Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • SolarWinds hack turning into Pandora’s box of cyber-risk

    • The massive data breach that compromised software vendor SolarWinds is far broader in scope than originally thought, federal investigators have found, with close to one-third of the victims not even running the SolarWinds Orion product that was initially considered the entry point for hackers.
    • Hackers obtained initial access in some cases by guessing passwords and exploiting administrative credentials, including by gaining privileged access to Microsoft cloud software. “It is likely that the adversary has additional initial access vectors and TTPs that have not yet been discovered,” CISA said.
    • Although CISA has provided guidance on open-source tools that are available to private- and public-sector companies to detect potentially malicious activity, the damage has been done. It’s at this point in which a cyber-attack—no matter how massive or small—becomes a compliance problem.
    • Simple governance risk management measures that many companies still seem to struggle with:
      • Start with an internal evaluation.
      • Conduct a third-party evaluation.
      • Conduct an inherent risk assessment.
      • Perform due diligence from a network security and data privacy standpoint.
      • Conduct cyber-attack fire drills.
      • Put it in a contract.
    - Jacelyn Jaeger | February 2, 2021
    hak-iq.us20.list-manage.comFebruary 2, 2021

  • South Carolina County Still Reeling from January Cyber-Attack

    • Georgetown County's network was brought down by cyber-criminals on January 23 in what officials described as a "major infrastructure breach."
    • Ten days after the attack took place, cybersecurity experts are still working to recover systems and analyze the full extent of the breach, and county emails have not yet been restored.
    • County staff put in extra hours over the weekend to ensure payroll and other essential functions could be finished on time. Authorities said departments such as courts, the treasurer’s office, and the auditor’s office won't be back online for at least another five days.
    • A September 2019 ransomware attack on Jasper County, South Carolina, took weeks to resolve. Speaking in October 2019, county chairman Tom Johnson said: "Our safeguards and staff responded appropriately. Unfortunately, appropriately means shutting everything down.
    - Sarah Coble | February 2, 2021
    hak-iq.us20.list-manage.comFebruary 2, 2021

  • Emotet takedown – Europol attacks “world’s most dangerous malware”

    • If you’ve followed the history of malware in recent years, you will definitely have heard of Emotet, and you’ll have a very good idea of what happens next to Emotet victims if the malware breaches their defences.
    • That’s because “what happens next” could be anything – pretty much anything at all off the cybercrime menu – because Emotet is what’s known as a bot or zombie.
    • Some botherders – the jargon name given to the crooks in charge of a network of zombies, known colloquially as a botnet – use the zombie computers that they control for their own immediate criminal purposes.
    • Botnet-triggered criminality includes: sending mass spam deliveries ; launching distributed denial of service (DDoS) attacks against companies or service providers; perpetrating click fraud involving millions of legitimate-looking ad clicks; and much more.
    • The Emotet crew, however, generally play the game a bit differently.
    • They typically use the zombies under their control as a sort of content delivery network for other cybercriminals, offering what amounts to a pay-to-play service for malware distribution.
    • Good news - a co-ordinated, multinational takedown effort against the network intrastructure used by the Emotet gang.
    • The bad news is that cybercrime, to borrow a metaphor often applied to nature, abhors a vacuum, so that when one gang of cybercrooks gets shut down, others inevitably move in to try to fill the hole.
    - Paul Ducklin | February 1, 2021
    hak-iq.us20.list-manage.comFebruary 1, 2021

  • IT upgrades in 2020 led to surge in data leakage

    • The year started with  883,865 data leakage attacks worldwide but ended with more than 1.7 million.
    • There was a 93% rise in the exposure of information through online data leakage attacks in 2020.
    • The surge comes with organizations evolving their traditional IT infrastructure.
    • Imperva believes the reported hike in data leakage is just the tip of the iceberg, as accelerated digital transformation projects are likely to introduce even more data security risks in 2021.
    • There are immediate actions organizations can take to protect their data including discovering and classifying sensitive data; only keeping data that is necessary, and controlling access —including how many records employees can retrieve at once which in turn would reduce the risk of data leakage, whether accidental or deliberate.
    • Organizations should also quarantine and triage.
    T_HQ - Dashveenjit Kaur | February 1, 2021
    hak-iq.us20.list-manage.comFebruary 1, 2021

  • Data breach exposes 1.6 million Washington state residents who filed unemployment claims in 2020

    • State Auditor Pat McCarthy’s office blamed the breach on a third party software provider named Accellion, whose services are used to transmit computer files.
    • The State Auditor’s Office (SAO) said the incident happened on Dec. 25 when unauthorized access to numerous files held on the service provider’s system occurred.
    • A representative for Accellion told The Times that the breach involved a 20-year-old “legacy product” which the company has been encouraging customers to stop using. Accellion had reportedly been encouraging users to upgrade to a newer product, which the auditor’s office did after the data breach, according to Accellion.
    GeekWire - Kurt Schlosser | February 1, 2021
    hak-iq.us20.list-manage.comFebruary 1, 2021

