This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about stalkerware and why it’s on the rise. Also, read about Trend Micro’s selection as a launch partner for the new Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing service, announced during AWS re:Invent 2019.

Read on:

You’re in Safe Hands with Trend Micro Home Network Security

Your home should be a haven that protects you. In the cyber age, however, your router, computers, TVs, game consoles and smart devices are continuously connected to the internet and run the risk of being hacked—usually when you least expect it. This blog is the first of a three-part series outlining how to implement Home Network Security to protect your home.

Amazon Web Services Recognizes Trend Micro as Launch Partner for New Service

With Amazon VPC Ingress Routing, Trend Micro customers will gain benefits which include more flexibility and control traffic routing with transparent deployment and no need to re-architect. Deploying in-line allows customers to be proactive in their network security, which in turn can prevent and disrupt attacks before they can be successful.

What Worries CISOs Most In 2019

Trend Micro’s VP of infrastructure strategies, Bill Malik, recently sat down with a dozen senior IT security leaders to discuss challenges they are currently facing in light of considerable changes in their business environments. These include the high pace of acquisitions balancing executive and team focuses, bring-your-own-device (BYOD) policies and ransomware infections.

Ransomware Attack Hits Major U.S. Data Center Provider

CyrusOne, one of the biggest data center providers in the U.S., has suffered a ransomware attack and is currently working with law enforcement and forensics firms to investigate the attack. CyrusOne is also helping customers restore lost data from backups.

Stalking the Stalkerware

Stalkerware is government-style surveillance software used by individuals to spy on others, which is usually someone you know. With smartphone usage continuing to rise, a whole mini industry has appeared over the past couple of years selling monitoring software, or more treacherously, trojan spyware and code that can hide itself so that you don’t even know it’s on your device.  

The California DMV Is Making $50M a Year Selling Drivers’ Personal Information

The California Department of Motor Vehicles is generating revenue of $50,000,000 a year through selling drivers’ personal information, according to a DMV document obtained by Motherboard. This information includes names, physical addresses, and car registration information. 

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Trend Micro has followed cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008 but noticed an unusual increase in malware development and deployments towards November 2018 as part of a campaign dubbed “Operation ENDTRADE.”

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

A freshly discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services (IRIS), ZeroCleare was involved in a recently spotted APT attack on an oil and gas company, in which it compromised a Windows machine via a vulnerable driver.

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

Trend Micro has found a new spyware family disguised as chat apps on a phishing website. Trend believes that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign.

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign

In November 2019, Trend Micro analyzed an exploit kit named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During an analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed that these samples were making use of obfuscation tools that made them virtually undetectable.

Trend Micro More Than Doubles Commitment to Underrepresented Persons in Cybersecurity

This week at AWS re:Invent, Trend Micro announced plans to further strengthen its commitment to underrepresented persons by more than doubling its annual time and financial investments to alleviate the skills and diversity gaps in cybersecurity.

Mobile Security: 80% of Android Apps Now Encrypt Network Traffic by Default

Three years ago, Google started its push to tighten network traffic protection from Android devices to web services. The company has provided an update stating that 80% of Android apps have adopted the HTTPS standard by default. HTTPS encrypts network traffic, preventing third parties from intercepting data from apps.

Magecart Sets Sights on Smith & Wesson, Other High-Profile Stores

After incidents in the past few months that saw the threat actor go after customers of online shops and hotel chains, threat actors from the infamous card-skimming group once again took action, this time on Black Friday on a new set of targets: high-profile stores, including firearms vendor Smith & Wesson (S&W).

Out on a Highway Run: Threats and Risks on ITS and Smart Vehicles

The research firm Counterpoint predicted that by 2022, the number of vehicles with embedded connectivity will grow by 270%. The expected increase in technology adoption, however, does not come without risks — from petty showcases of hacks to possibly bigger threats to safety and financial losses.

StrandHogg Android Vulnerability Allows Malware to Hijack Legitimate Apps

Researchers discovered a vulnerability in Android devices that allows malware to hijack legitimate apps. Using this vulnerability (StrandHogg), cybercriminals could trick users into granting permissions to their malicious apps and provide openings for phishing pages.

Ginp Trojan Targets Android Banking App Users, Steals Login Credentials and Credit Card Details

Counterfeit apps were found carrying a new version of the Android banking trojan Ginp (detected by Trend Micro as AndroidOS_Ginp.HRXB) to steal user login credentials and credit card details. ThreatFabric’s analysis of recent Ginp samples showed that it reused some code from Anubis, an Android malware family notorious for its use in cyberespionage activities before being re-tooled as a banking trojan.

What AWS re:Invent announcement did you find the most interesting? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE