October 23, 2017
Australia Spy Chief Warns of Growing Foreign Meddling – Australia
The Australian Security Intelligence Organization (ASIO) said it was struggling to cope with the threat, with its resources stretched from fighting terrorism. Spy chief Duncan Lewis said in a forward to ASIO's annual report that over the past year there had been a "steadily worsening overall security and operational environment". He pinpointed heightened terror fears, but also growing foreign interference which was "extensive, unrelenting and increasingly sophisticated". Overseas powers had sought classified information on Australia's alliances and partnerships, its position on diplomatic, economic and military issues, energy and mineral resources, and innovations in science and technology, he said. "Espionage and foreign interference is an insidious threat -- activities that may appear relatively harmless today can have significant future consequences," he warned. Officials last week revealed sensitive data about Australia's F-35 stealth fighter and P-8 surveillance aircraft programmers was stolen when a defense subcontractor was hacked using a tool widely used by Chinese cybercriminals. Without naming any countries, Lewis pointed to "a number of states and other actors".
Kaspersky Denies Its Software Can Be Used For Russian Espionage – Russia and The United States
The founder of Russian cybersecurity firm Kaspersky Lab denies that Russian security services can use its popular anti-virus software for espionage, claiming he is the victim of a “media attack” as the company comes under pressure in the US. Evgeny Kaspersky was responding to anonymously sourced reports in US media last week that Russian secret services had a backdoor into Kaspersky’s anti-viral software that allowed them to search for classified information and obtain data about US cyber defense. The US took the unusual step of banning federal agencies from using Kaspersky software last month, in what some cybersecurity experts believe could be the first step in the splintering of the global industry into national territories. Mr. Kaspersky wrote on his blog on Thursday that Kaspersky Lab could not have spied on the US government or American users. A backdoor would be discoverable because its products and databases were all available for inspection on public servers, he said. “Our products’ functionality completely and utterly depends on the application code and entries in updated databases — there is no mysterious magic at work,” he wrote. While the US government cannot control whether the private sector uses Kaspersky software without issuing sanctions, many major US retailers have stopped selling Kaspersky products since the federal agencies ban. Office Depot, Staples and Best Buy all say they will no longer sell the product, though it is still available on Amazon and Walmart. US regulatory agencies contacted by the FT, which issue guidance on cybersecurity for the industries they oversee, have not warned companies about the software.
Ursnif Trojan Uses New Malicious Macro Tactics – Global
Recently observed distribution campaigns featuring the Ursnif banking Trojan were using new malicious macro tactics for payload delivery, Trend Micro has discovered. Malicious macros have been used for over a decade for malware distribution, and have become highly popular among cybercriminals over the past several years, despite Microsoft’s efforts to block them. They are used to drop all types of malware, including banking malware, ransomware, spyware, and backdoors. The normal infection chain when malicious macros are used involves tricking the victim into enabling the macro in the document received via spam email. Next, malicious code (usually PowerShell) is executed to download and run the final payload. The effectiveness of macros as a delivery method inspires miscreants to continue to use the technique and improve it, in an attempt to evade detection and hinder analysis. Ursnif’s operators have already shown a focus on evading sandbox detection, and recently adopted checks that allow them to do so. One employed tactic is the use of AutoClose, which can run the PowerShell script after the document was closed, thus preventing detection that focuses on analyzing the macro itself. The method is easy to implement and Trend Micro says it is becoming a common feature in many malicious macros.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!