ISA is committed to keeping the security community up to date with the latest cybersecurity news.
Microsoft strikes back at hackers
Microsoft and the FS-ISAC have launched a legal action to disable a range of IP addressees hosted all over the United States that are alleged to control the infamous TrickBot botnet. Simultaneously, Microsoft and some of its technology partners have worked with telecom providers around the world to further disrupt the activities of the criminal network. The legal action was timed to coincide with an offensive by the U.S. Cyber Command to disable TrickBot, as described recently by the Washington Post. The FS-ISAC (a global non-profit membership organization representing 7,000 financial institutions and payment processors, and the majority of the U.S. financial services sector) was involved because of the harm that Trickbot is doing to the financial industry.
In the complaint, Microsoft describes TrickBot as “a prolific and globally diverse financial theft and malware distribution botnet [that] specializes in distributing ransomware, infecting end user computers in order to steal financial account credentials and funds, steal personal information or to install other forms of malware such as ransomware”. The complaint goes on to describe one of the primary uses of TrickBot: hackers “gain access to account credentials for online banking websites to steal – among other things – funds from computer users and financial institutions” by hijacking the user’s browser and stealing their financial login credentials. TrickBot is also widely suspected to be a tool intended for tampering with upcoming U.S. elections, potentially being used to attack computers holding voter rolls and results.
The pleadings imply that the infected computers effectively cease to run Windows, the operating system is actually “transformed into tools of deception and theft”, and that the unauthorized and malicious reuse of Microsoft code in Windows and Word was in fact a trademark infringement. On this basis, the plaintiffs were able to successful seek an emergency injunction on the use of the coordinating IP addresses.
The pleadings make for fascinating reading, and the complaint in particular provides a comprehensive view into Microsoft’s research into the activities of the TrickBot operators. Microsoft and its partners spent months collecting more than 125,000 TrickBot malware samples in order to analyze the operation of the malware. Their research reveals how the malware works, and maps out how the command-and-control botnet directs the activities of infected computers down the chain.
“With this evidence, the court granted approval for Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the TrickBot operators to purchase or lease additional servers,” Microsoft said in a press release on October 12.
According to the complaint, TrickBot has allegedly infected over a million devices since 2016, ranging from computers to IoT devices.
Microsoft concedes that this is far from the end of the war, but this feels like a victory in this particular battle.
Gigamon announces Canadian expansion
Gigamon, the worldwide leader in network visibility, analytics, threat detection and response, recently announced plans to expand its global footprint with its first Canadian tech hub in Ottawa. Shane Buckley, President and Chief Operating Officer at Gigamon, says the firm has already set up dozens of job interviews as it looks to quickly establish a virtual presence in the city. By fall 2021, Gigamon plans to have a full physical office established in the nation’s capital, building a world-class research and development team of up to 50 people.
Chief Executive Officer Paul Hooper says that the Ottawa location was selected for a number of reasons including the diversity of skills, the support of the local city, and the benefits of having development on the East Coast. Gigamon currently has tech hubs in Santa Clara, California; Seattle, Washington; and Chennai, India with sales offices worldwide.
“I am extremely proud to welcome Gigamon, an industry leader in network agility, visibility and security, to the nation’s capital,” said Jim Watson, celebrating his tenth year as Mayor of Ottawa. “This is a significant investment by an emerging tech industry leader, reinforcing Ottawa’s position as an attractive city in which to do business, particularly during these uncertain times.”
“This is the start of something magic!,” adds Buckley.
Gigamon’s enterprise-scale technology gives customers the power to collect data in transit across physical, virtual and cloud infrastructures, and then optimize, decrypt and secure it before distributing it to your infrastructure.
ISA Cybersecurity, which already has an office established in Ottawa, welcomes the arrival of their long-time partner Gigamon to the Capital Region. ISA has extensive certifications with Gigamon technology and will be supporting Gigamon as they expand their footprint to help secure organizations around the world.
CCCS reports spike in Emotet attacks
Canada’s Canadian Centre for Cyber Security (CCCS) has issued a special bulletin warning of malicious activity associated with so-called “Emotet” malware campaigns. According to the bulletin, “Emotet is an advanced botnet that has infected hundreds of thousands of systems worldwide. Once a system is infected by Emotet, additional malware… may be implanted on the system resulting in data exfiltration or attempts to extort the victim.”
According to a report in ARS Technica, Emotet has become one of the world’s most prevalent ongoing threats, and has “successfully burrowed into Quebec’s Department of Justice and increased its onslaught on governments in France, Japan, and New Zealand. It has also targeted the Democratic National Committee.”
The Emotet attacks are particularly dangerous as they can be spread through bulk spam emails as well as targeted phishing attacks, often appearing to be sent from trusted sources. Ultimately, the hackers’ goal is to get the victim to open an infected Word document or PDF to launch the malware.
In addition to current malware detection software, one of the best defenses against the Emotet threat is user awareness. Staff must remain constantly vigilant and remain skeptical of unexpected emails and unknown links/attachments, even those coming from trusted sources.
ISA and Micro Focus featured at October 15 IDC event
On October 15, 2020, IDC Canada is presenting a live online event entitled “IDC Connections 2020: Future Enterprise Strategies”, an exciting two-hour virtual experience connecting CEOs across industries and bringing together IDC’s leading analysts to share expert insights as Canadian organizations move forward through the economic aftermath and recalibrate for the “Next Normal”.
Virtual booth sponsors feature ISA Cybersecurity and Micro Focus, who will be represented by cybersecurity specialists Priscilla Petgrave and Neil Correa. Priscilla and Neil will be hosting live interactive Q&A sessions from 12:15-1:30 p.m. and 3:00-3:30 p.m.
Together, ISA and Micro Focus can help optimize your security operations with ArcSight SIEM, a powerful, customizable enterprise solution that helps detect both known and unknown threats through correlation, data ingestion and analytics.
ISA and Micro Focus are pleased to offer exclusive bonuses to attendees who book a virtual planning session with a cybersecurity specialist:
– Existing ArcSight customers will receive a free ArcSight health check to ensure they are realizing the full potential of the product
– Prospective ArcSight customers will receive a free sizing/scoping exercise
– All attendees who book a virtual planning session will receive a complimentary Uber Eats “Lunch-On-Us” in appreciation for their time and interest
Registration for the virtual event is free, and a detailed agenda is available online. Attendees can sign up for the bonus offer by visiting the ISA/Micro Focus booth and clicking on the “Register Interest” button.