Cybersecurity News of the Week, August 30, 2020

SecureTheVillage Calendar

CyberFreedomWebinar: Taming The Tiger: How to Detect, Deter, & Defeat Disinformation with Marc Ambinder. September 8 @ 10:00 am – 11:00 am PDT

Information Security Management Webinar: The Great Reboot: Succeeding in a World of Catastrophic Risk and Opportunity with Bob Zukis & Others. September 10 @ 10:00 am – 11:00 am PDT

Insurance Brokers Cybersecurity Roundtable: Cybersecurity Essentials for Small & Medium Businesses with Deron T. McElroy, CISA. September 15 @ 2:00 pm – 3:00 pm PDT

Technology & Security Management HappyHour: Managing the Client-Vendor Interface: A Win-Win-Win Strategy for Improved Performance and Security. September 22 @ 4:30 pm – 5:30 pm PDT

Financial Services Cybersecurity Roundtable: Top Cybersecurity Threats of 2020 with Sherri Davidoff of LMG Security. September 25 @ 8:00 am – 10:00 am PDT

Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST

Individuals at Risk

Cyber Humor

Information Security Management for the Organization

Information Security Management

Here’s What We Can Do To Reduce The Risk Of A Ransomware Attack: A ransomware attempt on Tesla, confirmed by Elon Musk, which ended with the Russian perpetrator being arrested by the FBI after a company employee rejected his million-dollar offer to help hack into the company’s computer systems, highlights the increasing level of professionalism of the crooks dedicated to this aspect of cybercrime: a carefully planned attack using social engineering — trying to obtain the collaboration of a fellow Russian employee by using another person of the same nationality — and directed at one of the world’s best-known companies of the moment. Forbes, August 28, 2020

The perfect storm: Finding new ways to navigate and mitigate the cybersecurity pandemic: A 2019 report released by the National Cyber Security Alliance (NCSA) showed just how devastating a cyberattack is to small and medium-size businesses. After suffering a data breach, 25 percent of the businesses surveyed had to file for bankruptcy, with 10 percent closing permanently. Now, during extraordinarily trying times, hackers are doubling down and taking advantage of new vulnerabilities as well as new attack. From nefarious ransomware masquerading as a COVID-19 contact-tracing app to phishing campaigns that use well-known brand names as bait, cybercrime is at a new level. SecurityMag, August 28, 2020

Double extortion ransomware attacks and how to stop them … As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks: Ransomware is one of the most common types of cyber threat, targeting a business every 14 seconds and costing $11.5bn in 2019 alone. Typically, hackers that perform these attacks will breach a system to steal data and delete it if the victim does not pay a ransom fee. ComputerWeekly, August 27, 2020

The CMMC’s first group of cybersecurity assessors is ready to train: The most critical part of the Department of Defense‘s new cybersecurity standards requires third-party assessments for every contractor in the industrial base. On Wednesday, an initial group of assessors were selected to start training for the job. Fedscoop, August 27, 2020

Microsoft says the pandemic has changed the future of cybersecurity in these five ways: A new report from Microsoft suggests that cloud-based technologies and Zero Trust architecture will become mainstays of businesses’ cybersecurity investments going forward. TechRepublic, August 24, 2020

SANS shares details on attack that led to their data breach: SANS has shared the indicators of compromise for a recent phishing attack that compromised one of their email accounts and led to a data breach. BleepingComputer, August 14, 2020

Privacy Management

Tracking the Trackers: Cookies Are Subject to Opt-In Under GDPR and a Sale Under the CCPA: Those little automated data tracking mechanisms are subject to special treatment, consent, opt in and opt out requirements under the two most important global consumer privacy regulations in effect today. Have you properly accounted for cookies in your data privacy compliance? CPO, August 26, 2020

Cyber Danger

Old Malware Tool Acquires New Tricks … Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients: Qbot, a malware tool that has been tormenting users worldwide since at least 2008, is back at it again, with new features including one for stealing email threads from Outlook clients and using them to try and infect other user systems. DarkReading, August 27, 2020

Top exploits used by ransomware gangs are RDP, email phishing, and VPN … Reports from Coveware, Emsisoft, and Recorded Future clearly put RDP as the most popular intrusion vector and the source of most ransomware incidents in 2020: Ransomware attacks targeting the enterprise sector have been at an all-time high in the first half of 2020. ZDNet, August 24, 2020

Cyber Talent

4 Steps to Consider When Starting a New Cybersecurity Career: At a time when layoffs are painfully common, now might not seem like a great time to look for a new job or switch careers. Or, is it? SecurityIntelligence, August 27, 2020

Are you looking for Cyber Security Talent? CyberForward by CISOSHARE is a cybersecurity resource development program that helps organizations build a pipeline of junior-level talent. From classroom instruction, to internship work, then project work, combined with hands-on mentoring by industry experts, CyberForward generates talent suited to perform defined tasks & repeatable processes commonly found in security analyst or engineering roles. Learn more at

Cybersecurity in Society

Cyber Privacy

Major Data Broker Exposes 235 Million Social Media Profiles in Data Leak. Info Appears to Have Been Scraped Without Permission: Social Data, a data broker that appears to have been scraping public social media profiles for information without the knowledge or consent of the host companies, is the latest organization to get caught with an exposed public database. The source of the data leak was an unsecured database sitting unprotected without a password, apparently due to some sort of configuration error. CPO, August 27, 2020

