Expert(s):
Senior Security Engineer and Malware Researcherfeature_status*/ ?>
DomainTools

Comments Dotted : 19
October 01, 2020

Experts Comments On Kylie’s Cosmetics Security Incident
People whose data was stolen should now be careful about what they receive via mail.
We should expect more brands to get in touch with their customers notifying them about their data being compromised in the recent Shopify breach. Caused by two rogue employees, there was little that Shopify could have done to prevent this, other than perhaps vetting their new hires a little more thoroughly. Even so, however, the risk of something like this happening would not have been reduced down to zero. Kylie Jenner’s cosmetics company followed due process in informing its customers of.....Read More
We should expect more brands to get in touch with their customers notifying them about their data being compromised in the recent Shopify breach. Caused by two rogue employees, there was little that Shopify could have done to prevent this, other than perhaps vetting their new hires a little more thoroughly. Even so, however, the risk of something like this happening would not have been reduced down to zero. Kylie Jenner’s cosmetics company followed due process in informing its customers of this security breach. People whose data was stolen should now be careful about what they receive via mail. The last four digits of a credit card may not be used to steal funds, but could be a valuable piece of information for anyone looking to design a sophisticated spear-phishing type fraud.  Read Less
September 24, 2020

Shopify sees malicious employees steal merchant data: Security expert commentary
It is better to accidentally terminate a legitimate session than to allow an insider attack to continue undisturbed.
Cybersecurity awareness is effective against human error, but can do nothing about this type of intentional human compromises. Vetting employees before granting them access to sensitive servers is one option, although it will never reduce the risk down to zero. Another is ensuring access to documents and sensitive data is restricted and only granted on a 'need to know' basis. Security efforts in this type of scenario need to be reactive: teams need to have the right systems in place to detect.....Read More
Cybersecurity awareness is effective against human error, but can do nothing about this type of intentional human compromises. Vetting employees before granting them access to sensitive servers is one option, although it will never reduce the risk down to zero. Another is ensuring access to documents and sensitive data is restricted and only granted on a 'need to know' basis. Security efforts in this type of scenario need to be reactive: teams need to have the right systems in place to detect unusual activity in their networks and flag it immediately as suspicious. It is better to accidentally terminate a legitimate session than to allow an insider attack to continue undisturbed. Hopefully, the joint efforts of the FBI and Shopify will help determine how the breach occurred and, most importantly, who were the affected parties that will need to be notified.  Read Less
September 10, 2020

Expert Reaction On News Of Russian State Hackers Targeting Biden Campaign
it would be a good idea for all the organisations involved to refresh their staff's cyber awareness training ahead of the next few months.
As we approach November, it is very likely that we will see an uptick in foreign state-sponsored attempts to sway the democratic process. The fact that there was an attempt to compromise SKDK's network but that the cyber defences in place were sufficient to spot and block the attack is certainly a good sign. We must also remember, however, that very often all it takes for an incident to happen is an employee to click on the wrong link - it would be a good idea for all the organisations involved .....Read More
As we approach November, it is very likely that we will see an uptick in foreign state-sponsored attempts to sway the democratic process. The fact that there was an attempt to compromise SKDK's network but that the cyber defences in place were sufficient to spot and block the attack is certainly a good sign. We must also remember, however, that very often all it takes for an incident to happen is an employee to click on the wrong link - it would be a good idea for all the organisations involved to refresh their staff's cyber awareness training ahead of the next few months.  Read Less
September 08, 2020

Experts On News State Bank Of Chile Shuts All Branches After REvil Ransomware Attack
BancoEstado should also be preparing for double-extortion ransomware.
It is easy to feel disheartened by the number of times we still see attacks take place because of a phishing email. The sad reality is that cybersecurity awareness training – while dramatically improving employees’ ability to spot a malicious message – doesn’t offer complete protection: there is always a chance that a particularly well crafted scam will get through email filters and will trick even the more savvy of users. In these circumstances, BancoEstado’s Incident Response.....Read More
It is easy to feel disheartened by the number of times we still see attacks take place because of a phishing email. The sad reality is that cybersecurity awareness training – while dramatically improving employees’ ability to spot a malicious message – doesn’t offer complete protection: there is always a chance that a particularly well crafted scam will get through email filters and will trick even the more savvy of users. In these circumstances, BancoEstado’s Incident Response team will have to deal with the fallout and try to minimise the consequences. BancoEstado should also be preparing for double-extortion ransomware, which exfiltrates your data before encrypting it. This essentially turns ransomware attacks into data breaches, too; It is entirely possible that this will be the next step that attackers will take to maximise their profits.  Read Less
August 28, 2020

Android Users Warned About 40 Malware-ridden Apps That Entice You With Free Trainers
if something seems too good to be true, it probably is: Users should take notice of the applications listed as malicious
This discovery of 40 applications in Android which aim to distribute malware are simply the next in a long line of mobile applications being used to distribute malware of all kinds. It was recently discovered that at the height of the pandemic a Covid19 tracker app was hiding ransomware within, luring in unassuming bystanders hoping to keep track of the spread of Covid19. This use of ‘free trainers’ as a lure is another example of how cybercriminals attempt to gain access to an.....Read More
This discovery of 40 applications in Android which aim to distribute malware are simply the next in a long line of mobile applications being used to distribute malware of all kinds. It was recently discovered that at the height of the pandemic a Covid19 tracker app was hiding ransomware within, luring in unassuming bystanders hoping to keep track of the spread of Covid19. This use of ‘free trainers’ as a lure is another example of how cybercriminals attempt to gain access to an individual’s device. The key thing to remember here is that if something seems too good to be true, it probably is: Users should take notice of the applications listed as malicious, and also ensure they research any applications they are planning to download in advance of installation – Looking at the amount of downloads for example can be a good indication of legitimacy.  Read Less
July 27, 2020

