Sophisticated Covert Cyberattack Campaign Targets Military Contractors

Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities. [TechWeb]( Follow Dark Reading: [RSS]( September 29, 2022 LATEST SECURITY NEWS & COMMENTARY [Sophisticated Covert Cyberattack Campaign Targets Military Contractors]( Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities. [Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules]( The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys. [Container Supply Chain Attacks Cash In on Cryptojacking]( Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances. [Google Cloud DORA: Securing the Supply Chain Begins With Culture]( The team's annual survey finds that the right development culture is better than technical measures when it comes to shoring up software supply chain security practices. An additional benefit: Less burnout. [Fast Company CMS Hack Raises Security Questions]( The company's website remains offline after hackers used its compromised CMS to send out racist messages. [Google Quashes 5 High-Severity Bugs With Chrome 106 Update]( External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs. [Time to Change Our Flawed Approach to Security Awareness]( Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable. [The Countdown to DORA]( With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know. [Phishing Attacks Crushed Records Last Quarter, Driven by Mobile]( Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports]( Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API. [7 Metrics to Measure the Effectiveness of Your Security Operations]( SOC metrics will allow stakeholders to track the current state of a program and how it's supporting business objectives. [4 Data Security Best Practices You Should Know]( There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action. [MORE]( EDITORS' CHOICE [Most Attackers Need Less Than 10 Hours to Find Weaknesses]( Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days. LATEST FROM THE EDGE [Fake Accounts Are Not Your Friends!]( Inflated user bases and fake engagement cause more harm than good, especially when the artificial accounts are based on stolen human identities. LATEST FROM DR TECHNOLOGY [When Will Cybersecurity Get Its Bloomberg Terminal?]( The "single pane of glass" that gathers and correlates all the information security professionals need doesn't exist, so it's up to us to create it. WEBINARS - [Threat Hunting Today: The Tools and Techniques That Get You Out in Front of Criminals]( Proactive "threat hunting" is becoming a more common practice for organizations who know it is no longer enough to detect threats and defend against them. Security teams are increasingly taking a more proactive approach--seeking out potential threats using analytical tools. ... - [Strategies for DDoS Resilience and Response]( There are few things more disruptive than a distributed denial-of-service (DDoS) attack. The criminals behind these attacks have one objective: to bring everything to a stop so you can't conduct business as usual. How can you ensure business continuity during ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Ransomware Resilience and Response: The Next-Generation]( - [Understanding the Zero Trust Approach]( - [Your Digital Transformation Is Being Sabotaged - The Surprising Impact of Sophisticated Bots]( - [BotGuard for Applications Higher Education Case Study]( - [Why Email Security Is So Valuable For Protecting Against Ransomware]( - [Top Four Steps to Reduce Ransomware Risk]( - [Ransomware in Focus: New Research on CISO Perceptions, Perspectives, and Plans]( [View More White Papers >>]( FEATURED REPORTS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted Attacks Continue to Grow]( [Malwarebytes Expands OneView Platform for MSPs]( [Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)