Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how the QAKBOT Loader malware has evolved its techniques and strategies over time. Also, read about the most recent initiative by the legislation to further cybersecurity protection.
QAKBOT Loader Returns with New Techniques and Tools
QAKBOT is a prevalent information-stealing malware that was first discovered in 2007. In recent years, its detection has become a precursor to many critical and widespread ransomware attacks. It has been identified as a key “malware installation-as-a-service” botnet that enables many of today’s campaigns.
Senators Look to Defense Bill to Move Cybersecurity Measures
The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed. The efforts are markedly bipartisan, a rarity for a Senate that is struggling to accomplish a long legislative to-do list before the holidays.
Groups Target Alibaba ECS Instances for Cryptojacking
It’s been known that threat actors are actively exploiting misconfigured Linux-powered servers, regardless of whether they run on-premises or in the cloud. The compromised devices are mostly used for cryptojacking purposes with the dominance of mining for the digital currency Monero. One notorious example is TeamTNT, one of the first hacking groups shifting its focus to cloud-oriented services.
Protecting Your Krew: A Security Analysis of Kubectl Plug-ins
In this article, Trend Micro analyzes the security of kubectl plug-ins and their plug-in manager called Krew. The blog briefly discusses kubectl and the Krew plug-in manager, how they work, and their primary use. Also, learn about proper care needed for their use and possible risks according to source code and software composition analysis.
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found.
Global Operations Lead to Arrests of Alleged Members of GandCrab REvil and Cl0p Cartels
A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including Trend Micro, sought to crack down on big ransomware operators.
Robinhood Hack Also Included Thousands of Phone Numbers
The recent hack at app-based investment platform Robinhood also impacted thousands of phone numbers. The news provides more clarity on the nature of the data breach. Originally, Robinhood said that the breach included the email addresses of 5 million customers, the full names of 2 million customers, and other data from a smaller group of users.
Digital Transformation Post-Pandemic Stats & Research
IT and business leaders have rarely seen eye-to-eye on cybersecurity, but today the friction seems more pronounced than ever. New Trend Micro research found that more than 90% of IT decision-makers believe their organization would be willing to compromise on cybersecurity in favor of other priorities like digital transformation, productivity or customer experience.
TikTok Phishing Threatens to Delete Influencers’ Accounts
Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers’ managers. Abnormal Security researchers who spotted the attacks, observed two activity peaks while observing the distribution of emails in this particular campaign, on October 2, 2021, and on November 1, 2021, so a new round will likely start in a couple of weeks.
Analyzing ProxyShell-Related Incidents via Trend Micro Managed XDR
The Trend Micro™ Managed XDR team recently observed a surge in server-side compromises – ProxyShell-related intrusions on Microsoft Exchange in particular via the Managed XDR service and other incident response engagements. These compromises, which occurred across different sectors in the Middle East, were most often observed in environments using on-premise implementations of Microsoft Exchange.
DHS Launches Cybersecurity Talent Management System
The Department of Homeland Security launched a new personnel system Monday that it says will enable more effective recruitment, development and retention of cybersecurity talent. The Cybersecurity Talent Management System lets DHS screen applicants for cyber positions based on demonstrated competencies, offer competitive compensation and reduce time to hire.
What do you think about the newest strategies used by QAKBOT? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.