|
Beazley Breach Insight: Middle-market cyber attacks rise during the pandemic
In the second quarter (Q2) of 2020, cybercriminals targeted businesses that remained open during lockdown where many employees were working remotely, making them more susceptible to cyber attacks. Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2, 60% of organizations targeted were in the middle market (defined as over $35 million in annual revenue), up from 46% in Q1.
https://finance.yahoo.com/news/beazley-breach-insight-middle-market-123000581.html
[Podcast] Maintaining a safe vote-by-mail system – with CISO Mike Hamilton
Politicians, and many voters, have been fretting over whether large scale voting by mail can be done in a trustworthy manner. Former CISO for the city of Seattle, now with CI Security, Michael Hamilton joined Federal Drive with Tom Temin to debunk the myths surrounding mail-in voter fraud. "But I’ll point out on this cyber side, it would take a lot of resources to really change a vote count, there would need to be a great deal of planning, logistical coordination, and a good deal of funding to go along with.
https://federalnewsnetwork.com/agency-oversight/2020/09/maintaining-a-safe-vote-by-mail-system/
NCSC issues cyber attack alert over ransomware threat to education sector
The National Cyber Security Centre (NCSC) has warned the education sector to be aware of ransomware attacks and urged organisations to follow their guidance on securing their networks. The centre says it saw an increase in attempted cyber attacks on education establishments in August, often using ransomware which involves the encrypt of data by cybercriminals who then demand payment in exchange for recovery of the data.
https://www.eveningexpress.co.uk/news/uk/ncsc-issues-cyber-attack-alert-over-ransomware-threat-to-education-sector/
Blackbaud hack: US healthcare organizations confirm data breach impacted 190,000 patients
Four months on, and organizations continue to count the cost of the third-party data breach. Children’s Minnesota, one of the largest children’s healthcare organizations in the US, recently announced that the personal data of more than 160,000 patients may have been compromised in the incident. The medical center said it used Blackbaud’s cloud-based software for fundraising activities.
https://portswigger.net/daily-swig/blackbaud-hack-us-healthcare-organizations-confirm-data-breach-impacted-190-000-patients
Düsseldorf University Hospital Emergency Care Postponed After Alleged Cyber Attack
“There is currently an extensive IT failure at the University Hospital Düsseldorf (UKD),” the announcement reads. “This means, among other things, that the clinic can only be reached to a limited extent – both by telephone and by email. Planned and outpatient treatments will also not take place and will be postponed. Patients are therefore asked not to visit the UKD – even if an appointment has been made.”
https://securityboulevard.com/2020/09/dusseldorf-university-hospital-emergency-care-postponed-after-alleged-cyber-attack/
George Floyd medical records breached; does ‘VIP’ data need bonus security?
Hennepin Health did not publicly confirm the breach, noting it doesn’t comment on specific cases in order to preserve confidentiality. [...] “Unfortunately, auditing processes vary in their rigor, depending on the privacy/compliance staff at a given organization, staff availability, and tools at their disposal,” said Drex DeFord, health care executive strategist for CI Security and president of Drexio Innovation Network, identified. “The auditing and training program at Hennepin will come under close scrutiny, including all documented process, procedures and policies.”
https://www.scmagazine.com/home/security-news/privacy-compliance/george-floyd-records-breached-says-attorney-does-vip-data-need-bonus-security/
Pandemic sees ‘bot’ cyber-attacks on financial services increase
Its analysis of global cybercrime activity from January to June this year indicates strong transaction volume growth compared to 2019, but an overall decline in global attack volume. LexisNexis says this is indicative of changing consumer habits, as more people made purchases and handled other activities online because of difficulties accessing their usual services.
https://www.accountancydaily.co/pandemic-sees-bot-cyber-attacks-financial-services-increase
Cerberus banking Trojan source code released for free to cyberattackers
The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction. [...] The malware is able to read text messages that may contain one-time passcodes (OTP) and two-factor authentication (2FA) codes, thereby bypassing typical 2FA account protections. OTPs generated through Google Authenticator may also be stolen.
https://www.zdnet.com/article/cerberus-banking-trojan-source-code-released-for-free-to-cyberattackers/
FBI Strategy Addresses Evolving Cyber Threat
“We want to make sure we’re doing everything we can to help our partners do what they need to do,” said Wray. “That means using our role as the lead federal agency with law enforcement and intelligence responsibilities to not only pursue our own actions, but to enable our partners to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas.”
https://www.fbi.gov/news/stories/wray-announces-fbi-cyber-strategy-at-cisa-summit-091620
Researchers Identify the Departments and Industries Most Susceptible to Email-Based Cyber-Attacks
Department-based statistics collected from phishing tests show that employees in Quality Management & Health, Purchasing / Administrative Affairs, Legal / Internal Control, Human Resources, and Research & Development have the highest rates of not only opening malicious emails but also interacting with the malicious content and even submitting sensitive data back to the attacker.
https://securityboulevard.com/2020/09/researchers-identify-the-departments-and-industries-most-susceptible-to-email-based-cyber-attacks/
Risk Management: How Security Can Learn to Do the Math
· How do we know if we are investing appropriately or proportionally in cybersecurity?
· What is the accurate and realistic perspective on our cyber risk exposure?
· What are the risks our third parties pose to our business?
· What is the right level of investment needed to protect us?
· Are we prioritizing our top risks based on the likelihood of an attack?
· What methods and calculations are we using to justify cyber spending?
https://securityintelligence.com/posts/risk-management-security-can-do-math/
US charges, sanctions Russians accused of stealing $17 million from crypto exchanges
The Department of Justice on Wednesday unsealed charges against the Russian nationals, Danil Potekhin and Dmitrii Karasavidi, accusing them of using a combination of phishing messages and spoofed websites to steal virtual currency from users at three cryptocurrency exchanges. The fraud effort netted attackers $16.8 million from 2017 to 2018, according to the Justice Department. A grand jury returned the charges in February.
https://www.cyberscoop.com/russian-hack-bitcoin-exchange-scam/
U.S. Charges Chinese Nationals in Cyberattacks on More Than 100 Companies [Subscription]
Federal prosecutors unsealed charges on Wednesday against five Chinese citizens that officials say appear linked to Chinese intelligence, accusing them of hacking more than 100 companies in the U.S. and overseas, including social-media firms, universities and telecommunications providers. Two Malaysian businessmen were arrested Monday in Malaysia and accused of conspiring with some of the Chinese hackers to profit from intrusions into the videogame industry, Justice Department officials said.
https://www.wsj.com/articles/justice-department-unseals-indictments-alleging-chinese-hacking-against-u-s-international-firms-11600269024
Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican
The operation is thought to have been aimed at collecting intelligence in advance of the Vatican’s efforts to negotiate a deal with China on the operations of the Catholic Church in China. Those discussions took place earlier this month. Beijing announced last week that both sides have reached a deal, which security researchers now say means that hackers’ “tasking requirement may have been achieved or no longer required.”
https://www.cyberscoop.com/chinese-hacking-vatican-recorded-future/
CISA, FBI Warn Iran-based Threat Actor May Be Planning Ransomware Attacks
“CISA and FBI are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States,” the advisory reads. [...] Once the open ports are identified, the threat actor exploits [Common Vulnerabilities and Exposures] related to VPN infrastructure to gain initial access to a targeted network.”
https://www.nextgov.com/cybersecurity/2020/09/cisa-fbi-warns-iran-based-threat-actor-may-be-planning-ransomware-attacks/168520/
Researchers: North Korean Hackers In League With Russian Cybercriminals
Security firm Intel 471 said in a report it found links between North Korean hacker group Lazarus, known for attacks on banks worldwide, and a Russian-operated malware operation called TrickBot. TrickBot is described in the report as a "malware-as-a-service offering, run by Russian-speaking cybercriminals, that is not openly advertised on any open or invite-only cybercriminal forum or marketplace."
https://www.voanews.com/east-asia-pacific/researchers-north-korean-hackers-league-russian-cybercriminals
Cybersecurity Bounces Back, but Talent Still Absent
A recent (ISC)² survey shows that many security professionals are being leveraged to support general IT requirements to accommodate different needs for work at home amid the pandemic. That makes sense. Companies need to have the infrastructure in place to support these new remote workers logging in from their home ISPs while also ensuring the security of sensitive data and intellectual property.
https://www.darkreading.com/careers-and-people/cybersecurity-bounces-back-but-talent-still-absent/a/d-id/1338852
#GartnerSEC: Top Trends for Risk and Security Include Cloud, Automation and Privacy
Speaking at the event, research VP Peter Firstbrook pointed at “mega trends that are beyond your control,” which include: the skills gap, regulation and privacy, application scale and complexity, endpoint diversity, attackers and the impact of COVID-19. He said that COVID-19 has accelerated a lot of the trends Gartner has been seeing in the last 10 years, and if your organization is mature “you’re probably in a good space to handle COVID.”
https://www.infosecurity-magazine.com/news/gartnersec-trends-risk-security/
Geneva tool lets you bypass censorship by merely doing nothing
How it does so is by tampering with the packets when they are being transmitted from a server outside the country which in essence “confuses the censor” inside the user’s country. This is done using a component called “Strategy Engine.” Secondly, since different censors operate differently, it deals with this change by employing multiple evasion strategies learned through its algorithm helping it constantly evolve.
https://www.hackread.com/geneva-tool-bypass-censorship-by-doing-nothing/
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
But the Purdue research team said it found that the official BLE specification didn't contain strong-enough language to describe the reconnection process. As a result, two systemic issues have made their way into BLE software implementations, down the software supply-chain:
The authentication during the device reconnection is optional instead of mandatory.
The authentication can potentially be circumvented if the user's device fails to enforce the IoT device to authenticate the communicated data.
https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
New Twitter phishing scam inspired from Twitter’s latest security response
The attack took place when hackers accessed Twitter’s internal tool after a successful phone phishing scam against one of its employees. [...] As can be seen, the second paragraph of the phishing email is almost identical to the official tweet above. If a user is convinced of its legitimacy and goes forward with the “Confirm your identity” prompt, the attacker will be able to know their login credentials.
https://www.hackread.com/twitter-phishing-scam-latest-security-response/
|
