The Tanium 10: Locky Ransomware Makes A Comeback | Developers Lack Security Skills

Susan Nunziata Posted on 08.25.17 — by Susan Nunziata

Welcome to The Tanium 10, our weekly roundup of the news that matters most to security and IT professionals. Each week, we spotlight the 10 stories, trend reports, and research that caught our eye—all to help you keep up with what’s happening in our fast-paced industry. We value your feedback. Once you’ve read this week’s insights, please email me here and tell me what you think.

The Tanium 10

The Tanium 10 for the week ending August 25, 2017:

  1. Locky, one of the most successful families of ransomware, is rearing its ugly head again. The latest campaign began Aug. 9 and is being distributed with a new file extension called Diablo6, according to Malwarebytes researchers. This particular campaign uses spam emails in the form of PDF attachments with embedded .DOCM files.
  2. A.P. Moller–Maersk reports that the NotPetya ransomware attack cost it $200 million to $300 million this quarter, with additional pain expected in the next quarter as well. Maersk Line, the company’s container shipment arm, is bearing the brunt of the impact.
  3. When was the last time you considered source code theft among the many cybersecurity issues you’re handling? It may be our industry’s biggest dirty little secret.
  4. There’s a serious lack of security skills among developers worldwide, according to a new survey. More than three-quarters of the 400 DevOps professionals polled in the 2017 DevSecOps Global Skills Survey say security and secure development education needed for today’s world of coding is missing from formal curriculums.
  5. You may be familiar with the concepts put forth in the book “A Purpose-Driven Life,” but have you ever considered how those concepts might be put into practice for cybersecurity? No, neither have we. Here’s what purpose-driven cybersecurity looks like.
  6. A cybersecurity analysis of 18 industries places the U.S. government at No. 16, ahead of only telecommunications and education. Healthcare, transportation, financial services, and retail all ranked above it, despite all these sectors having experienced significant breaches and attacks in recent years. The government particularly lags on replacing outdated software, patching current software, endpoint defense, and IP address reputation.
  7. London cybersecurity firms are collaborating in order to strengthen the city’s cyber defenses. The initial Cyber39 team will consist of 22 London-based private cybersecurity companies. The plan has received backing from both the Department for International Trade and the Department for Digital, Culture, Media and Sport.
  8. An expedition to Antarctica is a big bucket-list item for us here at The Tanium 10. So we were fascinated to read the story of this IT pro’s heroic efforts to keep the lights on while traversing the South Pole. “I am 35 now, and I have been working with computers for over 20 years—hack days, evenings, weekends, personal projects,” software engineer Carles Pina i Estany told Ars Technica. “I tell you, in this expedition I used everything I know, even little bits of knowledge I thought were pretty useless. It all becomes useful in the Antarctic.”
  9. A flaw in the Controller Area Network (CAN) protocol underpinning all modern automobiles is unpatchable. The CAN protocol is used to manage communications between a vehicle’s internal components — not exactly something you’d want to see exploited by hackers. Researchers say it will take a new generation of vehicles to patch the flaw because it involves how the CAN standard works at its lowest levels.
  10. U.S. Senators Jerry Moran (R-KS) and Tom Udall (D-NM) offered the Modernizing Government Technology (MGT) Act as an amendment to the National Defense Authorization Act (NDAA). Senators hope attaching the MGT Act to must-pass legislation will ensure its passage, given that the legislation has stalled in the Senate despite being passed by the House twice with bipartisan support. The MGT Act aims to accelerate efforts to upgrade federal IT.

And another thing…

Bill Gates and Richard Branson are among the investors in Memphis Meats, a startup producing “clean meat” grown in a lab using the cells of cows and chickens. Would you like fries with your lab-burger?

Like what you see? Click here and sign up to receive The Tanium 10 in your inbox every Friday.