Slingshot: New malware on the scene lay undiscovered for years

Last week, a study from MIT researchers showed that blaming bots for the spread of misinformation on Twitter is a case of good old-fashioned scapegoating. False news apparently travels fast.

Do you know exactly how much value your data holds? spoke to Jeremy Tillman of Ghostery about third-party browser trackers.

Read on to keep abreast of the latest goings-on in infosec and enterprise.

Slingshot malware hid for six years

Kaspersky Lab researchers reported last week that they had uncovered malware so sophisticated it remained undetected for six years, despite infecting at least 100 machines around the world.

The researchers say Slingshot is one of the most advanced attack platforms ever discovered and believe it was developed on behalf of a country with the funds to invest in such a sophisticated system.

Although it is unclear how Slingshot infiltrated every target, in some cases it got access to routers made by Latvian manufacturer MikroTik, planting malicious code within it. Active since at least 2012, it remained operational throughout February. Analysts suggest it could have collected keyboard data, passwords and more and was aimed at the Middle East and Africa.

500,000 NHS staff rely on insecure messaging apps to communicate

A new survey from CommonTime, reported in Infosecurity Magazine, found that 43pc of NHS staff rely on apps like Facebook Messenger and WhatsApp and 32pc only use these consumer-level tool to send messages at work. Frontline workers have an even higher instance of insecure app use, with 59pc of doctors and nurses using consumer IM apps at least once a week, even though 75pc of users worried about confidentiality.

NHS policy forbids consumer IM apps and the report mentioned examples of patient data being transmitted to the wrong person, sometimes outside of the organisation itself as well as sharing of patient addresses and phone numbers.

The tale of the ‘Olympic Destroyer’ malware attack

The Winter Olympics opening ceremony in Pyeongchang was marred by a cyberattack and new revelations show a number of false flags were planted to frame other groups for the incident.

Security researcher Vitaly Kamluk said: “Given how politicised cyberspace has recently become, the wrong attribution could lead to severe consequences and actors may start trying to manipulate the opinion of the security community in order to influence the geopolitical agenda.”

The Olympic Destroyer malware managed to temporarily freeze IT systems, cripple Wi-Fi and crash the Olympics website. Many rushed to pin the attack on a culprit like the Lazarus Group, Russia and Iran, but the mystery remains. Apparently, the groundwork for the attack was laid in December with a spear-phishing campaign targeting the official sponsors of the Olympic Games.

Government surveillance and Monero mining

State surveillance is growing in sophistication, as a new report published by Citizen Lab shows. Syrian and Turkish governments were found to have hijacked local internet users’ connections to covertly inject malware, while in Egypt, browser-based cryptocurrency mining scripts were found in users’ web traffic using the same methods.

The governments, state agencies and internet service providers involved are using Deep Packet Inspection technology from Sandvine to intercept and modify users’ traffic.

In Turkey, the technology affected targeted users like journalists and human rights activists, redirecting them to malicious versions of legitimate programmes laced with spyware. Sites like Wikipedia and the Kurdistan Worker’s Party website were also blocked.

In Syria, malicious versions of CCleaner and Avast Antivirus were bundled with government spyware.

A sneaky telecoms operator in Egypt was using Sandvine devices to inject a Monero mining script into every HTTP web page visited by users.

New forum supporting women in security launches

8 March marked International Women’s Day and the Security Industry Association celebrated with the launch of the Women In Security Forum to support womens’ participation in the security field. Networking events, programs and professional development will be elements of the forum, as well as identifying platforms to improve the visibility of women in the industry.

Brianne Brewer of SecureSet, a cybersecurity academy in Denver, Colorado, said: “A forum like this provides a platform to connect women and men who realise the critical role that inclusion and visibility play in talent development and providing a clear pathway for women in the security industry.”

The post Slingshot: New malware on the scene lay undiscovered for years appeared first on Silicon Republic.

Silicon RepublicSilicon Republic