Last month’s uncovering of the SolarWinds supply chain attack caused waves of panic and chatter across the U.S. and all over the world. How did such a widely-used and important software get breached? And are even the supposedly best-protected companies (and their customers) still at risk of compromise? Bit by bit, more information is being discovered about the famous attack we all recently witnessed. It is supposed that Russian nation-state actors are behind the breach that poisoned a SolarWinds software update, delivering the Sunburst backdoor to around 18,000 organizations and companies, including large tech companies such as Microsoft, FireEye and more. Even President Joe Biden is facing pressure from security advisors to urgently address what is being called one of the worst data breaches to ever hit the U.S. government. Since the original headlines outlining the Sunburst supply chain variant, additional malware strains involved in the attacks have also been discovered.

New research has discovered a number of ransomware attacks linked to APT27, a hacker group widely believed to be operating from China. A report from Security Joes and Profero has outlined its response to a ransomware incident involving the encryption of several core servers. During their analysis, researchers also found malware samples tied to a DRBControl backdoor campaign from earlier this year, which targeted major gaming companies worldwide. Two Chinese APT groups have been linked to the campaign: APT27 and Winnti.

At ThreatSTOP we are unapologetic security geeks, we also happen to be security minimalists. In fact, we think anyone passionate about The Cybers aims to maximize protection with the fewest tools. Why? Because tools break, they have vulnerabilities, they cost money, they require care and feeding, etc. etc.. Is it crazy to think you can secure a network really well with only ThreatSTOP, a firewall, a DNS server, and good password hygiene? Heck no, that's not crazy, what is crazy is that a huge percentage of businesses (skewing to SMB of course) don't even check those minimums off the security must-have list, while lots of companies conversely have become collectors, with a SOC that looks like a virtual RSA tradeshow. So while we daydream about a future where enterprises don't have either zero or 70 different security products that aren't playing nice together, check out our favorite new tool (hah!) for managing passwords:

Google has announced a ton of new password protection features this week after releasing Chrome 88. The new browser version provides users with an easy shortcut to identify weak or compromised passwords and quickly change them. The new key icon will appear under your profile avatar, and clicking it will begin Google’s check for weak passwords. If found, the browser will immediately alert you and offer a one-click password change. Chrome 88 will also let users manage and update multiple passwords in the same place. This feature is currently available for desktop and iOS versions, and will be available for the Android Chrome app soon. Google has already seen a 37% reduction in compromised credentials in 2020 based on the Chrome Safety Check features and other improvements made last year. Today, Chrome’s safety check is used 14 million times every week.

A botnet is a distributed network consisting of many compromised internet-connected devices, which are controlled by a centralized botmaster, and are utilized to perform synchronized tasks. Each infected machine is called a bot, and together their power is used to carry out various attacks. Botnets are usually created via malware infections, which gain persistence on the machines and “recruit” them to the botnet. Some of these malware variants can even self-propagate through networks, infecting many devices via one network entry point. The bandwidth amount “taken” from each bot is relatively small, so that the victim will not realize that their device is being exploited, but when thousands or even millions of machines are simultaneously instructed to perform a joint, targeted attack, the damage can be immense.

Although we are used to thinking of botnets as a collection of computers, these networks can be comprised of various types of devices – personal computers, laptops, mobile devices, smart watches, security cameras, and smart house appliances.

In a public service announcement last week, the FBI warned residents with camera and voice-capable smart devices that hackers are targeting them with swatting attacks that stem from stolen email credentials. Swatting is an attack in which ill-meaning attackers make a fake emergency call to the police, calling law enforcement and S.W.A.T teams into action on a fake premise. The hoax call usually mentions an immediate life threat so that law enforcement will scramble to arrive ASAP and in full force. This type of attack causes damage on both sides of the dangerous prank – police, who are taken away from other critical tasks, and homeowners whose hacked devices were used for the call, who are left confused and shaken or worse. Some health-related and even violent consequences of these situations have also been reported.

While vaccines are slowly being distributed around the world, COVID-19 is still on the loose, and the in many ways – the world is still at a halt. Researchers at Kaspersky have recently discovered attacks against COVID-19-related entities, probably attempting to get their hands on vaccine research. The perpetrators behind this sneaky and specialized attack are none other than the mysterious Lazarus Group, a cybercrime group with strong links to North Korea, and known for some large cyberattacks over the last decade, such as the WannaCry attacks, Sony breach, and more. While tracking the group’s activity over a variety of industries, the Kaspersky researchers spotted two COVID-related attacks – one on a pharmaceutical company, and the other on a government ministry involved in COVID-19 response.