Cybersecurity News of the Week, April 12, 2020

SecureTheVillage Calendar

Online Event: Personal Cybersecurity with Dr. Steve Krantz. April 15 @ 10:00 am – 12:00 pm

Webinar: Security Challenges We Are All Facing. Intouch Insurance and CriticalSTART, April 16 @ 11:00 am – 12:00 pm

Complimentary CLE Webinar: Practical & Ethical Considerations for Social Media Discovery. Driven, April 22 @ 11:00 am – 12:00 pm

Online Event: Doing it…. ONLINE with Dr. Steve Krantz. April 23 @ 10:15 am – 11:45 am

Personal Cyber Security with Dr. Steve Krantz, May 26 @ 1:00 pm – 2:30 pm Calabasas Senior Center Calabasas, CA

Individuals at Risk

Cyber Privacy

Videoconferencing keeps people connected while the coronavirus keeps them inside – but privacy and security are far from perfect: If, before COVID-19, you were concerned about all the data that technology companies had about you, just wait. As stay-at-home orders push more professional and social activities online, it’s becoming harder to remain in control. The Conversation, April 10, 2020

Zoom Privacy Issues Are Magnified as Platform Growth Booms During Pandemic: Amidst a general slaughter in the global economy, Zoom Video Communications is one of the few companies enjoying a massive boom period. The video conferencing platform has added about two million active users per month since the start of 2020, which is about the amount it added across all of 2019. But all of this new attention has also put a lens on Zoom privacy issues. Among other things, the platform has some concerning data collection policies. It has also experienced some significant vulnerabilities, and not all employees may be aware of the monitoring tools employers have at their disposal during video calls. CPO, April 9, 2020

ACLU: Privacy Concerns abound over location tracking to stop Covid-19 spread: Mobile location data may seem like a promising tool for health officials racing to blunt the frightening spread of COVID-19, but the ACLU warned this week that accuracy issues may limit its effectiveness while raising significant privacy concerns. SCMagazine, April 9, 2020

Zoom Rushes to Improve Privacy for Consumers Flooding Its Service: The features that allowed companies to hop on videoconferences also made it easy for trolls to hijack meetings and harass students. The New York Times, April 8, 2020

Cyber Danger

Fleeceware on your iPhone? Don’t get caught out while penned up at home: Trying to keep your kids entertained? Looking for something to take the “long” out of the forthcoming long weekend? (Ever thought you’d be worried about a weekend being “long”?) NakedSecurity, April 9, 2020

Emails Impersonating Trump, White House Seek to Exploit Pandemic Fears. The phishing campaign is only the latest among many related to COVID-19, INKY says: Online scammers have begun impersonating President Donald Trump and the White House in phishing emails designed to lure recipients to websites for downloading malware on their systems. Dark Reading, April 9, 2020

Beware malware-laden emails offering COVID-19 information, US Secret Service warns: Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now. CSO, April 9, 2020

Cybersecurity experts warn of scams targeting coronavirus stimulus checks: Cybercriminals are already looking for ways to steal government assistance designed to help those struggling because of the COVID-19 pandemic. TechRepublic, April 8, 2020

Cyber Defense

Working from home during the coronavirus pandemic creates new cybersecurity threats: COVID-19 has changed nearly every aspect of our daily lives, including how we shop, socialize, exercise and work. If you are a front-line worker or working from home, you must also consider how these adaptations will present opportunities for criminals wanting to exploit this crisis. The Conversation, April 9, 2020

Google Pulls SuperVPN From the Play Store, Users Urged to Delete It: The VPN is vulnerable to man-in-the-middle attacks, allowing all communications between the user and SuperVPN to be intercepted. PC Mag, April 9, 2020

Cyber Humor

Information Security Management for the Organization

Information Security Management and Governance

COVID-19: Now Infecting Cybersecurity: This article analyzes examples of some of the most recent attempts of cybercrime (either through phishing scams or VPN intrusions), as well as recommendations for how to mitigate risk., April 10, 2020

Learning from a ransomware attack: In 2019, criminals hit a group of US service companies through their data center provider, CyrusOne. DCD, April 8, 2020

Coronavirus turns up the heat on cybersecurity projects: Cybersecurity projects – even important ones – often languish, due to budget constraints, scarce resources or simply because they’re just lower priority in the long list of things that need to be done. But for all the havoc it’s wreaked, the Covid-19 pandemic has pushed many of these initiatives to the forefront where they’re gaining traction. SCMagazine, April 7, 2020

Cybersecurity in the C-Suite & Board

Gambling company to set aside $30 million to deal with cyber-attack fallout. In the middle of a merger, SBTech will have $30 million placed in escrow to deal with the repercussions of a suspected ransomware infection: Online betting company SBTech will have to place $30 million in escrow as insurance for covering the fallout from a suspected ransomware infection. ZDNet, April 10, 2020

Why Cybersecurity Should Be Your Company’s Next Social Good Investment: Focusing on security is a social responsibility every company should take to protect its consumers and its data, for the benefit of all. Security Boulevard, April 9, 2020

CMMC in the Age of COVID-19: While attention is necessarily focused on the nation’s response to COVID-19, defense contractors should not put aside the need to prepare to meet DoD’s Cybersecurity Maturity Model Certification (CMMC) requirements. Steptoe, April 7, 2020, Co-Author Jeffrey Weiner is a Member of the SecureTheVillage Leadership Council.

