This Week in Application Security News, March 4 – 10, 2018

News highlights this week: New cryptojacking attack targets both application and database servers with crypto-mining malware, ‘Kill switch’ stops memcached DDoS attacks, Ukraine sentences two citizens for DDoS extortion, UK cyber security certification pilot launched and SEC’s cybersecurity guidance falls short.

Top Story

Imperva researchers discovered a complex, new cryptojacking attack that infects both application and database servers with crypto-mining malware. RedisWannaMine demonstrates a worm-like behavior combined with advanced exploits to increase the attackers’ infection rate and fatten their wallets.

Read more…

Cryptojacking cyber criminals up their game (Computer Weekly, Mar 9)

New cryptojacking attack uses Redis and NSA exploits to infect machines (SC Magazine, Mar 9)

New cryptojacking attack uses WannaCry exploit to mine on Windows servers (Tech Republic, Mar 9)

Worm Infects Redis, Windows Servers with Cryptomining Malware (Security Boulevard, Mar 8)

DDoS Attacks and Cyberthreat Prevention

Memcached DDoS attacks slow down as patching ramps up (eWeek, Mar 9)

Memcached patching efforts appear to be working as the attack bandwidth size of memcached DDoS attacks is now on the decline.

Ukraine sentences two citizens for DDoS extortion campaigns (Bank InfoSecurity, Mar 6)

This groundbreaking prosecution targeted attackers who demanded bitcoin payoffs.

UK cyber security certification pilot launched (Computer Weekly, Mar 8)

UK businesses now have the opportunity to improve cyber security and prove they have taken steps to protect data they hold, thanks to a police-backed certification scheme.

SEC’s new cybersecurity guidance falls short (CSO Online, Mar 5)

Those who hoped that the US Securities and Exchange Commission would impose tougher rules (and consequences for breaking them) around reporting breaches may be disappointed.

In other news…

Securing healthcare data and applications (Security Boulevard, Mar 3)

Girl Scouts fight cybercrime with new cybersecurity badge (NBCNews.com, Mar 4)

Security remains an afterthought in DevOps (ComputerWeekly, Mar 5)

UK Cops Tried ‘DDoS-Style’ Tactics on Drug Dealers’ Phones (Motherboard, Mar 6)

World Economic Forum leads creation of fintech cyber security consortium (Reuters, Mar 6)

NRA websites heavily targeted by memcached-based DDoS attacks (Bleeping Computer, Mar 8)

10 technologies that are changing how we think about cybersecurity (TechRadarPro, Mar 8)

Hackers, not users, lose money in attempted cryptocurrency exchange heist (Bleeping Computer, Mar 8)

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.