1. The counterfeit code-signing ceritifcates are now being custom-created
Recorded Future has found that code signing and SSL certificate services are “widely available” on the dark web, from reputable companies such as Comodo, Thawte, Symantec and Apple. These certificates can be created on request, and are believed to be done using stolen corporate identities. Malicious users will be able to use these certificates to obfuscate their payloads, as the certificates are registered using information of legitimate business owners.
Several prominent attacks in the recent past have utilized payloads in legitimately signed binaries, such as backdoors in NetSarang’s Server management Software, M.E.Doc accounting software in Ukraine, and CCleaner, highlighting the effectiveness of such efforts. (It is not clear exactly when the compromise happened in some of the above examples.)
In addition, a trial by Recorded Future with encrypted, unreported Remote Access Trojan showed that while 8 antivirus products detected the unsigned payload, only 2 detected the signed copy.
These services are relatively expensive, and would unlikely be widely used. However, they are expected to have an effect in network appliances performing detection of deep packet inspection and host based controls checking code signing certificates.
2. Cyber Security guidance and regulations continue to mature:
Singapore passes into law a bill designed to ensure protection of critical infrastructure, as well as ensuring the competency of service providers for penetration testing and managed security operations center monitoring.
Some industry sectors have existing guidelines and regulations, and this new bill highlights the importance of implementing security principles early to reduce cost and issues arising later.
The Securities and Exchange Commission issues a guidance
"Public companies should have policies and procedures in place to (1) guard against directors, officers, and other corporate insiders taking advantage of the period between the company's discovery of a cybersecurity incident and public disclosure of the incident to trade on material nonpublic information about the incident, and (2) help ensure that the company makes timely disclosure of any related material nonpublic information"
While not directly addressing cybersecurity issues, this forces attention of company executives towards their cybersecurity risks and efforts.
European Union’s General Data Protection Regulation comes into effect on May 25. The GDPR is widely acknowledged as one of the most impactful and far reaching regulations, potentially having cascading effects on companies worldwide on how data is collected and managed. GDPR also signals a trend with privacy related regulations among governments worldwide.
3. Malware Found in Common Cloud Platforms
Bitglass threat research found that 44 percent of organizations they had scanned had malware in their cloud applications. Even with built in malware protection for applications such as Google Drive, Box, Dropbox or OneDrive, the average infection rate was still higher than 33 percent.
This highlights a gap in popular enterprise cloud storage solutions, and malware solutions that are generally relied on as the first line of defense.
4.Cryptocurrency Driving New Form of Malware
With a new method for monetization, malware leveraging on traditional exploits such as Eternal Blue have been found in the wild infecting computers as part of a mining network.
5. Survey Shows Continuing Disconnect Between CEOs and technical officers
It is not unheard of that concerns with cybersecurity differ between C-level officers. A recent survey by Dow Jones Customer Intelligence highlights this misalignment, with attention placed on server-focused solutions, while “human” solutions such as multi-factor authentication and credential management. The study also shows that CEOs have reduced visibility on incidents their company has faced, with technical officers stating higher numbers.