Inside Security - February 26th, 2018

Inside Security (Feb 26th, 2018)

Funding announcements of the week, ePassports lacking, botnets evolve beyond DDoS, W-2 phishing attacks on the rise, Trend Micro email gateway almost patched

Subscribe to Inside Security

New blank template
Subscribe | View in browser

David’s Take

Here are two highlights from cyber stories this past week. First, US Senator Ron Wyden has revealed in a complaint letter to the customs department that US border officials have failed to cryptographically verify the passports of visitors to the US for more than a decade -- because the government didn't have the proper software. The department has known about this lapse since a 2010 GAO report, and yet hasn’t done anything to correct the situation. US entry points are reading electronic data directly from passports at points of entry, but can’t determine if this data on a passport’s chip has been tampered with. One again, our government has halfway implemented security technology.

Second, Richard Clark’s latest book is reviewed in this post on IBM’s Security Intelligence blog. The book, Warnings: Finding Cassandras to Stop Catastrophes talks about how you can use these warning signs to provide a better defensive posture. The book’s title reminds me about Twelve Monkeys, my favorite Cassandra-related movie. If you haven’t seen it in a while you may want to screen it sometime.

David Strom, editor of Inside Security

Top  story: Botnet evolution

We have two links today about the evolution of botnets that are worth reading more carefully. The Mirai botnet was originally designed for DDoS attacks, but later modifications were used to target vulnerable Ethereum mining rigs to mine cryptocurrency. Now researchers have discovered yet another variation, and Mirai is being used to turn an IoT device into a proxy server. They have dubbed it OMG. – FORTINET BLOG

But that’s just the beginning. More than 40 percent of global login attempts are malicious thanks to bot-driven credential stuffing attacks, according to a new report from Ponemon that has analyzed actual network traffic across the Akamai CDN. Cyber-criminals are now looking to switch botnets from DDoS attacks to using stolen credentials to try to access online accounts. The found that some businesses’ bot activity can make up as much as 90 percent of their daily traffic.  – AKAMAI (reg.req.)

Introducing MVMT – Clean, modern watches you can actually afford.

MVMT started with a simple mission: great style shouldn't break the bank. From Indiegogo to over 1.5m watches sold in just 4 years, they've stuck to their word. Men's and women's watches start at just $95.

Clean Designs. Fair Prices. Free Shipping + Returns. Join the movement and use code INSIDE for 15% off.

Funding announcements of the week

Dover Microsystems received a $6M seed round with Draper Ventures sharing the lead investment. The company has developed real-time threat prevention using embedded processor and is based in Waltham Mass. Its CEO is Jothy Rosenberg.

Vectra Networks received a $36M D funding round with Atlantic Bridge sharing the lead investment. Based in San Jose, Calif., its CEO is Hitesh Sheth. The company has an intrusion detection and prevention solution called Cognito.

xMatters received a $40M D funding round with Goldman Sachs as the lead investor. Based in San Ramon, Calif., its CEO is Troy Mcalpin. The company sells integrated IT and incident response and notification tools.


Researchers have started seeing a sudden increase in code signing certificates being used as a layered obfuscation technique for malicious payload distribution campaigns. These certs are registered using stolen corporate identities, making traditional network security appliances less effective. These certs cost several hundred dollars each, which limits their appeal to criminals.  – RECORDED FUTURE BLOG

Security researchers have discovered a dozen flaws in Trend Micro Linux-based Email Encryption Gateway. Attackers could execute arbitrary commands with root privileges. It took Trend Micro six months to address and correct ten of these vulnerabilities with the version 5.5 build 1129, and two vulnerabilities remain unpatched. – SECURITY AFFAIRS (UK)

The Federal Bureau of Investigation is warning businesses about a spike in phishing campaigns requesting W-2 information from payroll personnel. Phishing scams that use W-2 information have been increasing overall, this according to the IRS. The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from an HR professional within the same organization.  – FBI ICC

The Avzhan DDoS bot has been known since 2010, but recently it is back in the wild again, being dropped by a Chinese drive-by attack. Researchers compare this new variation to what they have previously have seen, and trace its execution flow and obfuscation techniques. – MALWARE BYTES BLOG


The latest State of the Phish report shows a different approach to phishing prevention between US and UK-based businesses. In the US, most organizations use computer-based online security awareness training and simulated phishing attacks to train employees, while UK organizations generally opt for more passive training methods over hands-on practice. Two simulated phishing templates had a near certain click rate by targeted users: one that masqueraded as a database password reset alert, and another that claimed to include an updated building evacuation plan. – WOMBAT SECURITY (reg. req.)

Just for fun

“I want the future to be unknown,” says the character Bruce Willis plays in the movie Twelve Monkeys. Here is the clip.

Copyright ©, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security