Weekly News Wrap-up
Cybersecurity News: May 17, 2021
The Colonial Pipeline Hack Is a New Extreme for Ransomware
Wired, Andy Greenberg
“The incident represents one of the largest disruptions of American critical infrastructure by hackers in history. It also provides yet another demonstration of how severe the global epidemic of ransomware has become.” Read More
Tulsa Deals With Aftermath of Ransomware Attack
DarkReading, Staff
“Out of an abundance of caution, the city shut down various servers, internal programs and the city’s email system. Individuals trying to reach city employees will not be able to reach them via city email at this time.” Read More
Zix tricks: Phishing campaign creates false illusion that emails are safe
SC Media, Bradley Barth
“But ‘this attack took that strategy one step further by using a Zix link in order to take advantage of the trust placed in Zix and other secure messaging systems.’” Read More
Two thirds of CISOs across world expect damaging cyberattack in next 12 months
ZDNet, Jonathan Greig
“Many CISOs said the current rise in the number of attacks was being exacerbated by the pandemic, the shift to teleworking and hastily deployed remote environments that made it difficult to protect sensitive information.” Read More
85% of Data Breaches Involve Human Interaction: Verizon DBIR
DarkReading, Kelly Sheridan
“I think it’s very easy in security to forget that what we’re securing is not the computer. What we’re securing is the organization. The organization is the people as well.” Read More
Cybersecurity News: May 10, 2021
Microsoft warns of widespread gift card scam targeting organizations
Neowin, Usama Jawad
“Attackers typically conduct detailed reconnaissance activities about the person they are impersonating, their target, and the company in general.” Read More
Peloton’s leaky API let anyone grab riders’ private account data
TechCrunch, Zack Whittaker
“But the exposed API let him — and anyone else on the internet — access a Peloton user’s age, gender, city, weight, workout statistics and, if it was the user’s birthday, details that are hidden when users’ profile pages are set to private.” Read More
Scripps Health Knocked Offline by Ransomware
Infosecurity, Phil Muncaster
“While our information technology applications are offline, patient care continues to be delivered safely and effectively at our facilities, utilizing established back-up processes, including offline documentation methods.” Read More
Contact Tracer Breach Hits the Keystone State
Infosecurity, Sarah Coble
“They were basically putting information and people’s names into Google documents and then they were sharing them amongst each other.” Read More
More US agencies potentially hacked, this time with Pulse Secure exploits
Ars Technica, Dan Goodin
“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.” Read More
Cybersecurity News: May 3, 2021
Ransomware Task Force releases long-awaited recommendations
SC Media, Joe Uchill
“Unlike many of the past efforts to stifle ransomware, RTF takes a very deliberate focus on the government’s role in solving the problem, painting it as a national security issue lawmakers can no longer ignore.” Read More
Only 8% of businesses that paid a ransom got all of their data back
Help Net Security, Staff
“We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. …our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.” Read More
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
DarkReading, Jai Vijayan
“The new advisory highlights three tactics that SVR and threat groups working for it have been observed using in recent attacks: password spraying, zero-day exploits, and the use of a malware tool set called WellMess for enabling encrypted command-and-control sessions on an infected system.” Read More
Apple patches ‘worst macOS bug in recent memory’ after it was used in the wild
SC Media, Joe Uchill
“Don’t count on Apple’s built-in protection, as time and time again they prove buggy, bypassable or insufficient. A third-party security tool probably makes sense.” Read More
Password Manager Suffers ‘Supply Chain’ Attack
ABC News, The Associated Press
“Click Studios has some 29,000 enterprise and government customers worldwide, across aerospace, banking, defense, healthcare, utilities, and other industry sectors.” Read More
Cybersecurity News: April 26, 2021
Justice Department to Launch Ransomware Taskforce
CISOMAG
“Recently, the FBI stated that it received nearly 800,000 cybercrime complaints in 2020, with reported losses of $4.2 billion. The agency stated that it several of these complaints were about various cybercrimes, including COVID-19-themed cyberattacks.” Read More
Codecov Supply Chain Attack May Hit Thousands: Report
Infosecurity Magazine, Phil Muncaster
“Always understand and weigh the risk involved when using any third-party service such as Codecov. While the service offered is a valuable one, it is also good to review or limit what is being sent over to these services, especially if it contains credentials or sensitive information.” Read More
The wide web of nation-state hackers attacking the US
TechTarget, Alexander Culafi
