Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Cybersecurity Is Not (Just) a Tech Problem

    • As remote work continues to be a pillar of our new normal, organizations are realizing that the security environment has dramatically changed. Securing remote work isn’t solely the job of the IT team, however — it also requires trust. Senior leadership needs to be able to trust from the beginning that their teams have secured systems for remote work. Customers need to trust that their data is protected. Employees need to trust that there are systems in place to support them.
    • The most effective way to enhance trust throughout your ecosystem is to acknowledge that it will always be a work in progress.
    • Trust is a two-way street. Security professionals know that end-user behavior is still one of the biggest risks to security, but I also believe that, with the right approach, end-users can be the biggest security advocates. Educating users about security threats and best practices is often seen as a “nice to have” that gets forgotten when a crisis emerges. However, this is exactly when security education is needed most. Social distractions have long been a primary threat, and the success rate with attacks is higher when everyone’s attention is diverted elsewhere.
    • The fact is, workers are more distracted than ever in this pandemic, with many employees working from makeshift home offices, surrounded by families and pets, maybe in multi-purpose environments like kitchens and bedrooms. Yet, these same people still want to make good decisions, and they can be trusted to do so if they have the right support.
    - Lakshmi Hanspal | January 6, 2021
    hak-iq.us20.list-manage.comJanuary 6, 2021

  • Rioters Open Capitol's Doors to Potential Cyberthreats

    • The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington Wednesday present a significant potential cybersecurity threat, as protesters appear to have gained access to at least one lawmaker's office, along with computer systems and other devices, experts say.
    • The unfettered access gained by the protesters opens up a range of security issues, according to cybersecurity executives and analysts. These range from the protestors themselves acting as a cover to launch a cyberattack to threat actors gaining access to critical federal computer systems located in the Capitol building.
    • Security experts worried that the riots and their aftermath might help spread disinformation, as well as open up victims to potential phishing and other attacks as threat actors look to take advantage of the confusion caused by the day's events.
    • We called out #disinfo repeatedly before & after the election. Yet the President & his campaign/lawyers/supporters fanned the flames for their own selfish reasons culminating with today's objections followed by his video message. WHAT DID THEY THINK WOULD HAPPEN? They own this. - Tweet from Chris Krebs, Former Director, CISA
    - Scott Ferguson and Doug Olenick | January 6, 2021
    hak-iq.us20.list-manage.comJanuary 6, 2021

  • Behind Every Successful Cyber Attack There Is A Human

    • "Every case involving cybercrime that I've been involved in; I've never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody at the company did something they weren't supposed to do. They read an email; went to a website they weren't supposed to". - Frank Abagnale, Catch Me If You Can subject
    • Enterprises need to look at their constituents from where this risk emanates:
      • Those who use technology
      • Those who implement technology
      • And finally, those who help secure the technology
    • For organizations that have been unfortunate to see their defenses breached need to assess what element of human proclivity was exploited, with an intent not to punish but to educate and improve.
    • Cybersecurity is everyone's problem; depending only on technology or security teams is foolhardy and a sure shot recipe for disaster.
    BW CI WORLD - Pankit Desai | January 5, 2021
    hak-iq.us20.list-manage.comJanuary 5, 2021

  • Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort

    • A Russian Advanced Persistent Threat group is likely behind the recent cyberattacks on government and non-government networks for intelligence gathering purposes, according to federal officials.
    • The Cyber Unified Coordination Group (UCG) announced Tuesday that nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious update to their SolarWinds Orion network monitoring platform. The UCG said it’s also working to identify and notify the nongovernment entities that experienced follow-on activity on their systems.
    • “This is a serious compromise that will require a sustained and dedicated effort to remediate,” the UCG said in a joint statement. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
    • Moreover, the UCG’s assertion that the recent cyber compromises were part of an intelligence gathering effort is consistent with previous campaigns carried out by APT29.
    • Prior to the SolarWinds hack, APT29 was most famous for hacking the State Department and White House hacks during the Obama years. APT29 also compromised the Democratic National Committee servers in 2015 but didn’t end up leaking the hacked DNC material. Instead, the Russian military spy agency GRU separately hacked the DNC and leaked its emails to WikiLeaks in 2016.
    - Michael Novinson | January 5, 2021
    hak-iq.us20.list-manage.comJanuary 5, 2021

