|
DoJ Indicts Russian Cyber Hackers For Vast ‘NotPetya,’ Other Attacks
The GRU hackers – Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin – engaged in computer intrusions and attacks that caused nearly $1 billion in damages to just three of their victims, the U.S. alleges.
https://www.meritalk.com/articles/doj-indicts-russian-cyber-hackers-for-vast-notpetya-other-attacks/
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Researchers at Greathorn point to a campaign using open redirectors to take victims to fraudulent Office 365 login pages where credentials are stolen and loaders installed. At the same time, Toolbox reports that Menlo Security researchers say a campaign is using multiple CAPTCHA images to convince victims, primarily in the hospitality industry, to give up their credentials and personal information.
https://www.darkreading.com/attacks-breaches/massive-new-phishing-campaigns-target-microsoft-google-cloud-users/d/d-id/1339204
How Ransomware Puts Your Hospital at Risk
Every hospital and clinic should be re-evaluating their computer networks right now and ramping up the protections they have in place to prevent their services from being interrupted by malware or their sensitive patient data from being stolen. This will be a significant challenge at a moment when many hospitals are struggling financially because so few people are opting to have elective medical procedures.
https://www.nytimes.com/2020/10/17/opinion/hospital-internet-security-ransomware.html
[WEBINAR] The State of 2020 Healthcare Breaches and What To Do About It
In this upcoming webinar, healthcare security experts will show you the latest trends in reported healthcare breaches and how these trends could impact your organization. You’ll also learn how to manage risks that impact medical device security. Join Medigate, a leader in IoMT security, and CI Security on Thursday, October 29, 2020 at 10:00 AM PDT | 12:00 PM CDT. Register today to save your spot.
https://app.livestorm.co/ci-security/healthcare-breaches-2020
Cyber-related ransomware and business interruption top concerns of risk managers
- Sixty percent of respondents feel either "extremely prepared" or "prepared" to respond to a ransomware event, while 33 percent feel "somewhat prepared."
- Just over a third (35 percent) of respondents provide annual training for employees on cyber risks, while 24 percent conduct quarterly trainings.
- Similarly, 30 percent of respondents only assess their company's exposure to cyber risks on an annual basis, indicating potential gaps in security.
https://finance.yahoo.com/news/cyber-related-ransomware-business-interruption-220100441.html
Financial System Could Be Seriously Disrupted By Single Cyber Attack, G20 Warned
The potential dangers come in the forms of a loss of confidence in a major financial institution or group of financial institutions and implications for capital that could result from an attack on interconnected information technology systems between multiple financial institutions or between financial institutions and third-party service providers, the authors cautioned.
https://www.forbes.com/sites/tedknutson/2020/10/19/financial-system-could-be-seriously-disrupted-by-single-cyber-attack-g20-warned/#6f97b446488d
Pandemic Amplified Security Gaps for Public Sector Cyber Officials
- Overall, respondents said they believe the probability of a security breach is higher in the next 12 months, compared to responses to the same question in the 2018 study.
- Only 27% of states provide cybersecurity training to local governments and public education entities.
- Only 28% of states reported that they had collaborated extensively with local governments as part of their state’s security program during the past year, with 65% reporting limited collaboration.
https://www.insurancejournal.com/news/national/2020/10/19/587058.htm
Real-world CMMC
The problem is because CMMC is not officially rolled out yet and they haven't identified these third-party certifiers, there's kind of this "Gotcha!" where if a company needs to go outside and get help for a basic assessment, which is like CMMC-light…they pay someone to help them with the basic assessment, then CMMC comes out and they want to be CMMC-certified. But that same company that helped in the first place, they can't use it because they may not be one of the official Certified Third Party Assessor Organization.
https://fcw.com/articles/2020/10/19/real-world-cmmc.aspx
From cyber to China, here’s what has former US national security advisors worried
He predicts that “the 21st century [will be] about cybersecurity just like [how] the 20th century was about nuclear power.” The asymmetric use of cyber capabilities has been most visible in attempts by Russia, China, and other actors to influence the 2020 elections, which Bolton called “an act of war on our Constitution.” He clarified that “it is not the question of picking one candidate over the other,” but rather foreign actors “are trying to undermine our basic institutions and our approach should be absolutely zero tolerance.”
https://www.atlanticcouncil.org/blogs/new-atlanticist/from-cyber-to-china-heres-what-has-former-us-national-security-advisors-worried/
'Operation Quicksand': Iran-linked Hackers Target Israel in 'New Cyberwar Phase'
The claims were made in a report by cyberfirms Profero and ClearSky. Two independent experts who read the report confirmed that its findings are in line with what is known about Iranian-linked hacking operations. They said the incident may well be the latest in the covert cyberwar between Israel and the Islamic Republic. Both requested anonymity due to their ties to Israel’s defense establishment.
https://www.haaretz.com/israel-news/tech-news/iran-hackers-israel-new-phase-cyberwar-operation-quicksand-1.9243913
The encryption war is on again, and this time government has a new strategy
"We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content." The sort of end-to-end encryption that means messages can't be intercepted, or that a hard drive can never be read without the key, "pose significant challenges to public safety", the seven governments warn. This of course is where things get trickier. These governments want tech companies to make it possible to act against illegal content and activity, but with no reduction to safety -- something that tech companies insist is impossible.
https://www.zdnet.com/article/the-encryption-war-is-on-again-and-this-time-government-has-a-new-strategy/
Taking Back Our Privacy
Activists use Signal to coördinate protests, lovers to conduct affairs, workers to unionize, finance professionals to exchange sensitive information, drug dealers to contact customers, journalists to communicate with sources. The app has appeared, shimmering with significance, on the TV shows “Mr. Robot,” “House of Cards,” and “Euphoria.” Signal is also reportedly used by the Democratic National Committee, the United States Senate, the European Commission, law-enforcement agencies, Rudy Giuliani, and Melania Trump.
https://www.newyorker.com/magazine/2020/10/26/taking-back-our-privacy
Phishers Capitalize on Headlines with Breakneck Speed
“The range of information credential-phishing themes — PayPal, COVID-19, voting — illustrate how actors often simply pivot from one theme to the next, all while using similar (often the same) infrastructure and backend functionality. It’s clear that threat actors are continuing to try and reach as many intended recipients as possible by capitalizing on a popular topic. We’ve seen throughout the global COVID-19 situation that threat actors are able to adjust quickly to timely news and current events.”
https://threatpost.com/phishers-capitalize-headlines-speed/160249/
Microsoft Exchange, Outlook Under Siege By APTs
The group is targeting these Microsoft services and using them as beachheads to hide traffic, relay commands, compromise e-mail, exfiltrate data and gather credentials for future espionage attacks, said researchers. For instance, they are manipulating legitimate traffic that’s traversing Exchange in order to relay commands or exfiltrate sensitive data. “Hosts supporting Exchange and associated services frequently relay large volumes of data to external locations— representing a prime opportunity for malicious actors to hide their traffic within this background noise,” said researchers.
https://threatpost.com/microsoft-exchange-outlook-apts/160273/
Watch out for Emotet malware's new 'Windows Update' attachment
When opened, these attachments will prompt a user to 'Enable Content' so that malicious macros will run to install the Emotet malware on a victim's computer. To trick users into enabling the macros, Emotet uses various document templates, including pretending to be created on iOS devices, Windows 10 Mobile, or that the document is protected. With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs to be updated before the document can be viewed.
https://www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
"A remote attacker in short distance knowing the victim's [Bluetooth device] address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges," Google noted in its advisory. "Malicious Bluetooth chips can trigger the vulnerability as well." The vulnerability, which is yet to be addressed, appears to have been introduced in a change to the "l2cap_core.c" module made in 2016.
https://thehackernews.com/2020/10/linux-Bluetooth-hacking.html
UK test-and-trace coronavirus data may be handed to police to nab those who aren't self-isolating as required
Others are concerned about the influence data sharing with police may have on people's willingness to use the service, considered a vital plank of the UK's efforts to contain a second wave of the novel coronavirus outbreak. To be clear the test-and-trace service at issue here is separate from the various NHS contact-tracing apps. The people behind the application for England and Wales, for instance, said: "The app cannot be used to track your location, for law enforcement, or to monitor self-isolation and social distancing."
https://www.theregister.com/2020/10/19/uk_test_and_trace_data/
|
