Page 12 - Threat Intelligence 8-16-2019
P. 12

Internal Threats











              LokiBot malware now hides its source code in image files - The LokiBot malware family has been
              given a significant upgrade with the ability to hide its source code in image files on infected
              machines. Known as steganography, the technique is used to hide messages or codes within
              various file formats, including .txt, .jpg, .rtf, and some video formats. While this practice can be
              implemented for legitimate purposes, attackers can also embed files with triggers to hide source
              code and malware functionality. During recent campaigns, the variant has hidden encrypted
              binaries inside .png files, found within malicious archive files attached to phishing emails.
                      Source: https://www.zdnet.com/article/lokibot-information-stealer-now-hides-malware-
                      in-image-files/



              Researchers uncover over 35 vulnerabilities in six leading enterprise printers -NCC Group
              researchers have uncovered significant vulnerabilities in six commonly used enterprise printers,
              highlighting the vast attack surface that can be presented by internet-connected printers. The
              issues varied in severity. The potential impact of exploiting them ranged from denial of service
              attacks that could lead to the crash of printers, the addition of backdoors within compromised
              printers to maintain attacker persistence on a corporate network, through to snooping on every
              print job sent to vulnerable printers and the ability to forward them to an external internet-based
              attacker.
                      Source: https://www.helpnetsecurity.com/2019/08/08/vulnerabilities-enterprise-printers/



              GermanWiper isn’t ransomware. It’s worse than that - The tech press is full of stories about “a
              new ransomware strain” called GermanWiper, that has hit German businesses hard in the last
              week. GermanWiper, rather like a typical ransomware attack, arrives in your inbox in the form of
              an email. In this case samples have been seen purporting to be a job application from a person
              called Lena Kretschmer.
                      Source: https://www.grahamcluley.com/germanwiper-isnt-ransomware-its-worse-than-
                      that/



              Why remote workers are an underrated security risk for small businesses - In a new survey from
              insurance giant Nationwide, just 4% of business owners said they implemented all of the
              cybersecurity best practices and recommendations from the U.S. Small Business Administration.
              "Many employees may not realize the magnitude of risk associated with a cyberattack as they
              may not have engaged in a formal training process," said Catherine Rudow, Nationwide's vice
              president of cyber insurance, in a press release. "The scary truth is that many small business
              owners, even if they are aware of these risks, have not implemented all the proper measures of
              protection."
                      Source: https://www.techrepublic.com/article/nationwide-survey-finds-remote-workers-
                      are-underrated-security-risk-for-small-businesses/


                                                    www.accumepartners.com
                                                                                                                    12
   7   8   9   10   11   12   13   14   15   16   17