This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

 

Trend Micro Is Bridging the Cybersecurity Skills Gap with Capture the Flag Competition

We all know the IT security industry is suffering from chronic skills gaps and shortages around the world. In the US things are no different, with an estimated talent shortfall of around 40,000 jobs for information security analyst roles alone. That’s where Trend Micro’s Capture the Flag (CTF) competition comes in.

Cybercriminals Are Using Third-Party APIs as C&C Infrastructure

Companies have made a shift from typical communication methods to modern chat platforms like Slack, Discord, and Telegram. Unfortunately, attackers have also begun to abuse these platforms as command-and-control infrastructures, by exploiting the very trait that makes the platforms attractive to use.

Delve into EternalBlue’s Inner Workings to Better Understand the Exploit

The EternalBlue exploit took the spotlight last May as it became the tie that bound the spate of malware attacks these past few weeks—the pervasive WannaCry, the fileless ransomware UIWIX, the Server Message Block (SMB) worm EternalRocks, and the cryptocurrency mining malware Adylkuzz. 

We’ve Reached ‘Peak Ransomware’

Last year Trend Micro reported a 752% increase in the number of ‘families’ of ransomware, but this explosion in popularity along with WannaCry’s highly public attack, could be ransomware’s downfall. It serves as a fantastic awareness-raising tool. 

Ponzi Scheme Meets Ransomware for a Doubly Malicious Attack

The first message to pop up on the computer screen let the victims know they had been hacked. The victim had a choice: Pay the hackers a ransom of one bitcoin, in exchange for regaining access to the computer, or try to infect two new people on behalf of the attackers. 

Ransomware Variants Based on Hidden Tear Continue to Proliferate

Ransomware based on open source code, specifically variants based on Hidden Tear, continues to proliferate. When it was first released, the open source code allowed anyone, even inexperienced developers, to extort victims with ransomware.

Japanese Police Arrest Their First Ransomware-Slinging Menace

Japanese cops have, for the first time ever, arrested a ransomware maker. The 14-year-old from Osaka Prefecture in western Japan was collared on June 5 after police tracked him down as the suspected creator of home-grown ransomware that was being spammed out on social media. 

By 2022 There Will be 350,000 Cybersecurity Vacancies

The General Data Protection Regulation will force organizations to expand their cyber workforce. Two in five governments and companies will expand their cybersecurity divisions by more than 15 percent in the next 12 months. This will lead to a shortfall of 350,000 cyber workers across the continent by 2022. 

Hackers Hid Link to Malware Servers in Britney Spears Instagram Comments

Threat researchers at ESET have discovered that Turla, an espionage group linked to the Russian government, has been leaving comments on Spears’ Instagram posts that tell its malware how to connect to the group’s servers. 

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.

Leave a Reply