Risk Radar Free Cyber Newsletter – Jul 25, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Widespread, Brute-Force, Cloud-to-Cloud Attacks Hit Office 365 Users
A targeted brute force attack on Office 365 has been discovered. Senior employees from multiple departments have been targeted within each company. The way login and password attempts are being done may indicated data recovered from phishing attacks. With limitations on 2 factor authentications Office 365 is expected to be open to future attacks.
New Form of Cyber-Attack Targets Energy Sector
A new form of phishing attack is happening to energy sector companies. An apparently harmless word document in the email contains a template reference that connects to the attacker’s server. This enables the victim’s credentials to be recovered and a word template with malicious payload to be downloaded to the victims pc.

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities
A known mac backdoor discovered in January has some newly discovered spying capabilities. Patrick Wardle of Synack will be going over these new capabilities at Black Hat this week. The article goes into more detail of what Wardle is expected to present during Black Hat.

Motivation Mystery Behind WannaCry, ExPetr
Researchers are looking into the motives of WannaCry and ExPetr. There are some indications that these two attacks are a new movement in APT attacks. The ransomware appears to be a cover for a destructive attack. These attacks were not done in a way to get the most money from the ransomware, the destruction seemed to be the main focus.
Cisco Warns of Coming “Destruction of Service” Attacks
Cisco is also warning of coming “Destruction of Service” attacks.  They also state that IoT devices will play a central role in these destructive attacks. The article covers recommendations for companies to avoid these new attacks.
Black Hat USA 2017 Preview
Threat post gives a podcast review of the upcoming Black Hat conference. The keynote address, important topics, and sessions are discussed in the podcast.