Cybersecurity News of the Week, December 5, 2021

Individuals at Risk

Cyber Privacy

How to Manage PlayStation, Switch, and Xbox Privacy Settings: Modern video game consoles offer sophisticated social experiences, and they’re designed to be connected to the internet just about all the time in order to deliver them. Like other always-connected devices, including phones and TVs, the Sony PlayStation 5, Microsoft Xbox Series X and S, and Nintendo Switch all gather data and share your various activities with your friends—and advertising partners. The New York Times, November 16, 2021

Cyber Warning

Omicron Phishing Scam Already Spotted in UK: Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. ThreatPost, December 3, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

These researchers wanted to test cloud security. They were shocked by what they found: Cybersecurity researchers set up a tempting cloud honeypot to examine how cyber attackers work. ZDNet, December 1, 2021

Cyber Defense

Memo Cites Lessons from Ransomware Payments by CNA, JBS and Colonial Pipeline: In March 2021, CNA Financial Corp., one of the country’s largest insurance companies, suffered a ransomware attack from a cybercriminal group called Phoenix. InsuranceJournal, November 29, 2021

Cyber Warning

‘Double-Extortion’ Ransomware Damage Skyrockets 935%: Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. ThreatPost, December 2, 2021

New Ransomware Variant Could Become Next Big Threat: Enterprise security teams might want to add “Yanluowang” to the long and growing list of ransomware threats they need to watch out for. DarkReading, December 1, 2021

Patch Now

Why Everyone Needs to Take the Latest CISA Directive Seriously: Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It’s easy to see why you would assume that a directive from CISA just doesn’t relate to your organization. The Hacker News, December 3, 2021

Cybersecurity in Society

Cyber Crime

FBI says the Cuba ransomware gang made $43.9 million from ransom payments: The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year. TheRecord, December 3, 2021

Suspected Chinese hackers breach more US defense and tech firms: (CNN)A suspected Chinese hacking campaign has breached four more US defense and technology companies in the last month, and hundreds more US organizations are running the type of vulnerable software that the attackers have exploited, according to research shared with CNN. CNN, December 3, 2021

Colorado energy company loses 25 years of data after cyberattack while still rebuilding network: DMEA did not use the term “ransomware” but said much of their data had been corrupted while phone and email services were down for weeks. ZDNet, December 2, 2021

Planned Parenthood Breach Opens Patients to Follow-On Attacks: Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information. ThreatPost, December 2, 2021

Really stupid “smart contract” bug let hackers steal $31 million in digital coin: Company says it has contacted the hacker in an attempt to recover the funds. Good luck. ars technica, December 1, 2021

DNA testing firm discloses data breach affecting 2.1 million people: DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. BleepingComputer, November 30, 2021

Cyber Espionage

U.S. State Department phones hacked with Israeli company spyware – sources: Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter. Reuters, December 3, 2021

Cyber Journalism

Inside the ‘Misinformation’ Wars: Journalists and academics are developing a new language for truth. The results are not always clearer. The New York Times, November 28, 2021

Know Your Enemy

Who Is the Network Access Broker ‘Babam’?: Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years. KrebsOnSecurity, December 3, 2021

The top business book of 2021 is all about cyber crime — and how your data gets hacked: You might think cybersecurity is too complicated or boring to worry about. This year’s best business book wants to convince you otherwise. CNBC, December 3, 2021

Hacker Lexicon: What Is a Watering Hole Attack?: It’s a technique that can hit thousands of victims—through no fault of their own. Wired, November 28, 2021

National Cybersecurity

The US crackdown on Chinese economic espionage is a mess. We have the data to show it: The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals. TechnologyReview, December 2, 2021

CISA Names Cybersecurity Advisory Committee Members: The committee will hold its first meeting December 10th. AFCEA, December 1, 2021

Israel and Iran Broaden Cyberwar to Attack Civilian Targets: Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens. The New York Times, November 27, 2021

Cyber Enforcement

A Peek Inside Anom, the Phone Company Secretly Used in an FBI Honeypot: Videos, documents, and other files obtained by Motherboard show how the company functioned as an entity in its own right. Vice, December 2, 2021

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs: The FBI seized $2.3 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer. BleepingComputer, November 30, 2021

Members of hacking group sentenced for stealing millions in cryptocurrency: The Justice Department on Tuesday announced the sentencing of the last member of an international hacking group indicted for allegedly stealing millions in cryptocurrency as part of a “SIM hijacking” effort. TheHill, November 30, 2021

FBI document shows what data can be obtained from encrypted messaging apps: A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr. TheRecord, November 30, 2021

Cyber Misc

A mysterious threat actor is running hundreds of malicious Tor relays: Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users. TheRecord, December 3, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge