Global Cyber News Digest

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • How to save your business from ransomware attacks

    • The increased attack surface as the network perimeter expands to accommodate the hybrid workplace has opened up more vulnerabilities and opportunities for cybercriminals.
    • Paying the ransom does nothing but validate the cybercriminals’ investment into these attacks because there is no way of knowing that the stolen data won’t be silently offered to private buyers.
    • Today’s sophisticated attackers can circumvent traditional security controls by using stolen credentials and targeting the Active Directory (basically the identity repository of an organisation).
    • Ransomware started as an untargeted, opportunistic and rapid attack. Today, it has evolved to be modular and multifaceted, one that unfolds over extended periods.
    • Tabletop exercises that enable a red and blue team to role-play different scenarios and the real-time response to those scenarios is critical for enterprises when dealing with a threat in real time.
    - Sarah Rizvi | March 21, 2021
    hak-iq.us20.list-manage.comMarch 21, 2021
  • How to Strengthen Password Policies to Stay Compliant with GDPR

    • GDPR is concerned with the collection, processing, and protection of sensitive personal data for citizens of the EU. Under GDPR, personal data is considered anything that may be able to identify directly or indirectly an individual. This would include basics like names and addresses, but also encompasses data such as ID numbers, IP addresses, phone numbers, health records, and biometric data.
    • Weak passwords are easily obtained by threat actors and used for credential stuffing and password spraying attacks which the European Data Protection Board has issued guidance saying are reportable breaches.
    • Consider adopting a 16 character or longer minimum as part of a password policy.
    • Multi-factor authentication should be required to reset any password. This will ensure that it is truly the proper user resetting the password and not an attacker imitating a user.
    • Best practices are to have passwords hashed when stored in a database and to be hashed with a strong encryption algorithm such as SHA-256 or SHA-512.
    - Enzoic | March 18, 2021
    hak-iq.us20.list-manage.comMarch 18, 2021
  • Data breach reported at Atascadero State Hospital

    • State officials say a Department of State Hospitals (DSH) employee improperly accessed the health information of more than 2,000 patients, former patients, and employees at Atascadero State Hospital.
    • The information reportedly included COVID-19 test results.
    • The data breach was reportedly discovered in late February as part of an annual review of employee access to data folders.
    KSBY NEWS | March 18, 2021
    hak-iq.us20.list-manage.comMarch 18, 2021
  • FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report, Including COVID-19 Scam Statistics

    • The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion.
    • The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud.
    • IC3’s 2020 Internet Crime Report contains information about the most prevalent internet scams affecting the public and offers guidance for prevention and protection. It also highlights the FBI’s work combating internet crime, including recent case examples.
    | March 17, 2021
    hak-iq.us20.list-manage.comMarch 17, 2021
  • Hackers Are Targeting U.S. Banks, And Hardware May Give Them An Open Door

    • A new report for China Tech Threat identifies that financial organizations have become the prime target of cyber attack, which a morass of government agencies and policies tasked with cyber-defenses have done little to abate.
    • An analysis in 2015 found that financial organizations were targeted four times more than other industries. Only four years later, financial firms experienced as many as 300 times more cyber-attacks than other companies.
    • Increasingly attacks are perpetrated by Advanced Persistent Threat (APTs) actors.
    • Unlike an opportunistic cyber-attack, in which the perpetrator seeks to “get in and get out” for some immediate payoff, an effective APT will skirt a system’s security and remain undetected for a prolonged period.
    • Much cybersecurity discourse and practice are focused on software and applications, and while important, these can compel organizations to de-emphasize hardware and physical facilities security.
    • It is well documented that the PRC uses technology to surveille and exfiltrate information. In fact, recent Chinese laws require its citizens and businesses to support the government’s intelligence operations, which include spying, IP theft and technology acquisition.
    • Hardware represents a gaping and exploitable hole the current approach to cyber security… Hardware vulnerabilities can be exploited to completely sidestep software-based security measures.
    - Roslyn Layton | March 17, 2021
    hak-iq.us20.list-manage.comMarch 17, 2021
  • Incident Report

    • In January, we became aware of a security incident later determined to be conducted by the same sophisticated threat actor responsible for the SolarWinds supply chain attack.
    • The threat actor accessed certain Mimecast-issued certificates and related customer server connection information.
    • Beyond the low single-digit number of customers targeted by the threat actor, which we contacted as described in our first blog post, we are not aware that any other customers were actively targeted.
    • Forensic analysis of all customer-deployed Mimecast software has confirmed that the build process of the Mimecast-distributed executables was not tampered with.
    • We are in the process of implementing a new OAuth-based authentication and connection mechanism between Mimecast and Microsoft technologies, which will provide enhanced security to Mimecast Server Connections.
    | March 16, 2021
    hak-iq.us20.list-manage.comMarch 16, 2021
  • "Hack everybody you can": What to know about the massive Microsoft Exchange breach

    • Cybersecurity responders are working around the clock to shore up networks hit by last week's hack of Microsoft's Exchange email service — an attack that has impacted hundreds of thousands of organizations worldwide.
    • The window for updating systems could be measured in "hours, not days," a senior White House administration official said.
    • According to Microsoft corporate vice president Tom Burt, hackers first gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities used to "disguise itself as someone who should have access." Using web shells, hackers controlled servers through remote access – operated from U.S.-based private servers – to steal data from a victim's network.
    • Experts say it's common for hackers to step up an attack immediately preceding a fix, but that the pace was much faster in this case. "Once a patch is imminent, [hackers] may turn to wider exploitation because there's this 'use it or lose' it factor," said Ben Read, the director of threat analysis at the cybersecurity company Mandiant.
    • Microsoft said Friday it is investigating whether attackers were tipped off that a patch was imminent.
    • The list of victims worldwide continues to grow to include schools, hospitals, cities and pharmacies.Cybersecurity firm CyberEye identified "an array of affected victims including U.S.-based retailers, local governments, a university, and an engineering firm."
    • The latest attack is not connected to last year's SolarWinds breach, though the timing of two massive, consecutive cyber hacks has strained the ability to respond.
    - Nicole Sganga | March 14, 2021
    hak-iq.us20.list-manage.comMarch 14, 2021
  • Phishing Attacks that Defeat 2FA Every Time

    • Assessing the risk of bypassing 2FA is an important part of any risk assessment, so we thought it would be helpful to review some of the threats we repeatedly encounter that defeat 2FA or multi-factor authentication (MFA).
    • Cyber-attacks that have successfully defeated 2FA and MFA. Here are four examples:
      • Man-In-The-Middle Attack
      • Technical Support Scams
      • Fake 2FA pages or pop-ups
      • Scareware
    • As 2FA and MFA were designed to help protect unauthorized user log-ins, cybercriminals continue to develop new approaches to access second-factor credentials, spy on browser activity, and compromised machines.
    - Lisa O'Reilly | March 13, 2021
    hak-iq.us20.list-manage.comMarch 13, 2021
  • China Intensifies Cyber-Attacks After Disengagement From Pangong Lake: Report

    • Indian government organisations such as Computer Emergency Response Team (CERT-IN) and National Critical Information Infrastructure Protection Centre (NCIIPC) have reported that Chinese hackers have attempted to infiltrate the countrys cyberspace after troops from the two neighbours disengaged from Pangong Lake in eastern Ladakh.
    • NCIIPC's Threat Assessment group has identified Emissary Panda, also known as APT-27, which is a China-based threat actor that targets foreign embassies for stealing data related to technology, government and defence sectors.
    • The hackers were attempting to steal data and disrupt the power supply in the state. The attempt was successfully thwarted because CERT-IN has issued an alert and subsequently GENCO blocked the suspected IP addresses and changed the user credentials of all officials operating remotely as precautionary measure, as reported by the local media.
    • India's response to these cyber-attacks has been restrained, and in the short term can be considered rational. Attribution remains a problem in the cyber domain, since the Chinese government has repeatedly denied responsibility for these actions.
    • Unlike with the use of conventional weapons that are the domain of the country's military, the government can deny its connection to hackers that makes threat of escalation risky.
    • Another preventative measure put in place is aimed at developing indigenous microprocessors and reducing the dependence on the country's import of military software.
    | March 13, 2021
    hak-iq.us20.list-manage.comMarch 13, 2021
  • 2gether compensates for its crypto cyber-attack losses

    • One thing that has dogged the blockchain industry, more than most, is cyber-attacks.
    • On 31 July 2020, 2gether - a collaborative crypto-trading platform - suffered a cyber-attack at the hands of hackers who stole 114 BTC and 281 ETH worth a combined €1.18 million from its users' investment accounts.
    • While these hacks are nothing new, those stolen funds are usually gone forever. 14 of these kinds of attacks, starting with Bithumb in February 2017 to Zaif in September 2018, saw $882 million in crypto and USD funds go missing.
    • 2gether is compensating its users to give back the cryptocurrency stolen from their accounts.
    • To raise the capital to execute the plan, 2gether worked with the community, private investors, and partners to generate an equity crowdfunding round, which closed at the legal maximum of €1.5 million, 125 percent of its target.
    • It's rare to see any blockchain organization compensate for cyber-attack losses. If the industry is to become seen as legitimate by a mainstream audience, more schemes like this could make the difference.
    - Stewart Rogers | March 11, 2021
    hak-iq.us20.list-manage.comMarch 11, 2021