Friday, March 20, 2020

Internet security and Coronavirus

The jerks who create malware are using the virus panic to spread their junk:
An advanced persistent threat (APT) group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call “Vicious Panda.”
Researchers identified two suspicious Rich Text Format files (RTF — a text file format used by Microsoft products) targeting the Mongolian public sector. Once opened, a custom and unique remote-access trojan (RAT) is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more.
Remember Borepatch's First Law of Security: "Free Download" is Internet-speak for "Open your mouth and close your eyes."

Android app to track virus is actually ransomware:
The recently discovered ransomware performs a screen-lock attack by forcing a change in the password required to unlock a phone, according to DNS threat intelligence company DomainTools in a blog postauthored last week by Tarik Saleh, senior security engineer and malware researcher. For Android Nougat devices and later versions, the attack only works if the user never bothers to set a password in the first place.
Security researchers have recovered a password to unlock the device and remove the malware.  But look at the last sentence: you won't get infected if you have a password on the device.  Make sure you have a password on your phone, people.

SANS has work-from-home kit to help organizations implement this securely:
In response to the coronavirus pandemic, organizations worldwide are implementing work-from-home policies. Yet for many businesses, managing an entirely remote workforce is completely new, which means they may lack the processes, policies and technologies that enable employees to work from home safely and securely. In addition, many employees may be unfamiliar or uncomfortable with the idea of working from home. 
At SANS Security Awareness, we want to do whatever we can to ensure companies can train and secure their remote workforce. These resources and training materials are a combination of both our public resources and paid training materials which we are releasing for free. We understand that this is a unique situation and we want to do everything we can to help.
I like SANS - they have a clue and have been around for a long, long time.  If you're in IT and work-from-home is new to your org, check this out.


Old NFO said...

Yep, they are good folks and DO know the territory, so to speak.

Kurt said...

Concur. I have two certs from them (GSEC and GCIH), and am saving up for more. They have great, if very espensive, training.

The Real Kurt

McChuck said...

The jerks, they shall be with us. Always.