  • Multi-factor authentication – why it’s more than just extra effort

    • Let’s take a trip down memory lane. When the web first started, the most popular password of all times was ‘12345’, and ever since the 1990s, we have been following the same patterns when it comes to creating passwords. Studies have shown that a staggering 59% of people use the same password everywhere, and regardless of this, roughly 90% of passwords can be cracked in less than 6 hours.
    • How exactly does one ‘crack’ a password?
      • Phishing links
      • Dictionary and brute-force attacks
      • Credential stuffing
      • Man in the Middle
    • With more firms and companies adapting to a remote working environment, the need for data security has prompted a rise in MFA roll-out.
    • It is worth noting that MFA is not only a product of the digital age. When you withdraw money at the ATM, both your bank card (possession) and your PIN (knowledge) is required.
    • Some technology firms are looking into AI-based algorithms that analyse the users’ typing biometric as a second way of authentication, by matching patterns on how people type on their keyboards. Google is reportedly starting to do something similar, analysing things such as subtle mouse movements on webpages to decide if the user is human or robot.
    - Jennivine Chen | January 31, 2021
    hak-iq.us20.list-manage.comJanuary 31, 2021

  • Privacy breach Can Be More Common In 2021

    • As users find themselves in a fix over how to safeguard their personal data from being mined by tech giants, a Kaspersky report said that finally, public awareness of the perils of unfettered data collection is growing, and the free market is taking notice.
    • Some sources of behavioural analytics data are so common we can call them conventional, such as using your recent purchases to recommend new goods or using your income and spending data to calculate credit default risk. “But what about using data from your web camera to track your engagement in work meetings and decide on your yearly bonus? Using online tests that you take on social media to determine what kind of ad will make you buy a coffee brewer? The mood of your music playlist to choose the goods to market to you?”.
    • From the software standpoint, more companies like Apple, Google, and Microsoft are adopting differential privacy techniques to give people strict (in the mathematical sense) privacy guarantees while continuing to make use of data.
    | January 31, 2021
    hak-iq.us20.list-manage.comJanuary 31, 2021

  • Breach Data Highlights a Pivot to Orgs Over Individuals

    • Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware.
    • Because more than half of workers shifted to remote work during the year, many expected data breaches to increase, but instead cybercriminals became more focusedBecause more than half of workers shifted to remote work during the year, many expected data breaches to increase, but instead cybercriminals became more focused.
    • "What [cybercriminals] are really looking for, and this is reflected in the value you see in the identity marketplace, … is credentials," James Lee (ITRC) says. "They know that most people reuse passwords, so even a personal compromise, they know, can lead them to a corporate setting, the ability to get into a company."
    • Supply chain attacks have become more popular, with more than 668 companies affected by attacks on third-party providers.
    • In a worrisome trend, the US government is reducing the support for identity-theft victim assistance; in fact, no federal funds have been specifically reserved for such assistance in the current fiscal year.
    - Robert Lemos | January 28, 2021
    hak-iq.us20.list-manage.comJanuary 28, 2021

  • Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball

    • A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.
    • The SolarWinds espionage attack, which has affected several U.S. government agencies and many others, began with a poisoned software update that delivered the Sunburst backdoor to around 18,000 organizations last spring. After that broad-brush attack, the threat actors (believed to have links to Russia) selected specific targets to further infiltrate, which they did over the course of several months. The compromises were first discovered in December.
    • The hack was brought to Mimecast’s attention by Microsoft (itself a SolarWinds victim), which has disabled the certificate’s use for Microsoft 365.
    • Mimecast has also issued a new certificate and is urging users to re-establish their connections with the fresh authentication.
    • Mimecast joins FireEye in admitting actual damage from the attack.
    • Other firms fall into the Malwarebytes camp – confirming having been targeted, but reporting that no damage was done.
    - Tara Seals | January 28, 2021
    hak-iq.us20.list-manage.comJanuary 28, 2021

  • Preventing the next Malwarebytes breach: Get rid of passwords?

    • In a statement from Malwarebytes, the hackers breached the internal systems by way of a dormant email protection product within their Office 365 tenant that allowed access to a limited subset of internal company emails.
    • "The Malwarebytes incident highlights that malicious actors are determined and will exploit any weakness in the system they can find - from out-of-use applications to the CEO’s email account. In this case, they gained access through a dormant email protection product," says expert Shimrit Tzur-David, CSO and co-founder of Secret Double Octopus, a provider of passwordless authentication.
    • Poor authentication poses a huge risk to network security that can lead to enormous consequences, Tzur-David notes. "After all, over 80% of data breaches stem from compromised credentials. However, no amount of complex password policies can ever get rid of the biggest weakness enterprises face: the human factor. Of course, humans are not computers, and remembering long strings of complex passwords is difficult. As a result, many people reuse or employ weak passwords- a fact that hackers know and exploit to their advantage."
    • Simply getting rid of passwords is not easy, but would stop hackers earlier in their tracks and lower the risk of being a target.
    • Enforcing better policies like educating employees and implementing MFA solution is crucial.
    | January 27, 2021
    hak-iq.us20.list-manage.comJanuary 27, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence