Cybersecurity News of the Week, August 15, 2021

SecureTheVillage First Annual Golf Tournament

The first annual SecureTheVillage Golf Tournament is October 20! Celebrate cybersecurity awareness month on the links. Includes breakfast, lunch, and cocktail reception afterwards.

Individuals at Risk

Cyber Update

Millions of home Wi-Fi routers under attack by botnet malware — what you need to know: Nearly 40 different models sold by 20 different brands. Tom’s Guide, August 10, 2021

Microsoft Patch Tuesday, August 2021 Edition: Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines. KrebsOnSecurity, August 10, 2021

Cyber Warning

Get ready for Zoom-based deepfake phishing attacks, expert warns: As deepfake technology gets better, it will be used more often to con people. Tom’s Guide, August 12, 2021

Cyber Danger

Tech-savvy teens falling prey to online scams faster than their grandparents: Being ultra-tech-savvy apparently isn’t enough to protect you from online scams, a new report suggests. CNBC, August 11, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

Beyond Password Safety: How to Make Employee Sign-On Safe and Convenient: When did you last change your work password? Was it when the system prompted you? When you were first hired? Or maybe the answer doesn’t matter. When it comes to password safety, old adages don’t always apply anymore. Let’s take a look at what today’s business password management really needs by focusing on the valuable data behind the password. SecurityIntelligence, August 11, 2021

Using SOCs and Cybersecurity Hubs to Prioritize Security Operations in a Critical Era: In our era of exponential digital connectivity, any company’s operations, brand, reputation, and revenue pipelines are at risk. Cybercrime is rampant and everyone is a target. The results of a recent Accenture Cyber Investigations, Forensics & Response business study found that Global cyber intrusion activity jumped 125 percent in the first half of 2021. Cybersecurity Ventures estimates that in 2021 global losses from cybercrime damages are expected to reach $6 trillion. That equates to damage amounts of $16.4 billion a day, $684.9 million an hour, $11 million per minute, and $190,000 per second (Cybercrime Magazine, 2020). HSToday, August 11, 2021

Ransomware runs rampant, so how can you combat this threat?: A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim. WeLiveSecurity, August 10, 2021

Incident Responders Explore Microsoft 365 Attacks in the Wild: Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access. DarkReading, August 5, 2021

Top Routinely Exploited Vulnerabilities: This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). US-CERT, July 28, 2021

Cyber Talent

The Ripple Effect: How increasing the number of women in the infosec can result in a happier workplace: The issue of diversity in the information security industry was a hot topic at Black Hat USA last week, as more companies look to create a more inclusive workplace. The Daily Swig, August 9, 2021

Cybersecurity in Society

Cyber Crime

Ransomware Payments Explode Amid ‘Quadruple Extortion’: Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks. ThreatPost, August 12, 2021

Piracy sites make more than $1 .3 billion from malicious and real ads: Online criminals reap an estimated $1.34 billion from websites and apps that feature pirated movies, TV shows, games, and live events, according to a year-long study published Thursday by the nonprofit Digital Citizens Alliance and anti-piracy firm White Bullet. TheRecord, August 12, 2021

Accenture downplays ransomware attack as LockBit gang leaks corporate data: Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups. The Record, August 11, 2021

Cyberfraud shifts to gaming, travel and leisure, report finds: As digital fraud attempts on consumers and businesses rise, cybercriminals have shifted their focus from financial services to the gaming and travel and leisure industries. CNBC, August 11, 2021

Hacker Finally Returns Nearly All $600 Million Stolen In Ethereum, Other Tokens After Major Crypto Heist: TOPLINE In an unusual twist for the one of the largest cryptocurrency heists ever, a hacker who stole more than $600 million in tokens from blockchain-based platform Poly Network on Tuesday has sent back a large majority of the stolen funds after a slew of cryptocurrency experts and businesses pledged to track the hacker’s crypto activity on the blockchain—but the hacker’s identity, and how exactly funds were stolen, remain unknown. Forbes, August 11, 2021

Motherboard vendor GIGABYTE hit by RansomExx ransomware gang: Taiwanese computer hardware vendor GIGABYTE has suffered a ransomware attack, and hackers are currently threatening to release more than 112 GB of business data on the dark web unless the company agrees to their ransom demands. TheRecord, August 6, 2021

Cyber Privacy

If You Build It, They Will Come: Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World: Apple’s new program for scanning images sent on iMessage steps back from the company’s prior support for the privacy and security of encrypted messages. The program, initially limited to the United States, narrows the understanding of end-to-end encryption to allow for client-side scanning. While Apple aims at the scourge of child exploitation and abuse, the company has created an infrastructure that is all too easy to redirect to greater surveillance and censorship. The program will undermine Apple’s defense that it can’t comply with the broader demands. EFF, August 11, 2021

Apple’s New ‘Child Safety’ Initiatives, and the Slippery Slope: First, new communication tools will enable parents to play a more informed role in helping their children navigate communication online. The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple. Daring Fireball, August 6, 2021

Cyber Defense

The Cybersecurity 202: The bipartisan infrastructure bill could bring a cyber bounty for state and local governments: The mammoth bipartisan infrastructure deal that passed the Senate this week includes a $1 billion pot of cybersecurity money to help state and local governments battered by ransomware and other digital attacks. The Washington Post, August 12, 2021

CobaltSpam tool can flood Cobalt Strike malware servers: A security researcher has published this week a tool to flood Cobalt Strike servers—often used by malware gangs—with fake beacons in order to corrupt their internal databases of infected systems. TheRecord, August 12, 2021

Researchers Call for ‘CVE’ Approach for Cloud Vulnerabilities: New research suggests isolation among cloud customer accounts may not be a given — and the researchers behind the findings issue a call to action for cloud security. DarkReading, August 8, 2021

Know Your Enemy

Notorious AlphaBay darknet market comes back to life: The AlphaBay darkweb market has come back to life after an administrator of the original project relaunched it over the weekend. BleepingComputer, August 12, 2021

Hackers netting average of nearly $10,000 for stolen network access: The single most expensive offering seen by Intsights researchers was being offered for about $95,000. ZDNet, August 10, 2021

Phishing Sites Targeting Scammers and Thieves – Krebs on Security: I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: KrebsOnSecurity, August 9, 2021

Secrets and Lies: The Games Ransomware Attackers Play: Criminals Regularly Fib About Stealing Data, Sparing Hospitals and Much More. BankInfoSecurity, August 5, 2021

National Cybersecurity

Cyberspace Solarium update finds much work to be done: The U.S. government “has a lot of work ahead” of it to implement key recommendations designed to boost the country’s digital defenses, a congressionally-chartered panel warned on Thursday. The Record, August 12, 2021

Cyber Lawsuit

Business customer sues TD Bank after losing almost $300,000 in a cyber crime: CAMDEN – A Philadelphia-area firm has sued TD Bank N.A, claiming the financial institution failed to protect it from an online theft of more than $275,000. Courier Post, August 12, 2021

Cyber Enforcement

Cybercrime cops look for true owners of £16m in stolen cryptocurrency after smashing huge online scam: Cybercrime cops in Manchester have seized £16M in stolen cryptocurrency after smashing a huge online scam. MSN, August 12, 2021

Cyber Research

Quantum computers could threaten blockchain security. These new defenses might be the answer: To protect sensitive data from future quantum computers, new security protocols will be needed. This blockchain is getting ready. ZDNet, August 11, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge