|
CISA Releases New Alert on Post-Compromise Threat Activity in Microsoft Cloud Environments and Tools to Help Detect This Activity
In response, CISA has released AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments to describe this malicious APT activity and offer guidance on three open-source tools—including a CISA-developed tool, Sparrow, released on December 24. Network defenders can use these tools to help detect and remediate malicious APT actor activity as part of the ongoing supply chain compromise.
https://us-cert.cisa.gov/ncas/current-activity/2021/01/08/cisa-releases-new-alert-post-compromise-threat-activity-microsoft
FBI Warns Businesses of Egregor Ransomware Attacks
Initially observed by the FBI in September 2020, Egregor has claimed more than 150 victims to date, all around the world. Following network compromise, Egregor’s operators don’t just encrypt victims’ files, but also exfiltrate data, threatening to publish it online unless a ransom is paid. [...] Egregor, the FBI says, is deployed by multiple individuals, meaning that tactics, techniques, and procedures (TTPs) used in attacks are varied and that defending against these attacks is challenging.
https://www.securityweek.com/fbi-warns-businesses-egregor-ransomware-attacks
How the Shady Zero-Day Sales Game Is Evolving
Hackers who want to sell their zero-day vulnerabilities on the black market have many reasons for doing so, he says. Depending on what the vulnerability is, and for which software, they can make significantly more money than they can from an official bug bounty. They may also want to hurt the organization that maintains the software or an organization that uses it.
https://www.darkreading.com/edge/theedge/how-the-shady-zero-day-sales-game-is-evolving-/b/d-id/1339843?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Cyber Attacks On Healthcare Organizations Soared In Israel In 2020 — Report
Cyber attacks on healthcare organizations in Israel have surged during the COVID-19 pandemic, rising 25 percent in the last two months of 2020 to 813 per week at the end of December, Israeli cyber software firm Check Point Technologies reported this month. Prior to November, the company reported 652 cyber attacks per week.
https://nocamels.com/2021/01/cyber-attacks-healthcare-organizations-hospitals-end-check-point-software/
Report: Vast majority of data breaches reported to HHS occur among providers
Providers are the most common targets for cyber criminals leveling attacks against the healthcare industry, with data breaches at provider organizations accounting for 79% of all those reported to the Department of Health and Human Services in the first 10 months of 2020, according to a new report from cybersecurity firm Fortified Health Security.
https://medcitynews.com/2021/01/report-vast-majority-of-data-breaches-reported-to-hhs-occur-among-providers/
Attacks on VPNs and health industry headline 2021’s biggest cyber risks
Hackers will capitalize on the COVID-19 pandemic to trick or scare people into providing access to their data, and therefore their organizations’ networks and resources as well. Over the past year, hackers have increased their rate of attacks significantly, disguising themselves over email as health authorities and luring people into clicking malicious links.
https://www.securitymagazine.com/articles/94297-attacks-on-vpns-and-health-industry-headline-2021s-biggest-cyber-risks
Delaware County pays hacker $25,000 to resolve cyberattack
The ransom of $25,000 was equal to the deductible amount on the county's insurance policy. In exchange, the hacker provided a list of the stolen files and shared the information necessary to unlock the county's systems. The county is now working with a private cybersecurity firm and pursuing further initiatives to provide a more secure environment.
https://6abc.com/delaware-county-hacking-ransomware-attack-delco-government-phishing-email/9469307/
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets [Podcast]
But beyond the SolarWinds supply-chain cyberattack, many future challenges this upcoming year will piggyback on existing issues that began in 2020. That might be ransomware attacks on the healthcare space, an industry already beleaguered by skyrocketing COVID-19 cases. Or, it might be workforce employees starting to trickle back into the office, as more people receive their vaccines – and any unprecedented security challenges this shift might present.
https://threatpost.com/2021-solarwinds-fallout-shifting-ciso-budgets/162897/
The IMO 2021 Cyber Guidelines and the Need to Secure Seaports
The guidelines were consigned in 2017 via three key declarations. First, in Resolution MSC.429(98), Maritime Cyber Risk Management in Safety Management Systems, the IMO affirmed a view that the ISM Code already requires mitigation of cyber risks. Per this view, cyber risk management is already encompassed in the code’s existing general requirement that companies establish safeguards against all risks to ships, personnel, and the environment.
