Friday Five: More Malware Targeting Apple Devices, a New Cyber-Resilient OS, & A Malware Gang's Tactics Backfiring
Learn how a malware gang’s tactics are being used against them, how the Department of Homeland Security is facing new threats head-on, an ambitious project to create a more secure OS, and more—all in this week’s Friday Five!
A SECURITY TEAM IS TURNING THIS MALWARE GANG’S TRICKS AGAINST IT BY LILY HAY NEWMAN
Gootloader malware, a malicious initial-access-as-a-service operation, has been found to use tactics that aim to cover their own tracks and avoid detection while targeting certain industries or sectors, but security researchers discovered that those same tactics can be used against them to prevent network compromise. Learn more about Gootloader's tactics, what other malware groups they've been linked to in the past, and the clever way in which security teams can use their own tactics against them in the full story from Lily Hay Newman at Wired.
LAZARUS SUBGROUP TARGETING APPLE DEVICES WITH NEW RUSTBUCKET MACOS MALWARE BY RAVIE LAKSHMANAN
A North Korean threat actor known as BlueNoroff--a subgroup of Lazarus--is suspected to be behind a new Apple macOS malware strain called RustBucket. The malware reportedly poses as an "Internal PDF Viewer" application to activate the infection, "[communicating] with command and control (C2) servers to download and execute various payloads," according to the technical report released last week. While it still isn't clear whether or not any RustBucket attacks have been successful, the development indicates threat actors' willingness to adapt their toolsets to accommodate cross-platform malware. Find out more about BlueNoroff's history and how the malware works in the full story from The Hacker News.
GOOGLE BANNED 173K DEVELOPER ACCOUNTS TO BLOCK MALWARE, FRAUD RINGS BY SERGIU GATLAN
In their annual "bad apps" report, Google reported that they blocked 173,000 developer accounts in 2022 to block malware operations and fraud rings, along with preventing almost 1.5 million policy-violating apps from reaching the Google Play Store. Google also observed a decline in the number of malicious accounts after implementing additional requirements for developers seeking to join the Play Store ecosystem, including phone and email identity verification. Read the full report to find out more about Google's security accomplishments over the past year and their goals moving forward.
MIT AND STANFORD RESEARCHERS DEVELOP OPERATING SYSTEM WITH ONE MAJOR PROMISE: RESISTING RANSOMWARE BY CHRISTIAN VASQUEZ
Computer science researchers Michael Stonebraker and Matei Zaharia are teaming up for an ambitious project, with its primary goal being to develop a new type of operating system they say will be resilient against common cyberattacks and bounce back from ransomware infections within minutes. According to Michael Coden, associate director of cybersecurity at MIT Sloan School of Management, the idea behind the new OS is to "get detection internally without external cybersecurity tools or analytics engines more quickly and... [to] roll back to the pre-attack state for business continuity within minutes or seconds without having to go and do restores." Read more about the project and how the operating system's built-in security measures would work in the full story from CyberScoop.
DHS OUTLINES CYBER PRIORITIES IN RELEASE OF DELAYED REVIEW BY EDWARD GRAHAM
The Department of Homeland Security's latest Quadrennial Homeland Security Review—which was last released in 2014—warned that “threats to the homeland have become more complex and have arisen on new fronts,” and specified that “the convergence of cyber-physical technologies and systems underpinning our critical functions—from manufacturing, to healthcare, to transportation—means that single events can have a cascading impact on multiple industries, sectors and national critical functions.” Read a full, in-depth breakdown of the review and the DHS's plans to combat the emerging threats in the full story from Nextgov.