SSL.com

Cybersecurity Roundup January 2024


Coyote Trojan Targets Banking Apps with Advanced Evasion Techniques 

Kaspersky’s discovery of the Coyote banking Trojan, targeting 61 online banking apps mainly in Brazil, signifies an evolution in financial malware with its use of diverse technologies such as Squirrel and Nim. This development reflects the creativity and adaptability of Brazilian cybercriminals who have been active in the malware scene for over two decades, potentially posing a global threat if Coyote expands its reach.  Coyote’s sophisticated functionalities enable a wide range of malicious activities, from capturing login information via phishing overlays to freezing machines, highlighting its potential to evolve into a more significant threat similar to previous Trojans like Emotet and Trickbot. Its unique approach to evading detection, by utilizing less common programming languages and tools, sets a new benchmark in malware sophistication.  Brazil’s prominence as a hub for banking malware, coupled with Coyote’s advanced capabilities, underscores the urgent need for robust cybersecurity measures.
SSL.com Insights:

Emphasizing strong endpoint protection can shield against such sophisticated malware, focusing on advanced authentication mechanisms to verify user identities and control access. Implementing continuous monitoring and behavior analysis helps detect anomalies that signify a breach, enabling rapid response. Educating employees on the latest cyber threats and safe online practices is also vital, as human error and malicious social engineering tactics often open doors to cyberattacks. SSL.com’s code signing certificates can play a pivotal role by ensuring software integrity through tamper-proof digital signatures, trustworthiness through validated identities, and preventing the execution of unauthorized or tampered applications by conducting pre-signing malware scans. Strengthening cybersecurity frameworks with SSL.com’s solutions can significantly mitigate the risk of sophisticated banking Trojans and safeguard sensitive data.

Explore SSL.com’s EV Code Signing Certificates and Cloud CI/CD Integrations. 

Get Started Here

loanDepot Cyberattack Cripples Mortgage Systems 

Central US mortgage provider loanDepot suffered a disruptive cyberattack that has taken vital IT systems and customer payment portals offline. The attack struck on January 20, with a forensics investigation still ongoing. Internal systems and email were impacted, slowing business operations. The online payment portal myloandepot.com was also down, delaying loan payments.  While the specific attack method details are unknown, a ransomware attack is likely, given the operational disruption. This marks the second major ransomware hit on a mortgage firm this month after the First Guaranty Mortgage attack.  With access to sensitive customer financial data, loanDepot clients should watch for potential phishing lures or fraud linked to stolen info. The incident showcases the mortgage industry’s continued vulnerability to cyber-attacks aiming to cause maximum havoc. 
SSL.com Insights:

The recent cyberattack on loanDepot underscores the importance of protecting sensitive customer data and financial transactions. SSL.com highlights the necessity of strong network security for businesses with sensitive customer data, advocating for network segmentation as a key defense against ransomware attacks. This strategy involves dividing the network into multiple segments or subnets, each functioning as an independent security zone, to prevent attackers from moving laterally within the network. By segregating critical systems, such as those handling financial transactions and customer information, from less critical networks, companies like loanDepot can significantly reduce the potential damage from cyber incidents. SSL.com further strengthens network security through its Client Authentication certificates, ensuring that only authenticated users and devices have access to critical systems and networks.

Boost your digital defenses and secure your sensitive data with SSL.com’s Client Authentication certificates today! 

Secure Your Critical Infrastructure

UK Agency Forecasts AI Will Boost Ransomware Threats

The UK’s National Cyber Security Centre (NCSC) has issued a stark warning about the potential for artificial intelligence (AI) to empower ransomware attacks over the next two years. Key takeaways from the NCSC’s threat assessment include:   AI is expected to intensify cyberattacks, mainly by enhancing existing surveillance and social engineering tactics. Both state and non-state actors are already utilizing AI.   AI will lower barriers for novice cybercriminals, contributing to the global ransomware epidemic. By 2025, advanced AI tools are likely to spread through criminal ecosystems.   For advanced persistent threats (APTs), AI could enable faster creation of evasive custom malware if trained on quality data.   Intermediate hackers are expected to gain advantages in reconnaissance, social engineering, and data extraction. Less skilled actors will see AI lift capabilities across the board.   Regardless of skill level, AI-powered phishing, spoofing, and social engineering are expected to become highly challenging to identify.   The NCSC analysis paints a bleak picture of AI supercharging existing cyber threats over the next two years and beyond. Ransomware, powered by the democratization of advanced techniques, is expected to see a significant upswing through 2025. Defenders face an uphill battle as generative AI looks poised to make threats more potent on all fronts. 
SSL.com Insights:

The UK’s National Cyber Security Centre’s alert on AI-driven cyber threats underscores the need for advanced cybersecurity measures. Integrating Advanced Threat Protection (ATP) systems, that utilize AI and machine learning, enable companies to detect and neutralize cyber threats in real-time, including phishing and social engineering attacks. Endpoint Detection and Response (EDR) systems, a key ATP solution, offer comprehensive monitoring and analysis of endpoint and network events to identify and mitigate threats like ransomware and phishing. These systems employ behavioral analysis, anomaly detection, and machine learning to provide detailed forensic insights, aiding in the prevention of future attacks. Further enhancing security, EDR can be integrated with Security Information and Event Management (SIEM) systems for broader network visibility and more effective threat detection and response. This layered defense strategy, combining EDR and SIEM, equips organizations with the tools to swiftly identify, analyze, and respond to sophisticated cyber threats, reinforcing their cybersecurity posture in the face of evolving dangers.

Cyberattacks Target Network Operators and Middle East Organizations 

A security breach involving RIPE NCC, a central database for IP addresses in the Middle East, Europe, and Africa, has led to the sale of 716 compromised accounts on the Dark Web. This discovery was part of a larger finding by cybersecurity firm Resecurity, which uncovered 1,572 customer accounts across various regional networks affected by malware, including well-known password stealers like Redline and Azorult. The breach not only exposed RIPE accounts but also other privileged user credentials, highlighting the vulnerability of network operators and critical infrastructure to cyberattacks.  This incident has significant implications for internet stability and security, as demonstrated by an internet outage at Orange Spain caused by a compromised RIPE account. Security experts emphasize the necessity of implementing robust privileged access management solutions and strong authentication measures to mitigate the risks associated with such breaches. The surge in malware-driven cyberattacks in the region underscores the growing threat to network security, urging organizations to enhance their cybersecurity practices to prevent credential leaks and protect against potential intrusions and data theft. 
SSL.com Insights:

SSL.com highlights the urgency of enhancing authentication security following recent credential theft incidents affecting RIPE accounts, advocating for a strong Privileged Access Management (PAM) strategy to counter the threat to network operators. PAM helps in managing, controlling, and monitoring access for users with elevated privileges to critical information systems. Deploying just-in-time (JIT) access protocols allows organizations to grant temporary privileges to users, minimizing the active duration of credentials and thereby reducing the potential for cyber threats. SSL.com’s Client Authentication certificates further secure network access and safeguard sensitive credentials by requiring not only login credentials but validated client device identities. This approach ensures that only authenticated devices and users can access critical systems, significantly diminishing the risk of credential theft and misuse. 

Defend against credential theft with SSL.com’s Client Authentication certificates today! 

Get Protected Now

SSL.com Announcements

SSL.com’s S/MIME Certificates can now be integrated with an LDAP-enabled network

LDAP (Lightweight Directory Access Protocol) is an industry-standard protocol for accessing and managing directory information services. It is commonly used for storing and retrieving information about users, groups, organizational structures, and other resources in a network environment.

Integrating LDAP with S/MIME certificates involves utilizing LDAP as a directory service to store and manage user certificates. 

By integrating LDAP with S/MIME certificates, organizations can centralize certificate management, enhance security, and streamline the process of certificate retrieval and authentication in various applications and services that leverage LDAP as a directory service.

Contact sales@ssl.com for more information on LDAP integration. 

Single Sign On (SSO) can now be enabled for SSL.com accounts 

SSL.com users can now activate Single Sign On (SSO) for their accounts. This feature allows users to link their Google, Microsoft, GitHub, and Facebook accounts to their SSL.com accounts. Once linked and logged in to any of the four service providers mentioned, there is no need for users to repeatedly login to their SSL.com accounts with their username and password.  The adoption of SSO by SSL.com represents a commitment to maintaining high security standards while providing a user-friendly environment, ultimately fostering a safer and more secure online experience for its users. 

Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

< p align=”justify”>Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems. 
Exit mobile version