Photo Credit: © turbomotion046 - stock.adobe.com
In 2017 WannaCry, Petya/NotPetya and Bad Rabbit ransomware wrought havoc across the globe. These unprecedented attacks have cost businesses billions of dollars in damages.
VPNFilter Router Malware
Researchers at Cisco’s Talos security division have recently identified VPNFilter malware, which is believed to have already infected at least half a million routers. The highly destructive VPNFilter malware targets routers and network-attached storage (NAS) devices. The malware is multi-staged beginning with installation, which allows it to remain on an infected device even after it has been rebooted.
The second stage contains the malware payload and can collect files, execute commands and exfiltrate data. It can even render infected devices unusable by overwriting part of the firmware and performing a reboot, after which the device isn't salvageable.
There are multiple Stage 3 modules, one of which includes a packet sniffer that is capable of stealing website credentials.
Firefox and Chrome may have been inadvertently leaking Facebook user information for the last year.
Numerous malicious websites utilize a side-channel vulnerability hack that exploits a weakness of CSS3, which is the latest and greatest version of cascading style sheets. This version of CSS includes a feature known as “mix-blend-mode,” which has been leaking visual content hosted on Facebook.
Malicious websites that are aware of this issue include a cross-origin iframe, used with data capturing code to de-anonymize Facebook users. Attackers are able to retrieve the colors of each pixel within the iframe, and manually inspect images to extrapolate any personal information that is displayed including usernames, profile pictures and statuses.
SamSam ransomware, which appears to target healthcare and government organizations, brought the city of Atlanta’s municipal operations to a halt, and cost at least $2.6 million in recovery efforts.
A ransom note for six bitcoin, about $51,000 at the time, was sent to the city after government data was encrypted. In the days immediately following the attack, employees were forced to hand-write reports, city residents couldn’t pay their water bills online and court cases had to be rescheduled as files were inaccessible.
Atlanta is not the only city government to have been hit by SamSam. The Colorado Department of Transportation was infected twice this past February in the span of eight days, as well as Davidson County in North Carolina and the municipality of Farmington, New Mexico.
Spectre and Meltdown
Discovered in January 2018, Meltdown and Spectre exploit vulnerabilities found across the majority of modern processors, including those manufactured by computing giants like Intel, ARM and AMD. This encompasses almost all modern computing and IoT devices.
Meltdown and Spectre are capable of stealing data that is being processed in RAM—also known as volatile memory—which is only maintained while a machine is powered up. Running programs are not normally able to read the data that belong to other programs, but with Meltdown and Spectre it is possible to obtain data stored in memory across programs.
Security researchers believe that these vulnerabilities have the potential to be catastrophic.
This year’s cyber threats make it clear that everyone is susceptible to attacks and vulnerabilities, including technology giants and government organizations.
The imminent risk should only reinforce the importance of securing critical infrastructure, protecting sensitive information and regular maintenance that includes a patching schedule.If you're wondering how to prepare against targeted cyber-attacks, the journey begins with approaching cybersecurity holistically and identifying the right solution for your business. Align Cybersecurity offers tailored, nimble and advanced cybersecurity solutions encompassing:
- Vulnerability Assessments / Penetration Testing
- Cybersecurity Risk Management as a Service (Align Risk CSR)
- Customized Cybersecurity Programs
- Third Party Management
- Managed Threat Protection (Align Guardian)
- Cybersecurity Training
- Outsourced Virtual Chief Information Security Officers (vCISO)
- And more!