Capoae malware brute-forces WordPress sites for cryptomining
A recently discovered wave of malware attacks has been spotted using tactics that involve easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. The PHP malware — codenamed “Capoae” (short for “Сканирование,” the Russian word for “Scanning”) — is said to be delivered to the hosts via a backdoored addition to a WordPress plugin called “download-monitor,” which gets installed after successfully brute-forcing WordPress admin credentials. The attacks also involve the deployment of a Golang binary with decryption functionality, with the obfuscated payloads retrieved by leveraging the trojanized plugin to make a GET request from an actor-controlled domain. The goal, say researchers at Akamai, is primarily to leverage weak administrative credentials to mine cryptocurrency.
Malicious email surge predicted for Q4
Corporate end-users should be on high alert for phishing attacks in the final quarter of the year as this is when most malicious emails are likely to land, according to new research from Tessian. The email security vendor analyzed four billion messages sent between July 2020 and July 2021 to compile its Spear Phishing Threat Landscape 2021 report. It found 45% more malicious emails sent in October, November and December 2020, with the most significant spike occurring during the week of the Black Friday sales.
Farming group warns of supply chain chaos after ransomware attack
An Iowan agricultural group hit by ransomware over the weekend suggests that the impact of the attack on the US public could be worse than the Colonial Pipeline incident. The attack has been traced to BlackMatter, a group that some believe has links to the DarkMatter outfit responsible for the Colonial Pipeline outage in May. This attack targeted New Cooperative, a major US grain producer, with a $5.9m ransom demand. The outage threatens public disruption to the grain, pork, and chicken supply chain since 40% of grain production is running on the software.
US sanctions cryptocurrency exchange used by ransomware gangs
The US Treasury Department announced these first-ever sanctions against a cryptocurrency exchange, named Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions. Suex is registered in the Czech Republic but has no physical presence there. Instead, it operates out of Moscow and St. Petersburg and other Russian and Middle Eastern locations, according to Chainalysis. This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the Federal Bureau of Investigation.
Thanks to our episode sponsor, Kanu Solutions
Trello down twice this week
The web-based To-Do list-style platform owned by Atlassian has suffered two significant outages this week, according to user notifications tracked by DownDetector. Businesses and news outlets around the world rely on Trello for task management and prioritization purposes. On Monday, Trello’s engineers believed they had found the root cause of the issue, but it quickly returned.
Key lawmakers to CISA: Let us send you more money, power
Two separate House committees have this year advanced legislation to give CISA a total of $800 million more to add to its current $2 billion total budget. Those proposed funds come on top of another extra $650 million that Congress and President Biden provided to CISA in March through the American Rescue Plan. Both chambers of Congress are also contemplating legislation that would make CISA the hub where vital companies would report major cybersecurity incidents, following the string of monumental cyberattacks that began with the SolarWinds breach in December, as well as extending the CISA director’s tenure a five-year term, to insulate the department against politics.
Siemens Energy launches AI solution to fight industrial cybercrime
On Tuesday, Siemens revealed a new offering, dubbed Eos.ii — not to be confused with the blockchain protocol EOS.IO — as an artificial intelligence (AI) and machine learning (ML) Security Information and Event Management (SIEM) platform that “provides CISOs with an evergreen foundation for industrial IoT cybersecurity.” The platform collects and collates data flows from IIoT endpoints for use by security teams, with insights brought together in one interface. Eos.ii will automatically tailor defensive practices and prioritize high-impact events with the assistance of ML algorithms. A white paper summarizing its role in defending IIoT machinery is available at Siemens.
Ikea launches gaming furniture range
The flatpack furniture giant has announced a new collection aimed specifically at game players to be released in stores in the UK on October 1. Ikea says it has collaborated closely with the Republic of Gamers, a sub-brand of tech company Asus, to ensure specific comfort features for game players. Examples include Lånespelare neck pillow and multi-functional cushion/blanket – a sort of giant padded sofa/hoodie, which will keep gamers comfy during weekend-long Fortnite sessions. There are also game-streaming accessories including a smartphone holder a ring lamp, and a handy headphone holder that actually looks like a hand.