Microsoft looks to secure IoT and hybrid cloud workloads against evolving attacks with Azure Security Center for IoT, a product offering end-to-end security, from sensor to cloud, for both Microsoft and 3rd party devices.

According to Bain & Company, the top concern for organisations considering IoT projects is security, leading to delays in IoT rollouts. IoT installations stretch from the smallest sensor through the network to the cloud, meaning piecemeal security products leave too many gaps. In contrast, Azure Security Center for IoT promises unified visibility and control, adaptive threat prevention and intelligent threat detection and response across workloads running on edge, on-premises, in Azure and other clouds.

Elasticsearch is yet again under cybercriminal attack, as Trend Micro describes a vicious breed of malware able to turn the enterprise search engine into a cryptocurrency mining botnet able to deliver denial of service (DDoS) attacks.

As the security vendor puts it, the treats transform targets into "botnet zombies." It targets exposed or publicly accessible out-of-date Elasticsearch databases/servers, and forces them to download a series of malicious Java commands from an expendable or easy-to-replace domain. The first script shuts down the firewall and competing cryptocurrency mining activities, before a second script prepares the host by removing configuration files and any traces of the initial infection.

Symantec announces further cloud access security capabilities enabling enterprises to enforce consistent Zero Trust policies for users accessing SaaS applications, corporate applications in IaaS environments, cloud-based email and the internet.

Part of the Integrated Cyber Defense Platform, the solutions not only provide access controls, but also add "unique" visibility and content scanning capabilities, allowing the enforcement of consistent DLP policies on information sent to cloud and web destinations, as well as threat inspection for content downloads. Further extending the solution are integrations with Symantec VIP for multi-factor authentication and Symantec Web Isolation for enhanced threat prevention.

The Microsoft Defender Advanced Threat Protection (ATP) team tells all about Astaroth, a particularly sneaky strain of malware with a fileless nature making it particularly difficult to detect.

Named after no one other than the Great Duke of Hell, Astaroth has been in circulation around S. America and Europe since at least late 2017. It is used to steal sensitive data via phishing attacks launched through spear-phishing. That sounds typical enough, but Astaroth is uniquely nasty since it does not need to install an executable on the target machine. As Microsoft puts it, Astaroth "lives off the land," running legitimate system tools through a complex attack chain involving multiple steps and various fileless techniques.

How does an Astaroth attack take place? Typically, a user opens a malicious link in a spear-phishing email leading to a .LNK file. If the file is opened, the WMIC tool is executed with the "/Format" parameter allowing the downloading and execution of a JavaScript code. In turn, the JavaScript pulls and runs two DLL files able to log and upload victim information, all while disguised as a system process. The result is an attack able to avoid traditional signature-based detection tools, since it involves no downloads or installs other than the DLL files.