Cyber Crime

Ritz Hotel Data Breach Allowed Scammers to Make Expensive Purchases With Stolen Credit Card Information: Hackers attempted to defraud guests at one of London’s most luxurious hotels after breaching the restaurant’s reservation system. The scammers contacted the customers posing as Ritz Hotel’s staff after spoofing the official phone number. They requested for the confirmation of the victims’ credit card numbers, claiming that initial payments for the reservations had been declined. The suspected criminals later went on a shopping spree at Argos, attempting to make purchases worth thousands of pounds. CPO, August 28, 2020

A former Cisco employee pleaded guilty to accessing the company’s network in 2018, five months after resigning, to deploy code that led to the shut down of more than 16,000 WebEx Teams accounts and the deletion of 456 virtual machines: According to a plea agreement filed on July 30, 2020, 30-year-old Sudhish Kasaba Ramesh accessed Cisco’s cloud infrastructure hosted on Amazon Web Services without permission on September 24, 2018 — he resigned from the company in April 2018. BleepingComputer, August 28, 2020

60 Seconds In Cybersecurity: Here’s What Happens In Just One Malicious Internet Minute … 16,172 records compromised every 60 seconds, according to the RiskIQ analysis: The latest security intelligence report from RiskIQ has the somewhat provocative title of Evil Internet Minute 2020. However, by analyzing its own global intelligence as an attack surface management company, along with third-party research, RiskIQ has put together an interesting overview of what can happen in just 60 malicious seconds online. Forbes, August 27, 2020

North Korean hackers are actively robbing banks around the world, US government warns: The BeagleBoyz have made off with nearly $2 billion since 2015, and they’re back to attacking financial institutions after a short lull in activity. TechRepublic, August 27, 2020

North Korean Hacker Group Targeted Crypto Firm Using LinkedIn Ad: Cybersecurity Report: The North-Korea based Lazarus group of hackers that has been linked to attacks on the central banks of Ecuador, Vietnam and Bangladesh, appears to have targeted a crypto firm in an attack last year, according to a report by cybersecurity firm F-secure. CoinDesk, August 25, 2020

Cyber Attack

New Zealand stock exchange disrupted by fourth ‘offshore’ cyber attack … Intelligence cyber crime agencies called in to help after chaotic week of distributed denial of service attacks: The New Zealand government has activated national security systems after the nation’s stock exchange was disrupted by cyber attacks for a fourth day. The Guardian, August 28, 2020

Sendgrid Under Siege from Hacked Accounts: Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. KrebsOnSecurity, August 28, 2020

Russian tourist offered employee $1 million to cripple Tesla with malware: Tesla’s Nevada Gigafactory was the target of a concerted plot to cripple the company’s network with malware, CEO Elon Musk confirmed on Thursday afternoon. ars technica, August 27, 2020

Cyber Defense

Cybersecurity Bills Expected to Pass New York City Council … City would create special inspector for cybersecurity within the Department of Investigation and require vendors to report breaches: (TNS) — New York City would create a special inspector for cybersecurity within the Department of Investigation and make the existing office devoted to defending against online attacks an official part of the city charter, under bills the Council is expected to pass Thursday. GovTech, August 27, 2020

Know Your Enemy

Maze ransomware ‘cartel’ expands with new members … Two more ransomware groups have apparently joined the Maze ‘cartel’ in an effort to expose victims’ data on leak sites and shame them into paying expensive ransoms: Two more ransomware gangs, Conti and SunCrypt, have apparently joined the Maze collective, which currently consists of Maze, LockBit and Ragnar Locker. SearchSecurity, August 27, 2020

Confessions of an ID Theft Kingpin, Part II: Yesterday’s piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good. Here’s a look at what happened after he got busted. KrebsOnSecurity, August 27, 2020

Confessions of an ID Theft Kingpin, Part I: At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good. KrebsOnSecurity, August 26, 2020

Cyber Freedom

How Campaigns Can Prioritize Cybersecurity Heading Into The 2020 Election: The hacks, nation-state meddling and disinformation campaigns that plagued the 2016 U.S. election made one thing very clear: Cybersecurity must be a priority for the 2020 election. While many of the threats remain largely the same as four years ago, the reality of social distancing has brought about a new risk. So, it’s more important than ever that politicians, their campaign teams and advisers, and government agencies take cybersecurity risks seriously. Forbes, August 28, 2020

Cyber Enforcement

DoJ Aims to Seize 280 Cryptocurrency Accounts Used by North Korean state-sponsored attackers in their efforts to hack cryptocurrency exchanges and funnel hundreds of millions in stolen funds through a Chinese money-laundering network: Complaint details collaboration with China to funnel $250m in stolen funds as part of state-sponsored attacks. ThreatPost, August 28, 2020

Cyber Miscellany

Exploring the Forgotten Roots of ‘Cyber’ … Cyber Always Points to the Future, But It Has a Past: One day when all of this pandemic craziness is over, maybe you’ll drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job. Of course, your business will be backed by a cyber insurance policy as a fallback in the event of a devastating cyberattack. Or if you’re working for a government cybersecurity center, maybe you’ll even be safeguarding cyberspace against cyber espionage agents – who do cybercrime in their spare time – and the looming threat of cyberwar, while binging over the weekend on your favorite episodes of “CSI: Cyber.” Or cyber whatever. BankInfoSecurity, August 7, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge