|
IT Security News Blast – 9-23-2021
This is the IT Security News Blast.
Every day we try to provide a brief situational awareness report for key sectors, and summarize the need-to-know events. It has always been curated by Mike Hamilton, Critical Insight Co-Founder. Sign up for the blast here:
https://www.criticalinsight.com/resources/daily-news
Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials
"This 'back-off' mechanism is the culprit of this leak because it is always trying to resolve the Autodiscover portion of the domain and it will always try to 'fail up,' so to speak. This means that whoever owns Autodiscover.com will receive all of the requests that cannot reach the original domain."
https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/
FBI held back ransomware decryption key from businesses to run operation targeting hackers
But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.
https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html
We cannot afford for healthcare security to be the “lowest-hanging fruit”
A recent survey of industry decision-makers by the Healthcare Information and Management Systems Society (HIMSS) found that 73% of respondents said their organization needs more cybersecurity funding in order to remain “secure, effective and compliant,” yet only 40% expect that funding to come through.
https://www.helpnetsecurity.com/2021/09/22/healthcare-security/
Federal agencies warn companies to be on guard against prolific ransomware strain
The agencies issued a joint alert specifically warning groups to be on guard against the Conti ransomware variant, with the agencies noting that 400 U.S. and international groups had already fallen victim to Conti. [...] “We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”
https://thehill.com/policy/cybersecurity/573475-federal-agencies-warn-companies-to-be-on-guard-against-prolific
New Ponemon Institute Research Shows Ransomware Attacks on Healthcare Delivery Organizations Can Lead to Increased Mortality Rate
For the first time, this research shows that ransomware attacks on healthcare organizations may have life-or-death consequences. Nearly one in four healthcare providers reported an increase in mortality rate due to ransomware. [...] “Our findings correlated increasing cyberattacks, especially ransomware, with negative effects on patient care, exacerbated by the impact of COVID on healthcare providers.
https://financialpost.com/pmn/press-releases-pmn/business-wire-news-releases-pmn/new-ponemon-institute-research-shows-ransomware-attacks-on-healthcare-delivery-organizations-can-lead-to-increased-mortality-rate
Cyber attacks rising, most benchmark institutions say [Registration]
Cyber attacks on financial market infrastructure have increased in the past two years, according to a clear majority of participants in the Financial Stability Benchmarks 2021. Almost three-quarters of the sample – 21 out of 29 – said cyber attacks had increased in their country.
https://www.centralbanking.com/benchmarking/financial-stability/7878846/cyber-attacks-rising-most-benchmark-institutions-say
Remote Work Rachets Up Security Risks on the Plant Floor
While some manufacturers are on top of their secure remote access policy and management, many are not because it’s complicated. Numerous OEM and SI partners need access to parts of your manufacturing lines; depending on what industry you’re in, your plant may or may not have to adhere to regulations that require stringent cybersecurity plans.
https://www.industryweek.com/technology-and-iiot/cybersecurity/article/21176124/remote-work-rachets-up-security-risks-on-the-plant-floor
Why Are Embedded Industrial Control Devices Now Vulnerable To TCP/IP Attacks?
[The] affected OT devices are manufactured by hundreds of vendors and deployed in manufacturing plants, power generation, water treatment, and infrastructure sectors. For the most part, the OT devices are part of the industrial IoT marketplaces, all of which are highly susceptible to attacks and flaws that result from issues within the TCP/IP network communications architecture.
https://www.designnews.com/electronics/why-are-embedded-industrial-control-devices-now-vulnerable-tcpip-attacks
U.S. targets infrastructure of hackers
The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions Tuesday against Suex, an exchange that lets people buy and sell virtual currencies with regular credit cards, according to its website. The government said as much as 40% of known transactions run by Suex were criminal. That's more than $370 million, according to the cryptocurrency-tracking firm Elliptic.
https://www.arkansasonline.com/news/2021/sep/22/us-targets-infrastructure-of-hackers/
Mandatory reporting of cyber hacks gets a thumbs-up from Mayorkas
The mandates, if passed, would be among the most significant new cyber requirements for industry in years. “If a company that suffers a cyber incident provides that information to us in the federal government, we can ensure that a replica of that harm isn’t suffered elsewhere in the country,” Mayorkas said at yesterday's Senate Homeland Security Committee hearing.
https://www.washingtonpost.com/politics/2021/09/22/mandatory-reporting-cyber-hacks-gets-thumbs-up-mayorkas/
AFA NEWS: ‘Integrated Deterrence’ to Drive National Defense Strategy
Nuclear and cyber deterrence are two areas that present threats to integrated deterrence but could also enable it, Dalton said. The defense strategy will address how “we can better use the capabilities we already have, including by integrating domains and determining the capabilities we need to deter and address potential future conflict” within those domains, she said.
https://www.nationaldefensemagazine.org/articles/2021/9/22/integrated-deterrence-to-drive-national-defense-strategy
China’s cyber warfare has grown on the back of civilian recruits
The Strategic Support Force emerged from the PLA reorganisation in 2015. With the creation of this new, integrated force, China combined electronic warfare, information warfare and cyber operations. Under President Xi Jinping, though, it’s the Ministry of State Security that acquired the power to wage cyber operations with the help of an army of civilian recruits.
https://theprint.in/opinion/eye-on-china/chinas-cyber-warfare-has-grown-on-the-back-of-civilian-recruits/737651/
Lithuania says built-in cybersecurity risks found in Chinese-made Xiaomi and Huawei phones
Lithuania's National Cyber Security Center said it found four major cybersecurity risks for devices made by Huawei and Xiaomi, including two relating to pre-installed apps and one involving personal data leakage, and warned against using these two brands.
https://www.cbsnews.com/news/lithuania-china-cybersecurity-risks-chinese-xiaomi-huawei-smartphones/
APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated
“This large-scale intrusion and the multiple techniques used to obfuscate their activity are testament to the technical prowess of these groups. In comparison, very few other state-associated APT groups – probably only those linked to the People's Republic of China – have conducted supply chain attacks of similar scale,” Peh added.
https://portswigger.net/daily-swig/apt-focus-noisy-russian-hacking-crews-are-among-the-worlds-most-sophisticated
World Reimagined: A Different Perspective on How to Handle Threats to Data Privacy
Imagine opening a financial account without ever giving Carol at the call center any of your personal identification directly. Imagine Carol literally having nothing but your first name. The rest of the information is provided through your mobile phone or browser using encryption technology and, as Journey puts it, a “Zero-Knowledge” network, which means that Carol has zero access to any sensitive information.
https://www.nasdaq.com/articles/world-reimagined%3A-a-different-perspective-on-how-to-handle-
hreats-to-data-privacy-2021-09
How to mitigate the Microsoft Office zero-day attack
To enable this setting, select in order:
“Computer Configuration”
“Administrative Templates”
“Windows Components”
“Microsoft Defender Antivirus”
“Microsoft Defender Exploit Guard”
“Attack Surface Reduction”
"Configure Attack Surface Reduction rules" and make sure the value is set to "Enabled”
https://www.csoonline.com/article/3633881/how-to-mitigate-the-microsoft-office-zero-day-attack.html
Unpatched MacOS vulnerability lets remote attackers execute code
This snippet with just eight lines of code is what launched the Calculator shown above. But any skillful threat actor could modify this test code to execute outright malicious code on the victim's machine. For example, Ars noticed more advanced payloads like "FiLe:///////////////bin/pwd" ran successfully.
https://arstechnica.com/information-technology/2021/09/unpatched-macos-vulnerability-lets-remote-attackers-execute-code/
Internet users stressed out by cyberattack news: Kaspersky
In its "Dealing with a new normal in our digital reality" report, Kaspersky researchers found that almost 70% of the 2,500 consumers surveyed said they find news about data breaches to be stressful. More than half of respondents said their use of online services increased during the pandemic and 56% said being online has become a source of stress for them.
https://www.zdnet.com/article/internet-users-stressed-out-by-cyberattack-news-kaspersky/
|
