Kaseya ransomware case continues groups’ abuse of trust
Attackers have used Kaseya’s VSA product as a vector to deploy ransomware to a number of organisations around the globe. Kaseya reports that “the attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution. This allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints. There is no evidence that Kaseya’s VSA codebase has been maliciously modified.”
Attack landscape update: Ransomware 2.0, automated recon & supply chain attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are some of the critical threats facing organisations highlighted in F-Secure’s latest attack landscape update. According to the report, a new type of extortion that researchers have dubbed as Ransomware 2.0 has grown significantly since its first appearance in late 2019. While the COVID pandemic brought many businesses to a halt in 2020, increasing numbers of ransomware families began stealing data and threatening to leak it in addition to encrypting it during their attacks. Nearly 40% of ransomware families discovered in 2020, as well as several older families, demonstrated data exfiltration capabilities by the end of last year
New research shows how AI in online recommendations can be manipulated
Recommendation engines are used by sites and apps across the internet with Artificial Intelligence (AI) in order to nudge people into purchasing more products or consuming more content. The choices they present can influence users, both by reinforcing existing preferences or introducing new items in hopes of increased engagement. To test the integrity of these systems, the recommendation mechanisms were examined by F-Secure to determine how they might be manipulated by an adversary. The research attempted to poison collaborative filtering models used by many sites and apps for recommendations, using techniques that could be used to cause a piece of content to appear at a higher position in a person’s social media timeline or search results by latching onto another piece of content. Results showed that the AI in certain online recommendations can be manipulated.
Exploitable vulnerability discovered in Apple’s macOS Gatekeeper
F-Secure R&D discovered a vulnerability in macOS Gatekeeper that an attacker can exploit to infect unsuspecting users with malware. Attackers can compromise users with this vulnerability by manipulating them into downloading a specially crafted .zip file (via phishing, for example) that exploits the vulnerability, allowing them to bypass macOS Gatekeeper’s code signature and notarisation checks.
The CISO’s Dilemma: What the threat landscape looks like from the top
Chief Information Security Officers (CISOs) report successfully fending off more attacks despite facing agile and increasingly advanced adversaries with significant advantages, according to a new independent research study by Omnisperience for F‑Secure. In interviews with 28 senior information security officers across the US, UK, and Europe, the professionals described the threat landscape as looking like a fractured workplace under constant assault. The CISOs felt forced to constantly manage a persistent ‘security debt’ and confront questions about what constitutes good security.