By OptionOne Technologies
We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.
MyloBot Botnet Infecting Over 50,000 Devices Daily
A sophisticated botnet known as MyloBot has compromised thousands of systems in countries like India, the U.S., and Indonesia, The Hacker News reported. According to cybersecurity rating company BitSight, it is “currently seeing more than 50,000 unique infected systems every day,” down from a high of 250,000 in 2020.
MyloBot emerged in 2017 and was first documented by Deep Instinct in 2018. The botnet is known for its anti-analysis techniques and its ability to function as a downloader. The botnet can download and execute any type of payload after it infects a host, so an attacker could effectively download any type of malware they want after a system is compromised.
MyloBot employs a multi-stage sequence to unpack and launch its bot malware. To avoid detection, it sits idle for 14 days before attempting to contact the C2 server.
Researchers believe MyloBot is part of “something bigger,” according to the article. A reverse DNS lookup of one of the IP addresses associated with the botnet’s C2 infrastructure revealed ties to a domain named clients.bhproxies[.]com.”
Cyberthreats Mount for Financial Industry
The cybersecurity landscape for financial institutions (FIs) and financial technology (fintech) firms continues to heat up, DarkReading reported. In 2022, DDoS attacks targeting financial firms increased by 22% worldwide compared to the previous year. European financial institutions saw a 73$ increase in DDoS attacks.
Teresa Walsh, global head of intelligence at the FS-ISAC says FIs need to gauge “the potential for DDoS attacks to be used as a decoy for more damaging cyber activities, such as the infiltration of systems and the installation of malware.” Although DDoS attacks don’t tend to cause long windows of downtime due to FI’s robust security and backup systems, “the same practices are not as readily available for DDoS used as a smokescreen,” says Walsh.
Ransomware is also becoming more destructive, as many nation-state actors are taking sides in the Russia-Ukraine war. Attackers are using cybercriminal services to launch more specialized and sophisticated operations against FIs.
DarkReading suggests FIs must quickly move to secure payment technologies. They must also expand their definitions of cybersecurity and cybercrime into new categories, and make their information infrastructures more resilient.
Cyber Arms Race and Economic Headwinds Among Top Risks for 2023
A recent report by the Bipartisan Policy Center has highlighted eight macro cybersecurity risks that are top-of-mind among decision-makers in 2023. According to a report by CSO Magazine, chief among executives’ challenges is simply identifying and comprehending today’s cybersecurity risks.
Decision-makers are also concerned about the evolving geopolitical environment, the accelerating cyber arms race, and global economic headwinds.
“One of the biggest challenges we often face is having a strategic discussion and understanding of what that risk landscape looks like,” Jamil Farshchi, executive VP and CISO of Equifax and one of the working group co-chairs, tells CSO. “So, the goal was to be able to help define that.”
“We ended up pulling together an all-star cast of security professionals from a variety of different walks of life. We wanted to get a good macro view from not just the CSO constituent group, but also folks in multiple different disciplines and capacities,” including then-sitting congressman and cybersecurity leader Jim Langevin (D-RI).
The report does not offer possible solutions to these challenges.
“We didn’t want to have explicit solutions in place in this document because we feel like each organization is going to have a tailored control set,” Farshchi says. “They’re going to have their own remediation plans and approaches to different things.”
GoDaddy Announces Source Code Theft
Web hosting company GoDaddy has revealed that an unauthorized party gained access to its servers and installed malware, causing redirections of customer websites, Infosecurity Magazine reported. The attack occurred in early December 2022. The company says it “remediated the situation and implemented security measures in an effort to prevent future infections.”
GoDaddy has confirmed the attack was executed by “a sophisticated and organized group” after working with law enforcement. The apparent goal of the group was to infect websites and servers with malware for phishing campaigns, malware distribution, and other activities.
Apple Fixes Another Zero-Day Bug
Apple released updates for all supported Macs and mobile devices on February 14th to address a zero-day spyware implant bug, Naked Security by Sophos reported. The bug is a flaw in Apple’s WebKit component that’s described as “Processing maliciously crafted web content [that] may lead to arbitrary code execution.”
According to the report, Naked Security by Sophos believes “Apple is aware of a report that this issue may have been actively exploited.”
Mobile devices still using iOS 15 and iOS 12 were not patched. However, it isn’t known whether that’s because those versions are immune to the bug or Apple hasn’t gotten around to patching them yet.
According to a report by CIO Magazine, it’s a good idea to regularly reset passwords and rethink your password management strategy. Here are a few recommendations from the report:
- Make password resolutions: the longer passwords go without being updated; the more chance they have of being exposed. Passwords that are three to five years old are much more likely to be out there in the wild, even if you use nothing but sticky notes. Make it a resolution to update all your passwords at least once a year.
- Manage employee access: Do continuous employee training to help your teams avoid being taken advantage of by phishing and malware attacks. Studies from 2022 show that employee errors caused either 88% or 95% of data breaches.
- Monitor access to your cloud environment: Breaches can occur at cloud service organizations—one did occur at AWS in May 2022. Limiting access is important not just for improved security, but also for cost reduction.
By taking a proactive stance on cybersecurity, you can significantly reduce the chances of a security breach.
Thanks for Reading
That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.