https://www.maritime-executive.com/editorials/the-imo-2021-cyber-guidelines-and-the-need-to-secure-seaports
Russian cybercriminal sentenced to 12 years for ‘massive hacking campaign’ impacting 100 million US citizens
Together with a team of co-conspirators, Tyurin played a “major role” in one of the biggest thefts of financial data in US history, stealing the personal information of more than 80 million JP Morgan Chase Bank customers. Tyurin pleaded guilty to charges of computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses, a statement from the US Department of Justice (DoJ) reads
https://portswigger.net/daily-swig/russian-cybercriminal-sentenced-to-12-years-for-massive-hacking-campaign-impacting-100-million-us-citizens
Reserve Bank likely hacked by another government - cyber security expert
It was likely to be another government trying to attack the Reserve Bank, he said. "Because ultimately if you were coming from a sort of like criminal perspective, the government agencies aren't going to pay your ransom or whatever, so you'd be more interested probably coming in from a government to government level." Parry said cyber attacks were very common now and it was likely there will be more like this.
https://www.newshub.co.nz/home/money/2021/01/reserve-bank-likely-hacked-by-another-government-cyber-security-expert.html
State Department Approves Creation of Cyber Bureau
“The CSET bureau will lead U.S. government diplomatic efforts on a wide range of international cyberspace security and emerging technology policy issues that affect U.S. foreign policy and national security, including securing cyberspace and critical technologies, reducing the likelihood of cyber conflict, and prevailing in strategic cyber competition,” the announcement said.
https://www.nextgov.com/cybersecurity/2021/01/state-department-approves-creation-cyber-bureau/171276/
Biden’s NSC to focus on global health, climate, cyber and human rights, as well as China and Russia
The incoming Biden administration plans to restructure and expand the operations of the White House National Security Council, establishing new senior positions on global health, democracy and human rights, and cyber and emerging technology, signaling a sweeping shift in priorities, according to a senior adviser to the Biden transition.
https://www.washingtonpost.com/national-security/biden-nsc-covid-climate-cyber-china/2021/01/08/85a31cba-5158-11eb-83e3-322644d82356_story.html
Is North Korea Jamming Radio Signals?
The report speculated that the jamming may have been connected to the passage of an “anti-revolutionary thought” law in early December, as part of the Supreme People’s Assembly. Unification Media Group describes itself as “a news and entertainment production organization focused on North Korea,” which “brings the latest developments from North Korea to South Korean and international audiences in addition to North Koreans themselves.”
https://nationalinterest.org/blog/korea-watch/north-korea-jamming-radio-signals-175977
Even Small Nations Have Jumped into the Cyber Espionage Game
In an analysis published in late December, the group detailed how nations of the Gulf Cooperative Council (GCC) in the Middle East used the commercial Pegasus spyware sold by the NSO Group to hack three dozen phones and spy on journalists and news producers. The attacks used a "zero-click" iMessage exploit that uses a specially crafted message to download and execute code on the victim's phone.
https://www.darkreading.com/vulnerabilities---threats/even-small-nations-have-jumped-into-the-cyber-espionage-game/d/d-id/1339846?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Discussion: What’s more important to you? Access to WhatsApp or your privacy?
The updated WhatsApp Privacy Policy claims these changes will improve how businesses interact with individuals and help the company improve its services. Overall, these changes shall also allow Facebook to use data on how you interact with WhatsApp Business accounts and suggest a variety of other relevant businesses (through targetted advertising) on other Facebook-owned platforms such as the Facebook app, Instagram, and Facebook Messenger.
https://www.xda-developers.com/discussion-whatsapp-vs-privacy/
Trump's de-platforming could reshape the internet
As Trump and his supporters tried to migrate to Parler, a small social network that boasts its lack of regulation, its apps were removed from Apple and Google app stores and Amazon announced it would eject it from its web-hosting service. With Apple and Google providing the operating systems for almost all smartphones, Parler, if it survives, faces a much-diminished future.
https://www.smh.com.au/business/companies/trump-s-de-platforming-could-reshape-the-internet-20210111-p56t5p.html
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws
Affected is Nvidia’s graphics driver (formally known as the GPU Display Driver) for Windows. The graphics driver is used in devices targeted to enthusiast gamers; it’s the software component that enables the device’s operating system and programs to use its high-level, gaming-optimized graphics hardware.
https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/
Linux machines again targeted by hackers with new memory loader
Asked if Linux has become TeamTNT’s main strategic target, Tom Hegel, security researcher at AT&T Cybersecurity’s Alien Labs, told SC Media: “TeamTNT is more cloud-focused than Linux, but they overlap well in this case. The group tends to target cloud-standard resources and [operating systems], such as docker and *nix.”
https://www.scmagazine.com/home/security-news/malware/linux-machines-again-targeted-by-hackers-with-new-memory-loader/
New York City proposes regulating algorithms used in hiring
The proposal is a part of a recent movement at all levels of government to place legal constraints on algorithms and software that shape life-changing decisions—one that may shift into new gear when Democrats take control of the White House and both houses of Congress.
https://arstechnica.com/tech-policy/2021/01/new-york-city-proposes-regulating-algorithms-used-in-hiring/
|