“Their intentions are intelligence collection, sabotage, disruptive and destructive attacks, and then this concept of what we call OPE, or operational preparation of the environment. Which is to say, in a future conflict, if a foreign adversary wanted to be able to turn off the lights or disrupt the water or do something like aid in an armed conflict, that they would effectively set those hooks now so that later they can leverage that activity and capability.” Read More
Lazarus Group Uses New Tactic to Evade Detection
DarkReading
“One of its newest methods involves embedding a malicious HTML Application (HTA) file within a compressed zlib file, within a PNG file. Because the malicious object is compressed within the PNG image, it bypasses static detection.” Read More
Pandemic Drives Greater Need for Endpoint Security
DarkReading
“Not only are the controls that you put in place [in the office] no longer protecting their systems — because the folks are remote — but now you may not be getting any type of intelligence or visibility into potential misuse. If you are not running an EDR and are not able to respond to incidents remotely, then, well, good luck.” Read More
Cybersecurity News: April 19, 2021
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
DarkReading, Jai Vijayan
“The sanctions prohibit US financial firms from participating in Russian markets. They also freeze all US-based property and interests in property belonging to the entities on the Treasury Department sanctions list.” Read More
Biden Rushes to Protect Power Grid as Hacking Threats Grow
Bloomberg, Shaun Courtney and Michael Riley
“It makes sense in a plan like this to start with grid operations. Everything goes down if you don’t have power: the financial sector, refineries, water. The grid underlies the rest of the country’s critical infrastructure.” Read More
Russia launched over a million cyber attacks in three months
IT Pro, Rene Millman
“While they keep ready-made, weaponized exploits handy, attackers will continuously enrich their arsenal with newly released vulnerabilities and the associated proofs-of-concept. This underscores the need for organizations to patch and implement best security practices regularly.” Read More
Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy
DarkReading
“We spend so much time and energy and money guarding against [business disruption]. There are cyberattacks every day on all major institutions now. That’s a big part of the threat picture in today’s world.” Read More
No password required: Mobile carrier exposes data for millions of accounts
Ars Technica, Dan Goodin
“Since at least December and possibly much earlier, My Mobile Account has been displaying this information for every customer account whenever it is presented with a valid Q Link Wireless phone number. That’s right—no password or anything else required.” Read More
Cybersecurity News: April 12, 2021
Nation-state cyber attacks double in three years
ComputerWeekly, Alex Scroxton
“Nation states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence-gathering capabilities and military strength through espionage, disruption and theft. Attempts to obtain IP data on vaccines and attacks against software supply chains demonstrate the lengths to which nation states are prepared to go to achieve their strategic goals.” Read More
Discord and Slack are becoming potent tools for malware attacks
Fast Company, Steven Melendez
“Once a file containing malicious code is uploaded, attackers can also grab a freely accessible link to that file where it’s hosted on the chat system’s servers. Then, they can send that link to people via phishing emails, misleading texts, or any other method they have of reaching potential victims.” Read More
How the quick shift to the cloud has led to more security risks
TechRepublic, Lance Whitney
“The rise in security incidents has been triggered in part by the inability of many organizations to automate cloud security. Previous research from Unit 42 found that 65% of publicly disclosed security incidents in the cloud were due to customer misconfigurations, a problem that could have been addressed through automated security controls.” Read More
Ubiquiti’s Breach Notification: The ‘No Evidence’ Hedge
DataBreachToday, Mathew J. Schwartz
“Without good logs, it is very difficult to investigate an incident and confidently identify what happened and even … who may be behind the attack.” Read More
533 million Facebook users’ phone numbers and personal data have been leaked online
Business Insider, Aaron Holmes
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.” Read More
Cybersecurity News: April 5, 2021
After hack, officials draw attention to supply chain threats
AP, Eric Tucker
“We must enhance the resilience, diversity, and security of our supply chains. The vitality of our nation depends on it.” Read More
Credential phishing on the rise with Office 365 a top target
BetaNews, Ian Barker
“New attack tactics include the use of data URLs/encoding to mask content, dynamic content generation, leveraging of local HTML/PDF decoy files, dynamic loading of brand logos.” Read More
Whistleblower: Ubiquiti Breach “Catastrophic”
KrebsOnSecurity, Brian Krebs
