Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Energy giant Shell discloses data breach after Accellion hack

    • Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA).
    • According to the company, some of the data accessed during the attack belongs to stakeholders and Shell subsidiaries.
    • Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties. — Shell
    • While the attackers' identity was not disclosed in Shell's statement, a joint statement published by Accellion and Mandiant last month shed more light on the attacks, linking them to the FIN11 cybercrime group.
    • The Clop ransomware gang has also been using an Accellion FTA zero-day vulnerability (disclosed in mid-December 2020) to compromise and steal data from multiple companies.
    - Sergiu Gatlan | March 22, 2021
    hak-iq.us20.list-manage.comMarch 22, 2021

  • Tesla cars banned by China military on concerns over cameras

    • The order, issued by the military, advises Tesla owners to park their cars outside of military property.
    • The ban, relayed to residents of military housing and others this week, was triggered by concerns that the world’s biggest maker of electric vehicles is collecting sensitive data via the cars’ in-built cameras in a way the Chinese government can’t see or control.
    • Tesla, like many other automakers including General Motors, uses several small cameras, mainly located on the outside of the vehicle, to help guide parking, autopilot and self-driving functions. Most Tesla models also have an interior camera mounted above the rear view mirror that can be used to detect whether a driver is looking at the road, looking down at their lap, wearing sunglasses, or looking at something else entirely.
    • Elon Musk, appearing on Saturday at the China Development Forum, a conference organised by a unit of the country’s State Council, in a session titled: The Next Disruptive Innovation?, said the carmaker would be “shut down everywhere” if it used the technology in its cars for spying.
    | March 22, 2021
    hak-iq.us20.list-manage.comMarch 22, 2021

  • How to save your business from ransomware attacks

    • The increased attack surface as the network perimeter expands to accommodate the hybrid workplace has opened up more vulnerabilities and opportunities for cybercriminals.
    • Paying the ransom does nothing but validate the cybercriminals’ investment into these attacks because there is no way of knowing that the stolen data won’t be silently offered to private buyers.
    • Today’s sophisticated attackers can circumvent traditional security controls by using stolen credentials and targeting the Active Directory (basically the identity repository of an organisation).
    • Ransomware started as an untargeted, opportunistic and rapid attack. Today, it has evolved to be modular and multifaceted, one that unfolds over extended periods.
    • Tabletop exercises that enable a red and blue team to role-play different scenarios and the real-time response to those scenarios is critical for enterprises when dealing with a threat in real time.
    - Sarah Rizvi | March 21, 2021
    hak-iq.us20.list-manage.comMarch 21, 2021

  • How to Strengthen Password Policies to Stay Compliant with GDPR

    • GDPR is concerned with the collection, processing, and protection of sensitive personal data for citizens of the EU. Under GDPR, personal data is considered anything that may be able to identify directly or indirectly an individual. This would include basics like names and addresses, but also encompasses data such as ID numbers, IP addresses, phone numbers, health records, and biometric data.
    • Weak passwords are easily obtained by threat actors and used for credential stuffing and password spraying attacks which the European Data Protection Board has issued guidance saying are reportable breaches.
    • Consider adopting a 16 character or longer minimum as part of a password policy.
    • Multi-factor authentication should be required to reset any password. This will ensure that it is truly the proper user resetting the password and not an attacker imitating a user.
    • Best practices are to have passwords hashed when stored in a database and to be hashed with a strong encryption algorithm such as SHA-256 or SHA-512.
    - Enzoic | March 18, 2021
    hak-iq.us20.list-manage.comMarch 18, 2021

  • Data breach reported at Atascadero State Hospital

    • State officials say a Department of State Hospitals (DSH) employee improperly accessed the health information of more than 2,000 patients, former patients, and employees at Atascadero State Hospital.
    • The information reportedly included COVID-19 test results.
    • The data breach was reportedly discovered in late February as part of an annual review of employee access to data folders.
    KSBY NEWS | March 18, 2021
    hak-iq.us20.list-manage.comMarch 18, 2021

  • FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report, Including COVID-19 Scam Statistics

    • The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion.
    • The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud.
    • IC3’s 2020 Internet Crime Report contains information about the most prevalent internet scams affecting the public and offers guidance for prevention and protection. It also highlights the FBI’s work combating internet crime, including recent case examples.
    | March 17, 2021
    hak-iq.us20.list-manage.comMarch 17, 2021

  • Hackers Are Targeting U.S. Banks, And Hardware May Give Them An Open Door

    • A new report for China Tech Threat identifies that financial organizations have become the prime target of cyber attack, which a morass of government agencies and policies tasked with cyber-defenses have done little to abate.
    • An analysis in 2015 found that financial organizations were targeted four times more than other industries. Only four years later, financial firms experienced as many as 300 times more cyber-attacks than other companies.
    • Increasingly attacks are perpetrated by Advanced Persistent Threat (APTs) actors.
    • Unlike an opportunistic cyber-attack, in which the perpetrator seeks to “get in and get out” for some immediate payoff, an effective APT will skirt a system’s security and remain undetected for a prolonged period.
    • Much cybersecurity discourse and practice are focused on software and applications, and while important, these can compel organizations to de-emphasize hardware and physical facilities security.
    • It is well documented that the PRC uses technology to surveille and exfiltrate information. In fact, recent Chinese laws require its citizens and businesses to support the government’s intelligence operations, which include spying, IP theft and technology acquisition.
    • Hardware represents a gaping and exploitable hole the current approach to cyber security… Hardware vulnerabilities can be exploited to completely sidestep software-based security measures.
    - Roslyn Layton | March 17, 2021
    hak-iq.us20.list-manage.comMarch 17, 2021

  • Incident Report

    • In January, we became aware of a security incident later determined to be conducted by the same sophisticated threat actor responsible for the SolarWinds supply chain attack.
    • The threat actor accessed certain Mimecast-issued certificates and related customer server connection information.
    • Beyond the low single-digit number of customers targeted by the threat actor, which we contacted as described in our first blog post, we are not aware that any other customers were actively targeted.
    • Forensic analysis of all customer-deployed Mimecast software has confirmed that the build process of the Mimecast-distributed executables was not tampered with.
    • We are in the process of implementing a new OAuth-based authentication and connection mechanism between Mimecast and Microsoft technologies, which will provide enhanced security to Mimecast Server Connections.
    | March 16, 2021
    hak-iq.us20.list-manage.comMarch 16, 2021

  • "Hack everybody you can": What to know about the massive Microsoft Exchange breach

    • Cybersecurity responders are working around the clock to shore up networks hit by last week's hack of Microsoft's Exchange email service — an attack that has impacted hundreds of thousands of organizations worldwide.
    • The window for updating systems could be measured in "hours, not days," a senior White House administration official said.
    • According to Microsoft corporate vice president Tom Burt, hackers first gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities used to "disguise itself as someone who should have access." Using web shells, hackers controlled servers through remote access – operated from U.S.-based private servers – to steal data from a victim's network.
    • Experts say it's common for hackers to step up an attack immediately preceding a fix, but that the pace was much faster in this case. "Once a patch is imminent, [hackers] may turn to wider exploitation because there's this 'use it or lose' it factor," said Ben Read, the director of threat analysis at the cybersecurity company Mandiant.
    • Microsoft said Friday it is investigating whether attackers were tipped off that a patch was imminent.
    • The list of victims worldwide continues to grow to include schools, hospitals, cities and pharmacies.Cybersecurity firm CyberEye identified "an array of affected victims including U.S.-based retailers, local governments, a university, and an engineering firm."
    • The latest attack is not connected to last year's SolarWinds breach, though the timing of two massive, consecutive cyber hacks has strained the ability to respond.
    - Nicole Sganga | March 14, 2021
    hak-iq.us20.list-manage.comMarch 14, 2021

  • Phishing Attacks that Defeat 2FA Every Time

    • Assessing the risk of bypassing 2FA is an important part of any risk assessment, so we thought it would be helpful to review some of the threats we repeatedly encounter that defeat 2FA or multi-factor authentication (MFA).
    • Cyber-attacks that have successfully defeated 2FA and MFA. Here are four examples:
      • Man-In-The-Middle Attack
      • Technical Support Scams
      • Fake 2FA pages or pop-ups
      • Scareware
    • As 2FA and MFA were designed to help protect unauthorized user log-ins, cybercriminals continue to develop new approaches to access second-factor credentials, spy on browser activity, and compromised machines.
    - Lisa O'Reilly | March 13, 2021
    hak-iq.us20.list-manage.comMarch 13, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence