Story image

Cryptocurrency, certificates, cloud malware and cyber guidelines - how 2018 is shaping up

07 Mar 2018

Three months into 2018 and it's looking like a bumpy year ahead for cybersecurity, with cryptocurrency and fake certificates threatening to be the new 'bad threats'. Horangi Cyber Security's head of CyberOps Lim Quan Heng gives us the details.

1. Counterfeit code-signing certificates are now being custom-created

Recorded Future has found that code signing and SSL certificate services are “widely available” on the dark web, from reputable companies such as Comodo, Thawte, Symantec and Apple. These certificates can be created on request, and are believed to be done using stolen corporate identities. Malicious users will be able to use these certificates to obfuscate their payloads, as the certificates are registered using information of legitimate business owners.

Several prominent attacks in the recent past have utilized payloads in legitimately signed binaries, such as backdoors in NetSarang’s Server management Software, M.E.Doc accounting software in Ukraine, and CCleaner, highlighting the effectiveness of such efforts. It is not clear exactly when the compromise happened in some of the above examples. 

In addition, a trial by Recorded Future with encrypted, unreported Remote Access Trojan showed that while 8 antivirus products detected the unsigned payload, only 2 detected the signed copy. 

These services are relatively expensive, and would unlikely be widely used. However, they are expected to have an effect in network appliances performing detection of deep packet inspection and host based controls checking code signing certificates.

2. In Singapore, cyber security guidance and regulations continue to mature

Singapore passes a bill designed to ensure protection of critical infrastructure, as well as ensuring the competency of service providers for penetration testing and managed security operations center monitoring. Some industry sectors have existing guidelines and regulations, and this new bill highlights the importance of implementing security principles early to reduce cost and issues arising later.

The Securities and Exchange Commission issues a guidance which states that: "Public companies should have policies and procedures in place to (1) guard against directors, officers, and other corporate insiders taking advantage of the period between the company's discovery of a cybersecurity incident and public disclosure of the incident to trade on material nonpublic information about the incident, and (2) help ensure that the company makes timely disclosure of any related material nonpublic information."

While not directly addressing cybersecurity issues, this forces attention of company executives towards their cybersecurity risks and efforts.

Meanwhile, the European Union’s General Data Protection Regulation comes into effect on May 25. The GDPR is widely acknowledged as one of the most impactful and far reaching regulations, potentially having cascading effects on companies worldwide on how data is collected and managed. GDPR also signals a trend with privacy related regulations among governments worldwide.

3. Malware found in common cloud platforms

Bitglass threat research found that 44 percent of organizations they had scanned had malware in their cloud applications. Even with built in malware protection for applications such as Google Drive, Box, Dropbox or OneDrive, the average infection rate was still higher than 33 percent. This highlights a gap in popular enterprise cloud storage solutions, and malware solutions that are generally relied on as the first line of defense.

4. Cryptocurrency driving new form of malware

While not a new trend, there has been increasing instances where business operations have been impacted by mining tools installed on their servers and other systems. Check Point estimates that the JavaScript-able Coinhive mining tool has affected 23% of companies worldwide. With a new method for monetization, malware leveraging on traditional exploits such as  Eternal Blue have been found in the wild infecting computers as part of a mining network.

5. Survey shows continuing disconnect between CEOs and technical officers

It is not unheard of that concerns with cybersecurity differ between C-level officers. A recent survey by Dow Jones Customer Intelligence highlights this misalignment, with attention placed on server-focused solutions, while “human” solutions such as multi-factor authentication and credential management. The study also shows that CEOs have reduced visibility on incidents their company has faced, with technical officers stating higher numbers.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.