  • Hacker posts data of 10,000 American Express accounts for free

    • This week a threat actor leaked data of 10,000 Mexico-based American Express credit cardholders on a forum.
    • As analyzed by BleepingComputer, the leaked sample data set of 10,000 records exposes full American Express account (credit card) numbers and customers' personally identifiable information (PII) including name, full address, phone numbers, date of birth, gender, etc.
    • However, BleepingComputer did not see credit card expiration dates, passwords, or overly sensitive financial data in the posted spreadsheet that could enable misuse of the credit cards in fraudulent transactions.
    • American Express neither denied nor admitted that they had suffered a data breach, but shared that all Amex cardholders are not liable for fraudulent charges.
    - Ax Sharma | January 5, 2021
    hak-iq.us20.list-manage.comJanuary 5, 2021

  • The anatomy of a modern day ransomware conglomerate

    • If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.
    • This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy.
    • The increased specialization in cybercrime also seems to be a contributing factor in the growing size of ransomware demands. The average extortion payment was $178,254 in the second quarter of 2020, up 60% from the first quarter, according to the most recent numbers from Beazley, an insurance firm.
    • Typically, this kind of nefarious supply chain starts with development of malicious software code, usually done either by an individual or a small group that specializes in programming hacking tools. The success of that code rests on combining it with a so-called crypter service, which hides the code so attackers can avoid detection.
    Jeff Stone | January 4, 2021
    hak-iq.us20.list-manage.comJanuary 4, 2021

  • Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business

    • Ticketmaster must pay a hefty $10 million fine after several employees utilized unlawfully obtained passwords to hack a rival company’s computer systems – in attempts to “choke off” its business.
    • The American ticket sales and distribution giant, which is owned by Live Nation, in 2013 hired an employee who formerly worked for Ticketmaster’s rival company (reported by some outlets to be Songkick, a now-defunct company that offered concert pre-sale tickets), according to the Department of Justice (DoJ) last week.
    • This co-conspirator illegally retained credentials from the rival firm, which he and other Ticketmaster executives then used to hack into the victim company’s systems. From there, they were able to monitor the company’s draft ticketing web pages, allowing them to find out which artists planned to use the rival company to sell tickets.
    - Lindsey O'Donnell | January 4, 2021
    hak-iq.us20.list-manage.comJanuary 4, 2021

  • 5 Cybersecurity Protocols (i.e. Regulations) That Matter

    • As 2021 arrives, technology will stay a major player across the world. The coronavirus pandemic has enforced the need for technology of all kinds, but with that reliance comes a need to focus on cybersecurity protocols to protect privacy and data.
    • These five regulations are essential for professionals of any background to take into consideration.
    - Devin Partida | January 4, 2021
    hak-iq.us20.list-manage.comJanuary 4, 2021

  • As Understanding of Russian Hacking Grows, So Does Alarm

    • On Election Day, General Paul M. Nakasone, the nation’s top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side’s online weapons, tools and tradecraft.
    • Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations.
    • Interviews with current and former employees of SolarWinds suggest it was slow to make security a priority, even as its software was adopted by America’s premier cybersecurity company and federal agencies.
    • Billions of dollars in cybersecurity budgets have flowed in recent years to offensive espionage and pre-emptive action programs, what General Nakasone calls the need to “defend forward” by hacking into adversaries’ networks to get an early look at their operations and to counteract them inside their own networks, before they can attack, if required.
    • But that approach, while hailed as a long-overdue strategy to pre-empt attacks, missed the Russian breach.
    • Some intelligence officials are questioning whether the government was so focused on election interference that it created openings elsewhere.
    • The United States appears to have succeeded in persuading Russia that an attack aimed at changing votes would prompt a costly retaliation. But as the scale of the intrusion comes into focus, it is clear the American government failed to convince Russia there would be a comparable consequence to executing a broad hacking on federal government and corporate networks.
    - David E. Sanger, Nicole Perlroth and Julian E. Barnes | January 2, 2021
    hak-iq.us20.list-manage.comJanuary 2, 2021

  • Kawasaki: Cyber Incident May Have Resulted in Data Loss

    • Kawasaki Heavy Industries reported Monday that an unknown threat actor gained access to its internal network through servers located in an overseas office.
    • The breach was discovered on June 11, after an internal audit found an unauthorized connection between a company server in Japan and another corporate server located in Thailand, the company says. Communication with the Thai server was immediately severed, but the follow-up investigation found additional unauthorized connections.
    • Kawasaki says the six-month delay in reporting the incident was due to the scope of the attack and the large number of overseas offices that were involved.
    - Doug Olenick | December 29, 2020
    hak-iq.us20.list-manage.comDecember 29, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence