July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida

July 29, 2021
| |
3 min read

Getting and staying ahead of threat actors means knowing the cybersecurity landscape. Today, that still often means ransomware and changing the ways and places we work. July’s top stories include a supply chain attack from the REvil ransomware gang and how to fold security into design.

We also have a deep dive into password safety, including common myths from social media. Attackers may not be looking at your tweets. However, elements of social engineering do open up passwords for exploitation in some similar ways.

This month’s expert insights also involve the state of today’s operational technology (OT) attacks, finding DLL sideloading attacks with the prototype Frida tool Windows Feature Hunter and a new way to execute .NET assemblies. Check out our top advice and news from July.

Quick Briefs: Top Insights From July

2-Minute Read 🕒

3 Myths About Threat Actors and Password Safety

Most of us have a little bit of anxiety about social media sharing. Who doesn’t cringe in sympathy (or schadenfreude) at the story of a senator who posted a picture of his password by mistake? As social media involves, keep up to date and refresh yourself on some of the basics around preventing password theft. Plus, see some common myths around password theft aren’t really worth worrying about.

3-Minute Read 🕒

What Is Domain-Driven Design?

Security review on software design can take months by itself. But what about security-driven design, where the idea that your product might be attacked (or present a weak link) is built in from the beginning? See how domain-driven design can combine security and the business domain that makes your product a worthwhile purchase. It’s the best of both worlds.

4-Minute Read 🕒

Your Home Away From Home May Not Be as Cybersecure as You Think

We’ve all heard the warnings about keeping your cybersecurity rigorous while working from home. With luck, people are starting to settle in to their workplace again in 2021, whether that’s at the office or remote. You might even be starting to think about going on vacation, when it’s safe to do. So don’t forget digital safety on the road, too. A chief technology officer and professional hacker walk through their vacation plans — the ways they keep their eyes on unsecured networks or smart house devices while on the go, that is.

Worth Your While: In-Depth Coverage To Sharpen Your Skills & Tighten Security

6-Minute Read 🕒

REvil Ransomware Gang Launches Major Supply Chain Attack — Downstream Impact May Affect Over 1,500 Customers

At the beginning of the month, IT management software firm Kaseya urged customers to shut down the Kaseya VSA remote management tool product, as they had found a compromise in the latest update. The infamous REvil ransomware gang inserted malicious code into the tool, an attack with ripples through the linked world of managed service providers. See who is affected and what to do about it to keep your business safe.

11-Minute Read 🕒

Don’t Be Rude, Stay: Avoiding Fork&Run .NET Execution With InlineExecute-Assembly

Take a look at a new Beacon Object File (BOF) that allows operators to execute .NET assemblies in process via Cobalt Strike. This is another option to the traditional built-in execute-assembly module, which uses the fork and run technique. Like any tool, it has its benefits and drawbacks, but can be a useful element to have in your tool belt.

4-Minute Read 🕒

Attacks on Operational Technology From IBM X-Force and Dragos Data

Here’s another deep dive into hard data. IBM X-Force and Dragos studied the major intrusion trends that may impact OT and industrial control systems today, including specific ransomware trends and OT-specific Trojans. See what attackers going after OT want, how the most high-profile types of attacks may not really be the ones you want to focus on and common entry points to make sure you close the right doors first.

June’s Expert Insight: Hunting for Windows “Features” with Frida — DLL Sideloading

Red team expert Chris Spehn goes into step-by-step detail on how to use Frida when it comes to Windows. While this toolkit is often used to analyze iOS and Android mobile apps, it can also be applied to desktop operating systems. Take a look at how attackers and offensive testers can identify potential DLL sideloading problems using the new Frida tool Windows Feature Hunter.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

Megan Crouse
Freelance Writer and Editor
Megan Crouse is a contributor for SecurityIntelligence.