SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
WEF publishes cybersecurity report with unsurprising findings
The World Economic Forum (WEF) published its Global Cybersecurity Outlook 2024 report. It is primarily based on survey responses from 200 respondents in almost 50 countries, and supplemented with discussions with 140 executives able to attend a meeting in November 2023.
The outcome will surprise few cybersecurity professionals. Greater resilience and improved public/private cooperation is necessary. Third-parties increase the attack surface. AI will prove disruptive (both in attack and defense), and we can expect AI-assisted disinformation campaigns in the 2024 elections year. Regulations are increasing, and are considered by WEF to be a good thing — even though many non-WEF cybersecurity professionals consider them a threat to cybersecurity implementation.
Equally unsurprising is that difficulties affect smaller companies more drastically than larger companies: the skills gap is wider while the absence of cyberinsurance is more prevalent. There is, however, little of true value to the cybersecurity professional in the trenches of cyber defense.
KyberSlash vulnerability in the Kyber KEM post-quantum algorithm
On December 30, 2023, researchers announced a timing vulnerability (dubbed KyberSlash) in several implementations of Kyber (a key encapsulation mechanism selected by NIST for post-quantum cryptography). The vulnerability could allow attackers to recover the private key. This is not the first problem with NIST PQC candidates — see also the cracking of SIKE.
“KyberSlash yet again underscores the importance of [crypto] agility in a robust cryptographic deployment,” commented Joey Lupo, product security architect at QuSecure. Crypto agility allows rapid switching from one encryption algorithm to another if the incumbent is cracked. While this is essential for encryption going forward, crypto agility cannot protect IP that may already be stolen through ‘harvest now, decrypt later’ campaigns.
Self-spreading Mirai-based NoaBot botnet
Since the beginning of 2023, a self-spreading Mirai-based botnet has been actively infecting devices as part of a crypto-mining campaign. Dubbed NoaBot, the malware also features a SSH key backdoor, can be used in distributed denial-of-service (DDoS) attacks, and drops a modified version of the XMRig miner. To date, more than 800 devices appear to have been infected with NoaBot.
Iranian APT targets Albania in wiper attack
An Iran-linked APT that has been launching ransomware and destructive attacks against Albania since at least July 2022 has recently taken control of systems associated with Albanian infrastructure and government organizations and deployed a wiper, according to ClearSky Security. The company believes this Iranian destruction campaign could threaten other countries as well.
North Korean hackers stole $600 million in cryptocurrency in 2023
North Korean hackers stole at least $600 million in cryptocurrency in 2023, according to TRM Labs. North Korea was responsible for nearly a third of all funds stolen in crypto-related attacks last year.
Paladin Global Institute launched to help protect global critical infrastructure and users
Cyber-focused venture capital firm Paladin Capital Group has launched the Paladin Global Institute, whose goal is to help protect critical infrastructure from cyber threats and enhance online safety through research and advocacy, policy recommendations, and public-private sector collaboration. Kemba Walden, former Acting National Cyber Director, has been named the institute’s president.
ZDI disclosed 1,900 vulnerabilities in 2023
Trend Micro’s Zero Day Initiative (ZDI) disclosed more than 19,000 vulnerabilities in 2023. Other information on the company’s activity is available in a new report summarizing its contribution to the industry.
Cloudflare publishes DDoS and API reports
Cloudflare has published a DDoS threat report for the fourth quarter of 2023, as well as its API Security Report for 2024, which is based on the analysis of real traffic data.
OpenSSL, Chrome, Fortinet, Juniper patches
Patches for OpenSSL, Chrome and products made by Fortinet and Juniper were announced this week.
Vulnerabilities in medical devices, smart home products, and IT management software
Pentagrid identified several vulnerabilities in Lantronix EDS-MD, an IoT gateway for medical devices and equipment. The vulnerabilities include command injection, CSRF, missing authentication, and XSS vulnerabilities, as well as outdated software components.
Gotham Security researchers found critical vulnerabilities in the ConnectWise ScreenConnect remote control software. Two vulnerabilities that have now been patched can allow a non-privileged attacker with existing access to a system to execute arbitrary code with elevated privileges.
Bitdefender researchers discovered that the Bosch BCC100 thermostat is affected by a vulnerability that allows an attacker on the same network to replace the device firmware with a rogue version.
Related: In Other News: US Ransomware Attacks, 23andMe Blames Victims, Nuclear Waste Hacking Attempt
Related: In Other News: Ubisoft Hack, NASA Security Guidance, TikTok Requests iPhone Passcode