Cyber Warning

FBI Anticipates Rise in Business Email Compromise (BEC) Schemes Related to the COVID-19 Pandemic: Fraudsters will take advantage of any opportunity to steal your money, personal information, or both. Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts. FBI, April 6, 2020

Cybersecurity in Society

Cyber Privacy

U.S. Senate advises against using Zoom for video conferencing: Add the U.S. Senate to a growing list of a companies and institutions backing away from Zoom. Mashable, April 9, 2020

Who has banned Zoom? Google, NASA, and more: Zoom’s security woes have led to a number of organizations, companies, and schools banning or restricting its use, with some recommending alternatives such as Microsoft Teams. TechRepublic, April 9, 2020

Zoom’s Encryption is Tied to China, Raises More Concerns: A few days ago we revealed how Zoom’s end-to-end encryption is not actually what users would expect from such kind of encryption as the company still had the ability to access the calls taking place. Followed by that news, SpaceX issued a statement that they are banning the use of Zoom, and their workers will now rely on emails, texts, and phone calls to conduct any business. WCCFTech, April 4, 2020

Cyber Crime

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay: Anti-mortar system specs, legal paperwork, payment forms, and more, dumped online from infected PCs. The Register, April 10, 2020

Ransomware Hackers Hit Cononavirus Biotech Researchers: Ransomware hackers in March hit a biotechnology research outfit working to understand the human body’s immune response to help speed development of a vaccine for the Coronavirus (Covid-19) pandemic. MSSP Alert, April 10, 2020

Travelex Pays $2.3M in Bitcoin to Hackers Who Hijacked Network in January: The payout stems from a system-wide attack that knocked global networks offline on New Year’s Eve and reflects a shift in thinking about ransom payouts. ThreatPost, April 10, 2020

Cyber Attack

Ransomware Crooks Emboldened by More Payments, Experiments in ‘Customer’ Experience: A new report out from CyberEdge Group showed that ransomware attacks broke the record books again last year as criminals were carried to more profitable highs by two new prevailing trends. The first trend is that ransom payers are more successfully recovering their data, which leads to the second trend, namely that more organizations are paying off the ransoms when they’re attacked. Security Boulevard, April 10, 2020

NASA sees an “exponential” jump in malware attacks as personnel work from home: Space agency report suggests employees are falling for online scams. ars tecnica, April 7, 2020

Cybercriminals Up Ante As New Ransomware Innovations Include Exposing Victims To Costly Breach Notice Laws: As if ransomware wasn’t a big enough problem already, it just evolved from a costly nuisance into a full-fledged data breach designed to shame companies into paying. This new twist on ransomware is being driven by several well-established cybercriminal groups that have upped the stakes by threatening to publish customer data and trade secrets of victims who refuse to pay the ransom. One ransomware ring has even created a website to publicly expose companies that choose to rebuild their digital assets from backups rather than giving in to ransom demands. Security Boulevard, April 7, 2020

INTERPOL: #COVID19-Fighting Hospitals Facing Ransomware Deluge: INTERPOL has been forced to issue an alert to global police about the heightened risk of ransomware attacks on hospitals and other front-line organizations as they battle the COVID-19 pandemic. InfoSecurity, April 7, 2020

Cyber Defense

Microsoft Buys So Bad Guys Can’t: In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain for the starting price of $1.7 million. Domain experts called dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power. KrebsOnSecurity, April 7, 2020

Cyber Freedom

The Cybersecurity 202: Virtual campaigning could give hackers new ways to attack the 2020 election: As the coronavirus forces political campaigns to shift their operations online, they are bracing for increased cyberattacks, disinformation and pranks designed to undermine the 2020 election. The Washington Post, April 7, 2020

Cyber Readiness

The Coronavirus & Cybersecurity: 3 Areas of Exploitation: Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain. Dark Reading, April 7, 2020

Cyber Miscellany

Soccer Secrets Hacker Leaves Prison, Enters Lockdown. Rui Pinto, the hacker whose revelations shook soccer by shining a light on its darkest secrets, is released from prison and put under house arrest: For Rui Pinto, it is a measure of a return to normal life. All the more so because much of the rest of Portugal’s 10 million inhabitants are also confined to their homes under restrictions imposed to halt the spread of the coronavirus. The New York Times, April 10, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge