Capoae malware brute-forces WordPress sites for cryptomining
According to The Hacker News, “a recently discovered wave of malware attacks has been spotted using tactics that involve easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency.” The malware, named “Capoae,” whihc is a short form of the Russian word for “Scanning,” makes its way to a host through a backdoored addition to a WordPress plugin called “Download-Monitor.” Download-Monitor itself gets installed after brute-forcing WordPress admin credentials. The attacks also involve the deployment of a Golang binary with decryption functionality, with the obfuscated payloads retrieved by leveraging the trojanized plugin to make a GET request from an actor-controlled domain. The goal, say researchers at Akamai, is primarily to leverage weak administrative credentials to mine cryptocurrency.
Malicious email surge predicted for Q4
According to new research from Tessian, corporate email users should be watchful for increased numbers of phishing attacks in the final quarter of the year. The researchers say this is when most malicious emails are likely to arrive. The statement is based on analysis of four billion messages sent between July 2020 and July 2021, which was included in its Spear Phishing Threat Landscape 2021 report. The research found 45% more malicious emails sent in October, November and December 2020, with the most significant spike occurring during the week of the Black Friday sales.
Farming group warns of supply chain chaos after ransomware attack
An agricultural group in Iowa that was hit by ransomware over the weekend suggests that the impact of the attack on the US public could be worse than the Colonial Pipeline incident. The attack has been attributed to BlackMatter, which is believe to be connected to the DarkMatter group responsible for the Colonial Pipeline outage in May. This attack targeted New Cooperative, a major US grain producer, with a $5.9m ransom demand. The outage threatens public disruption to the grain, pork, and chicken supply chain since 40% of grain production is running on the software.
US sanctions cryptocurrency exchange used by ransomware gangs
The US Treasury Department has announced sanctions against a cryptocurrency exchange named Suex, for “facilitating ransom transactions for ransomware gangs and helping them evade sanctions.” According to Chainalysis, Suex is registered in the Czech Republic but operates out of Moscow and St. Petersburg along with other Russian and Middle Eastern locations. This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the Federal Bureau of Investigation.
Thanks to our episode sponsor, Kanu Solutions
Trello down twice this week
The web-based To-Do list-style platform owned by Atlassian has suffered two significant outages this week, according to user notifications tracked by DownDetector. “Businesses and news outlets around the world rely on Trello for task management and prioritization purposes.” On Monday, Trello’s engineers believed they had found the root cause of the issue, but it quickly returned.
Key lawmakers to CISA: Let us send you more money, power
Two separate House committees have this year advanced legislation to give CISA a total of $800 million more to add to its current $2 billion total budget. Those proposed funds come on top of another extra $650 million that Congress and President Biden provided to CISA in March through the American Rescue Plan. “Both chambers of Congress are also contemplating legislation that would make CISA the hub where vital companies would report major cybersecurity incidents, following the string of monumental cyberattacks that began with the SolarWinds breach in December,” as well as extending the CISA director’s tenure a five-year term, to insulate the department against politics.
Siemens Energy launches AI solution to fight industrial cybercrime
On Tuesday, Siemens revealed a new offering, dubbed Eos.ii, which is unrelated to the blockchain protocol EOS.IO, as “an artificial intelligence (AI) and machine learning (ML) Security Information and Event Management (SIEM) platform that provides CISOs with an evergreen foundation for industrial IoT cybersecurity. The platform collects and collates data flows from IIoT endpoints for use by security teams, with insights brought together in one interface.” Eos.ii will automatically tailor defensive practices and prioritize high-impact events with the assistance of ML algorithms. A white paper summarizing its role in defending IIoT machinery is available at Siemens.
(ZDNet)
Ikea launches gaming furniture range
The furniture giant has announced a new collection of pieces aimed specifically at game players. These will be released in stores in the UK on October 1. “Ikea says it has collaborated closely with the Republic of Gamers, a sub-brand of tech company Asus, to ensure specific comfort features for game players.” Examples include Lånespelare neck pillow and multi-functional cushion/blanket – a sort of giant padded sofa/hoodie, which will keep gamers comfy during weekend-long Fortnite sessions. “There are also game-streaming accessories including a smartphone holder a ring lamp, and a handy headphone holder that actually looks like a hand.”