News highlights this week: New cryptojacking attack targets both application and database servers with crypto-mining malware, ‘Kill switch’ stops memcached DDoS attacks, Ukraine sentences two citizens for DDoS extortion, UK cyber security certification pilot launched and SEC’s cybersecurity guidance falls short.
Imperva researchers discovered a complex, new cryptojacking attack that infects both application and database servers with crypto-mining malware. RedisWannaMine demonstrates a worm-like behavior combined with advanced exploits to increase the attackers’ infection rate and fatten their wallets.
Cryptojacking cyber criminals up their game (Computer Weekly, Mar 9)
New cryptojacking attack uses Redis and NSA exploits to infect machines (SC Magazine, Mar 9)
New cryptojacking attack uses WannaCry exploit to mine on Windows servers (Tech Republic, Mar 9)
Worm Infects Redis, Windows Servers with Cryptomining Malware (Security Boulevard, Mar 8)
DDoS Attacks and Cyberthreat Prevention
Memcached DDoS attacks slow down as patching ramps up (eWeek, Mar 9)
Memcached patching efforts appear to be working as the attack bandwidth size of memcached DDoS attacks is now on the decline.
Ukraine sentences two citizens for DDoS extortion campaigns (Bank InfoSecurity, Mar 6)
This groundbreaking prosecution targeted attackers who demanded bitcoin payoffs.
UK cyber security certification pilot launched (Computer Weekly, Mar 8)
UK businesses now have the opportunity to improve cyber security and prove they have taken steps to protect data they hold, thanks to a police-backed certification scheme.
SEC’s new cybersecurity guidance falls short (CSO Online, Mar 5)
Those who hoped that the US Securities and Exchange Commission would impose tougher rules (and consequences for breaking them) around reporting breaches may be disappointed.
In other news…
Securing healthcare data and applications (Security Boulevard, Mar 3)
Girl Scouts fight cybercrime with new cybersecurity badge (NBCNews.com, Mar 4)
Security remains an afterthought in DevOps (ComputerWeekly, Mar 5)
UK Cops Tried ‘DDoS-Style’ Tactics on Drug Dealers’ Phones (Motherboard, Mar 6)
NRA websites heavily targeted by memcached-based DDoS attacks (Bleeping Computer, Mar 8)
10 technologies that are changing how we think about cybersecurity (TechRadarPro, Mar 8)
Hackers, not users, lose money in attempted cryptocurrency exchange heist (Bleeping Computer, Mar 8)