“In reality…the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there.” Read More
AP sources: SolarWinds hack got emails of top DHS officials
AP, Alan Suderman
“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS. We are talking about DHS’s crown jewels.” Read More
Nine cyber attack has all the hallmarks of ransomware, without the ransom
The Sydney Morning Herald, Tim Biggs
“The attack hit Nine’s systems in Sydney early on Sunday morning, disrupting live television, as workers arriving and logging in found their machines unresponsive.” Read More
Cybersecurity News: March 29, 2021
Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk
Threatpost
“The lift and shift of applications that were never meant to be internet-facing to become internet-enabled has likely resulted in this high risk.” Read More
CNA Financial suffers extensive network disruption following cyber attack
IT Pro, Rene Millman
“CNA’s network may be out of commission for a while, with the attack mainly impacting the underwriting and claims side of its business.” Read More
Ransomware gang demands $50 million from computer maker Acer
The Record, Catalin Cimpanu
“Here the ransom demand was clearly visible, a whopping $50 million payment request, which represents the highest ransom demand ever requested by a ransomware group.” Read More
Microsoft Exchange Server attacks: ‘They’re being hacked faster than we can count’, says security company
ZDNet, Danny Palmer
“There are a ton of things [Microsoft Exchange customers] can do manually to prevent a full disaster. I just encourage them to do them immediately. Globally, this is a disaster in the making.” Read More
3 in 4 companies have experienced account takeover attacks in the last year
Help Net Security
“We’re regularly seeing identity-based attacks being used to circumnavigate traditional perimeter defences like multi-factor authentication (MFA). Account takeover is replacing phishing as the most common attack vector and MFA defenses are speed bumps not forcefields.” Read More
Cybersecurity News: March 22, 2021
“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users
Ars Technica, Dan Goodin
“The ability to pierce advanced defenses built into well-fortified OSes and apps that were fully patched—for example, Chrome running on Windows 10 and Safari running on iOSA—was one testament to the group’s skill.” Read More
Mimecast says SolarWinds hackers breached its network and spied on customers
Ars Technica, Dan Goodin
“The hackers also accessed email addresses, contact information, and ‘encrypted and/or hashed and salted credentials.’” Read More
Microsoft Exchange attacks doubling ‘every two to three hours’
ITProPortal, Sead Fadilpašić
“Most of the attacks are against organizations in Turkey and the United States, followed by Italy . In most cases, criminals are pursuing government and military organizations, manufacturing firms and financial institutions.” Read More
Verkada Breach Demonstrates Danger of Overprivileged Users
DarkReading, Robert Lemos
“The massive breach of privacy of Verkada’s customers highlights that companies — often, startups — have not always adopted best practices for privileged access to systems. The lesson is learned with regularity, often when a vendor’s clients or customers have their security or privacy compromised.” Read More
Exchange servers first compromised by Chinese hackers hit with ransomware
Ars Technica, Dan Goodin
“Though many of the still unpatched organizations may have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by releasing stolen emails.” Read More
Cybersecurity News: March 15, 2021
Molson Coors discloses cyberattack disrupting its brewery operations
ZDNet, Natalie Gagliordi
“Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments.” Read More
Third-party attacks expose 12 million health care records
IT Pro, Rene Millman
“Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments.””The research found that ransomware was the most prominent cause of health care breaches, accounting for 54.95%. Other leading causes included email compromise/phishing (21.16%), insider threat (7.17%), and unsecured databases (3.75%).” Read More
Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more
The Verge, Chaim Gartenberg
“The hack was apparently relatively simple: the group managed to gain ‘Super Admin’-level access to Verkada’s system using a username and password they found publicly on the internet. From there, they were able to access the entire company’s network, including root access to the cameras themselves, which, in turn, allowed the group to access the internal networks of some of Verkada’s customers.” Read More
Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack
The Guardian, Martin Farrer
“Sita had informed Malaysia Airlines, Singapore Airlines, Finnair and a South Korean carrier called Jeju Air that their passengers had been affected by the breach of its passenger service system (PSS) servers.” Read More
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
KrebsOnSecurity, Brian Krebs
“Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed ‘Hafnium,’ and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.” Read More
