Story image

Cryptocurrency, certificates, cloud malware and cyber guidelines - how 2018 is shaping up

07 Mar 18

Three months into 2018 and it's looking like a bumpy year ahead for cybersecurity, with cryptocurrency and fake certificates threatening to be the new 'bad threats'. Horangi Cyber Security's head of CyberOps Lim Quan Heng gives us the details.

1. Counterfeit code-signing certificates are now being custom-created

Recorded Future has found that code signing and SSL certificate services are “widely available” on the dark web, from reputable companies such as Comodo, Thawte, Symantec and Apple. These certificates can be created on request, and are believed to be done using stolen corporate identities. Malicious users will be able to use these certificates to obfuscate their payloads, as the certificates are registered using information of legitimate business owners.

Several prominent attacks in the recent past have utilized payloads in legitimately signed binaries, such as backdoors in NetSarang’s Server management Software, M.E.Doc accounting software in Ukraine, and CCleaner, highlighting the effectiveness of such efforts. It is not clear exactly when the compromise happened in some of the above examples. 

In addition, a trial by Recorded Future with encrypted, unreported Remote Access Trojan showed that while 8 antivirus products detected the unsigned payload, only 2 detected the signed copy. 

These services are relatively expensive, and would unlikely be widely used. However, they are expected to have an effect in network appliances performing detection of deep packet inspection and host based controls checking code signing certificates.

2. In Singapore, cyber security guidance and regulations continue to mature

Singapore passes a bill designed to ensure protection of critical infrastructure, as well as ensuring the competency of service providers for penetration testing and managed security operations center monitoring. Some industry sectors have existing guidelines and regulations, and this new bill highlights the importance of implementing security principles early to reduce cost and issues arising later.

The Securities and Exchange Commission issues a guidance which states that: "Public companies should have policies and procedures in place to (1) guard against directors, officers, and other corporate insiders taking advantage of the period between the company's discovery of a cybersecurity incident and public disclosure of the incident to trade on material nonpublic information about the incident, and (2) help ensure that the company makes timely disclosure of any related material nonpublic information."

While not directly addressing cybersecurity issues, this forces attention of company executives towards their cybersecurity risks and efforts.

Meanwhile, the European Union’s General Data Protection Regulation comes into effect on May 25. The GDPR is widely acknowledged as one of the most impactful and far reaching regulations, potentially having cascading effects on companies worldwide on how data is collected and managed. GDPR also signals a trend with privacy related regulations among governments worldwide.

3. Malware found in common cloud platforms

Bitglass threat research found that 44 percent of organizations they had scanned had malware in their cloud applications. Even with built in malware protection for applications such as Google Drive, Box, Dropbox or OneDrive, the average infection rate was still higher than 33 percent. This highlights a gap in popular enterprise cloud storage solutions, and malware solutions that are generally relied on as the first line of defense.

4. Cryptocurrency driving new form of malware

While not a new trend, there has been increasing instances where business operations have been impacted by mining tools installed on their servers and other systems. Check Point estimates that the JavaScript-able Coinhive mining tool has affected 23% of companies worldwide. With a new method for monetization, malware leveraging on traditional exploits such as  Eternal Blue have been found in the wild infecting computers as part of a mining network.

5. Survey shows continuing disconnect between CEOs and technical officers

It is not unheard of that concerns with cybersecurity differ between C-level officers. A recent survey by Dow Jones Customer Intelligence highlights this misalignment, with attention placed on server-focused solutions, while “human” solutions such as multi-factor authentication and credential management. The study also shows that CEOs have reduced visibility on incidents their company has faced, with technical officers stating higher numbers.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).