Cybersecurity News of the Week, April 25, 2021

Individuals at Risk

Cyber Privacy

Bugs Allowed Hackers to Dox John Deere Tractor Owners: A security researcher found two bugs that allowed him to find customers who had purchased John Deere tractors or equipment. MotherBoard, April 22, 2021

Brace yourselves. Facebook has a new mega-leak on its hands: Facebook Email Search v1.0 can process 5 million email addresses per day, researcher says. ars technica, April 20, 2021

Cyber Warning

Why iPhone owners should turn off AirDrop. Now: Not everything Apple makes “just works” — at least not as intended, anyway. Mashable, April 23, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

Don’t Forget: A Checklist for Offboarding Remote Employees Securely: We all know about the threat of threat actors trying to access our corporate data. But with the rise of remote work, keeping an eye on employees during offboarding is an important area to watch, as well. Security Intelligence, April 23, 2021

Why You Need Attack Surface Management (And How To Achieve It): Attack surface management (ASM) has rightly become a major priority for business leaders and digital defenders alike. The number of connected things is growing, and that means attackers have far more entryways into your networks and systems. With ASM, you can respond proactively to threats to stop them before they start. SecurityIntelligence, April 22, 2021

New bottleneck emerges in DOD’s contractor cybersecurity program, concerning assessors: Companies in line to become certified assessors for the Department of Defense‘s supply chain cybersecurity program are facing a new roadblock: Getting and passing an assessment of their own. Fedscoop, April 19, 2021

Cyber Attack

Data Poisoning: When Attackers Turn AI and ML Against You: Stopping ransomware has become a priority for many organizations. So, they are turning to artificial intelligence (AI) and machine learning (ML) as their defenses of choice. However, threat actors are also turning to AI and ML to launch their attacks. One specific type of attack, data poisoning, takes advantage of this. SecurityIntelligence, April 21, 2021

Cyber Update

Hackers go after SonicWall email appliances with three zero-days: A hacking group has used three zero-day vulnerabilities impacting SonicWall products to breach corporate networks and install backdoors, security firm FireEye said in a report on Tuesday. TheRecord, April 20, 2021

Cybersecurity in Society

Cyber Crime

Password manager Passwordstate hacked to deploy malware on customer systems: A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users’ devices, most of which are enterprise customers. TheRecord, April 23, 2021

Ransomware is growing at an alarming rate, warns GCHQ chief: Cyber criminal gangs are looking to ‘exploit the accelerations in connectivity and poor cyber security,’ warns GCHQ director Jeremy Fleming. ZDNet, April 23, 2021

Geico Customer Data Breach May be Part of Unemployment Insurance Scam: Auto insurer Geico recently reported that fraudsters have been stealing license numbers of its customers for the past few months and possibly using them to fraudulently apply for unemployment benefits. InsuranceJournal, April 22, 2021

REvil’s Big Apple Ransomware Gambit Looks to Pay Off: The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded. ThreatPost, April 21, 2021

Chinese hackers used Pulse Secure VPN zero-day to breach US defense contractors: Two hacking groups, including at least one confirmed Chinese cyber-espionage outfit, have used a new zero-day vulnerability in Pulse Secure VPN equipment to gain a foothold inside the networks of US defense contractors and government organizations across the world. The Record, April 20, 2021

Know Your Enemy

Ransomware gang offers traders inside scoop on attack victims so they can short sell their stocks: Brazen ransomware groups are continuing to seek out new avenues to rake in profits and ratchet up pressure on victims. In one of the latest such developments, the DarkSide ransomware group is openly coaxing stock traders to reach out and receive the inside scoop on the gang’s latest corporate victims, so they can short sell their stock before any data is leaked and the news goes public. SCMagazine, April 23, 2021

Internet of Threats: IoT Botnets Drive Surge in Network Attacks: As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019. SecurityIntelligence, April 22, 2021

Malware and ransomware gangs have found this new way to cover their tracks: The tools that make our communications more secure are also benefiting the crooks. ZDNet, April 22, 2021

Inside the Cyber Attack “Machine”: What Hospitals Need to Know about the Dark Web and Post-Pandemic Threats: The pandemic has created formidable challenges for industries across the board – but none more so than healthcare. In addition to needing to accommodate often staggering influxes of seriously ill patients, hospitals and other medical providers face the foreboding prospect of an extended spike in cyber threats: Since the beginning of November, attacks targeting healthcare organizations have increased by 45 percent, more than doubling the overall increase for all sectors worldwide. CPO, April 22, 2021

REvil ransomware – what you need to know: REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019, following the demise of another ransomware gang GandCrab. TripWire, April 22, 2021

Hacker Sold 895,000 Gift Cards Worth $38 Million and 330,000 Payment Cards on a Russian Dark Web Forum: A hacker sold about 895,000 gift cards and 330,000 stolen payment cards worth about $38 million on a dark web forum after allegedly compromising a gift card marketplace. CPO, April 19, 2021

The Incredible Rise of North Korea’s Hacking Army: The country’s cyber forces have raked in billions of dollars for the regime by pulling off schemes ranging from A.T.M. heists to cryptocurrency thefts. Can they be stopped? The New Yorker, April 19, 2021

National Cybersecurity – Solar Winds

Analysts Uncover More Servers Used in SolarWinds Attack: RiskIQ: Discovery Sheds Light on Size of Cyberespionage Operation. BankInfoSecurity, April 22, 2021

SolarWinds Hack Imparted Lessons to Work Across Silos and Not ‘Victim Blame,’ Says Federal CISO: Government and industry need to harness lessons learned from the collaboration following the massive SolarWinds breach and not “victim-blame” companies that invested in cyber defenses yet still got hit in a cyber attack, federal Chief Information Security Officer Chris DeRusha said today. HSToday, April 22, 2021

Cyber Defense

Utility Regulator Says SolarWinds Backdoor Was Downloaded by 1/4 of Electric Utilities on the North American Power Grid: North American Electric Reliability Corp. (NERC), a non-profit regulatory authority that oversees utilities in the United States and Canada, revealed this week that about 25% of the electric utilities on the North American power grid downloaded the SolarWinds backdoor. CPO, April 19, 2021

DOJ Launches Task Force to Battle Ransomware Threat: Prosecutors to Target the ‘Ransomware Criminal Ecosystem’. BankInfoSecurity, April 20, 2021

Cyber Danger

Ransomware’s perfect target: Why one industry needs to improve cybersecurity, before it’s too late: Dependencies on just-in-time supply chains and sometimes out-of-date technology makes shipping and logistics an ever-more tempting target for cyber criminals. ZDNet, April 23, 2021

Cyber Talent

How To Address The Lack Of Diversity In Cybersecurity: All movements that have shaken up social order in recent years appear to have made little impact on the diversity in cybersecurity ranks. Among all the hashtags — #SeeHer, #BlackLivesMatter and the rest — maybe we should add #InfoSecSoWhite. Forbes, April 23, 2021

Cyber Miscellany

Signal booby-traps its own encrypted messaging app to hack its hackers: Encrypted messaging service Signal has turned the tables on data extraction company Cellebrite, seemingly booby-trapping its own app to hack the hackers. Yahoo, April 22, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge