost completely operating in-memory. The information about this threat actor is provided in the report prepared by the Sygnia Incident Response team. The new threat actor has been actively applying deserialization attacks to load malware platform tailored for the Windows IIS environment. The security researchers called the threat actor “Praying Mantis” or “TG1021”. The toolset applied by the new malicious actor is volatile and leaves no trace on infected targets by being reflectively loaded into the affected machines’ memory. 

“Praying Mantis” exploited internet-facing servers to compromise victims’ networks. According to the information provided by Sygnia, the threat actor is well equipped with 0-day exploits and is familiar with the Windows IIS platform. Any HTTP requests received by the server are intercepted and handled by the core component loaded onto Internet-facing IIS servers. The new threat actor can also carry out network reconnaissance and elevate privileges. 

Read more

Biden Administration is focused on obliging businesses to disclose ransomware attacks

Biden Administration has openly supported the congressional legislation that would require businesses to disclose information about experienced data breaches including ransomware attacks that are actively targeting the element of the US critical infrastructure. Currently, the members of congress are advancing over dozens of bills as a response to the recent intensification of ransomware attacks against US covered entities. According to the Judiciary Committee Chairman Dick Durbin, the congressional initiative will get bipartisan support. 

The Cyber Incident Notification Act of 2021 would require entities such as federal agencies, critical infrastructure operators, and contractors to report a government on a cyber breach within 24 hours of its occurrence. The entities reporting on breaches would be granted limited immunity. Voluntary reporting on breaches does not work effectively and that is why the federal standard is required. Over the past year, ransomware attacks surged by more than 300%. The bill is aimed at mitigating the scope of security threats.

Read more

Hacking dangers in wake of China cyber attacks – warning by Five Eyes

Australia’s premier cybersecurity agency and its “Five Eyes” partners have joined forces to issue unprecedented warning about security flaws actively exploited by malicious actors in the wake of a series of hacks initiated by hackers from China. Australia’s premier cybersecurity agency and its sister agencies in New Zealand, Canada, Britain, and the United States have released advice on the top 30 security weaknesses exploited by malicious actors over the past 18 months. 

The advice was released in response to a wave of hacking incidents orchestrated by China’s Ministry of State Security that paid solid rewards to hacking groups targeting large companies for extorting millions of USD. The first place in the list developed by the agencies is held by the Microsoft exchange software attack that has allowed malicious actors to access the email systems of thousands of users in Australia and other countries.

Read more 

“Exotic” programming languages are actively used by malware makers

Rarely spotted programming languages like DLang, Nim, Rust, and Go are actively used by malware authors to develop new tools. According to the report provided by BlackBerry Research and Intelligence team, these four languages are becoming increasingly used. Malicious actors adopt these languages to rewrite known malware families. The increasing number of droppers and loaders are written in rare languages. These tools are used to decode, load, and deploy commodity malware such as Cobalt Strike, NanoCore Remote Access Trojans (RATs), and Remcos. 

The use of new and rare programming languages allows malicious actors to be a step or even a few steps ahead of protection tools. Malicious actors actively utilize the potential of new technologies. Also, the use of new languages allows malware authors to protect themselves against possible exploitation. 

Read more