Covert malware targets VMware for hypervisor-level espionage

Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year. The now-Google-owned threat intel team attributed the intrusions to an uncategorized group it calls UNC3886 and says it suspects the criminals’ motivation to be espionage. It also asserts “with low confidence” that the gang has ties to China.

One third of all cyberattacks now involve business email compromise

A new report from security operations startup Arctic Wolf Networks Inc. finds a significant uptick in business email compromise attacks for the first half of this year. Based on data analysis and insights from Arctic Wolf’s incident response unit Tetra Defense, BEC now accounts for over a third of all total cases responded to and the number of cases nearly doubled from the first to the second quarter. Industries such as finance and insurance, business services, legal and government all saw significant increases in this attack type. Of those organizations struck by a BEC, 80% of organizations did not have multifactor authentication in place before their incidents. The lack of MFA among victims is said in the report to highlight its importance in securing organizations. “With MFA in place, exploitation of compromised credentials becomes more challenging,” the report notes.

Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto

Back in August, researchers at ESET spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware. In recent days, SentinelOne has seen a further variant in the same campaign using lures for open positions at rival exchange Crypto.com. In this post, we review the details of this ongoing campaign and publish the latest indicators of compromise. North-Korean linked APT threat actor Lazarus has been using lures for attractive job offers in a number of campaigns since at least 2020, including targeting aerospace and defense contractors in a campaign dubbed ‘Operation Dream Job’.

What CISOs Want to See From NIST’s Impending Zero Trust Guidelines

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. Several organizations, including the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) responded to the president’s order with detailed guidance for federal agencies. The National Cybersecurity Center of Excellence issued how-to guides and example approaches to using a zero trust architecture. 

NSA Employee Leaked Classified Cyber Intel, Charged with Espionage

A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer. Dalke allegedly used an encrypted email account to leak sensitive and classified documents he obtained while working at the NSA to an individual who claimed to have worked for a foreign government.