Experts Insight On FinTech Unicorn Dave Data Breach
It is essential for companies to design their environment with least privilege in mind.
This breach demonstrates the importance of vetting third parties and implementing security best practices across the entire supply chain. This is not the first time nor will it be the last that cybercriminals circumvent an organisation’s security measures by individuating the weakest link and exploiting it as an entry point. It is essential for companies to design their environment with least privilege in mind and to review the access permissions they grant on a regular basis. Dave users.....Read More
This breach demonstrates the importance of vetting third parties and implementing security best practices across the entire supply chain. This is not the first time nor will it be the last that cybercriminals circumvent an organisation’s security measures by individuating the weakest link and exploiting it as an entry point. It is essential for companies to design their environment with least privilege in mind and to review the access permissions they grant on a regular basis. Dave users whose details might be included in the database of stolen credentials should be cautious of any email they receive, no matter how legitimate the message might look. The wealth of personal information included in the database means that attacks could be designed to be extremely convincing, which is why users are encouraged to type URLS in their browser rather than following a link.  Read Less
July 22, 2020

Telecom Argentina Hit with $7.5 Million Ransom – Expert Commentary
The infection that this phish brought can now spread from PC to other networked devices.
The majority of spam emails, and clearly the one on which a Telecom employee, unfortunately, click on, have the goal of getting the victim to infect their own computer with malware. “Soft targeted” email is often the vessel for malicious attachments—for instance, an email may be sent to an HR employee with a .pdf of a job seeker’s resume. In actuality, the resume is an attachment that contains embedded ransomware or malware. In these instances, the infection that this phish brought can.....Read More
The majority of spam emails, and clearly the one on which a Telecom employee, unfortunately, click on, have the goal of getting the victim to infect their own computer with malware. “Soft targeted” email is often the vessel for malicious attachments—for instance, an email may be sent to an HR employee with a .pdf of a job seeker’s resume. In actuality, the resume is an attachment that contains embedded ransomware or malware. In these instances, the infection that this phish brought can now spread from PC to other networked devices—including the cloud. It is purported that 88 percent of phishing emails contain ransomware attachments, according to Proofpoint’s “2020 State of the Phish Report.” The good news is that cybersecurity awareness training across all departments can significantly reduce the likelihood of an employee clicking on the wrong link or opening the wrong attachment. The bad news is that the risk will never be reduced to zero and that cybercriminals many use many other creative techniques to make their way into the network and deploy ransomware from there. This further goes to show how much security should be a holistic effort.  Read Less
July 20, 2020

Europe’s Largest Mobile Operator Orange Hit by Ransomware Attack – Expert Commentary
This ransomware attack to Orange is just the latest of a long line of attacks to show how profitable these operations are for cybercriminals.
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should .....Read More
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should be notified. In that sense, Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks – e.g. changing the password of their accounts and looking out for potential phishing/spear-phishing emails.  Read Less
July 17, 2020

Experts Insight On Major US Twitter Accounts Hacked in Bitcoin Scam
It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam.
In post-exploitation scenarios, we can understand what the attackers' motives are. In this case, these attackers are an outwardly financially motivated group leveraging some of the most popular Twitter accounts in a simple cryptocurrency scam. It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam. We can, and should, expect this attack group to take full advantage of their admin-level access to Twitter's platform .....Read More
In post-exploitation scenarios, we can understand what the attackers' motives are. In this case, these attackers are an outwardly financially motivated group leveraging some of the most popular Twitter accounts in a simple cryptocurrency scam. It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam. We can, and should, expect this attack group to take full advantage of their admin-level access to Twitter's platform and assume that these impacted accounts also had their private direct messages stolen. Private message data can potentially have a huge impact on extorting those individuals or contain other highly personal or sensitive secrets. I think we're going to see a large ripple effect from this breach for a while to come.  Read Less
July 02, 2020

TrickBot Malware Now Checks Screen Resolution To Evade Analysis – Expert Reaction
It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools.
TrickBot is a financial trojan that typically gets dropped by a maldoc spam campaign. It harvests credentials through the Mimikatz tool, using the man-in-the-browser technique and what not. It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. Their usual move of sending spam mailers tied to current events and try to get people to open documents and enable macros that then drop the next payload. This latest.....Read More
TrickBot is a financial trojan that typically gets dropped by a maldoc spam campaign. It harvests credentials through the Mimikatz tool, using the man-in-the-browser technique and what not. It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. Their usual move of sending spam mailers tied to current events and try to get people to open documents and enable macros that then drop the next payload. This latest development which checks whether the malware is being analysed via checking screen resolution will make it even more difficult for security teams to detect and mitigate the effects of TrickBot. The best advice for employees is to exert extreme caution when downloading anything that seems suspicious in over to avoid malware exfiltration in the first place.  Read Less