Cybersecurity News of the Week, December 6, 2020

SecureTheVillage Calendar

Information Security Management Webinar: PCI DSS 4.0 with Scott Pierangelo. December 10 @ 10:00 am – 11:00 am PST

Invitational Cybersecurity Workforce Workshop — Linking Supply & Demand December 15 @ 10:00 am – 12:00 pm PST

Insurance Brokers Cybersecurity Roundtable: : Help Your Customers Better Understand Information Security Management…A Key to Increased Cyber Insurance Sales  Dr. Stan Stahl, PHD. December 15 @ 2:00 pm – 3:00 pm PST

Financial Services Cybersecurity Roundtable: A Conversation on Cyber Crime with Deputy D.A. Ryan Tracy. December 2020 December 18 @ 8:00 am – 10:00 am PST 

Dr. Steve Krantz Webinar: Personal Cybersecurity January 12, 2021 @ 1:00 pm – 3:00 pm PST

Dr. Steve Krantz Webinar: Become A CyberGuardian January 14, 2021 @ 12:30 pm – 2:00 pm PST

Individuals at Risk

Identity Theft

IRS to Make ID Protection PIN Open to All: The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years. KrebsOnSecurity, December 4, 2020

Cyber Defense

Most used passwords for 2020: The internet’s favorite curse word, name, food, and team: CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it’s time to change right now. TechRepublic, December 4, 2020

Cyber Warning

Novel Online Shopping Malware Hides in Social-Media Buttons: The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. ThreatPost, December 4, 2020

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

Cybersecurity In An Age Of Financial Threats: A Q&A With Proofpoint’s CFO: Cyberthreats are constantly evolving and posing new – and dangerous – challenges to every company and industry, with corporate finance departments especially at risk. For that reason, the CFO of a company that creates and sells cybersecurity software must be one step ahead of the fraudsters. Forbes, December 4, 2020

Information Security Management

Data Leak Exposes 50,000 Fortinet VPN Credentials on Popular Underground Hacker Forums and Chats: A hacker published a list of 50,000 credentials stolen from vulnerable Fortinet SSL VPNs. The data leak contained a list of one-line exploits for Fortinet’s FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7, and 5.4.6 to 5.4.12 bug. The vulnerability allows an attacker to steal VPN credentials from the SSL VPN web portal. The latest breach is considered “the most complete sslvpn websession exploit” with both usernames and passwords. A hacker named “pumpedkicks” was suspected of stealing the data on November 19. CPO, December 4, 2020

SIEM Trends: What to Look for in a Security Analytics Provider: The authors of The Forrester Wave™ turn to a quote from ‘The Empire Strikes Back’ to sum up the direction of SIEM: “You truly belong here with us among the clouds.” Sticking with ‘Star Wars’ for guidance, we might also find some truth in ‘The Phantom Menace’: “You can’t stop change, any more than you can stop the suns from setting.” SecurityIntelligence, December 1, 2020

How Ransomware Defense Is Evolving With Ransomware Attacks: As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic “keep good backups” advice. DarkReading, November 24, 2020

Cyber Insurance

Rising Ransomware Attacks Spur Debate Over Whether Cyber Insurance Is to Blame: As ransomware becomes a larger and more expensive risk, some lawyers say cyber insurance policies might partially be the cause. Unsurprisingly, insurers have a much different take., December 4, 2020

Cybersecurity in Society

Cyber Crime

Ransomware gangs are now cold-calling victims if they restore from backups without paying: In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands. ZDNet, December 5, 2020

Aerospace Giant Embraer Downed by Suspected Ransomware: Brazilian aerospace giant Embraer has revealed it suffered a data breach last week, although local reports suggest ransomware was involved. InfoSecurity, December 4, 2020

Largest global staffing agency Randstad hit by Egregor ransomware: Staffing agency Randstad NV announced today that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack. BleepingComputer, December 4, 2020

Egregor Ransomware Strikes Metro Vancouver’s TransLink: The Egregor ransomware gang struck TransLink, the authority responsible for managing Metro Vancouver’s transportation network. The State of Security, December 4, 2020

Kmart, Latest Victim of Egregor Ransomware – Report: The struggling retailer’s back-end services have been impacted, according to a report, just in time for the holidays. ThreatPost, December 3, 2020

Credential Stuffing Attack Disrupted Spotify, Affecting More Than 300,000 Accounts: Hundreds of thousands of Spotify subscribers may have experienced service disruption during a credential stuffing attack that tried to verify stolen login details against Spotify accounts. Credential stuffing attacks exploit accounts of users who recycle passwords across multiple online services. Attackers use the leaked login credentials to breach other websites by employing automated scripts. Spotify says the attack affected up to 350,000 accounts. CPO, December 3, 2020

Here’s how Franklin lost $522K to a fraud attack, and what the town’s doing about it: FRANKLIN — A town employee has been suspended without pay after falling victim to a spear-phishing attack where she wired more than $522,000 to a fraudster, Town Administrator Jamie Hellen disclosed Wednesday night. Milford Daily News, December 3, 2020

Cyber Attack

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain: At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation. SecurityIntelligence, December 3, 2020

Cyber Privacy

South Korean Regulator Fines Facebook for Privacy Violations; Social Media Giant Shared Personal Data Without User Consent: South Korea’s information protection regulator has fined Facebook the equivalent of $6.1 million for privacy violations, concluding an investigation that began in 2018. The regulator says that Facebook shared the personal information of 3.3 million residents of the country with third parties without collecting proper user consent and in violation of laws protecting personal information, with the breach window running from May 2012 to June 2018. CPO, December 3, 2020

Know Your Enemy

Account Hijacking Site OGUsers Hacked, Again – Krebs on Security … For at least the 3rd time in its existence, OGUsers — a forum overrun w people looking to buy, sell and trade access to compromised social media accounts — has been hacked: Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised. The hack was acknowledged by the forum’s current administrator, who assured members that their passwords were protected with a password obfuscation technology that was extremely difficult to crack. KrebsOnSecurity, December 2, 2020

Cyber Freedom

As Baltimore County recovers from ransomware attack, state audits have routinely found security problems in other school districts: The Wednesday before Thanksgiving began with a flurry of urgent text messages and emails among Maryland educational technology chiefs. BaltimoreSun, December 4, 2020

BCPS stonewalls County Council members at meeting over ransomware attack: “The attitude, the arrogance!” said a Baltimore County councilman after school officials refused to say whether data privacy and county finances are at risk. BaltimoreBrew, December 4, 2020

Trump fired me for saying this, but I’ll say it again: The election wasn’t rigged: On Nov. 17, I was dismissed as director of the Cybersecurity and Infrastructure Security Agency, a Senate-confirmed post, in a tweet from President Trump after my team and other election security experts rebutted claims of hacking in the 2020 election. On Monday, a lawyer for the president’s campaign plainly stated that I should be executed. I am not going to be intimidated by these threats from telling the truth to the American people. Washington Post, December 1, 2020

With 2020 Called A Success, Big Questions Lie Ahead For Election Security: The 2020 elections ran well and were largely free from foreign interference, U.S. officials say. NPR, November 30, 2020

National Cybersecurity

Defense Bill Would Restore White House Cybersecurity Post: Measure Is the Latest Effort to Revive Position. BankInfoSecurity, December 4, 2020

Cybersecurity in the Biden Administration: Experts Weigh In: Security pros and former government employees share their expectations and concerns for the new administration – and their hope for a “return to normal.” DarkReading, December 2, 2020

How Biden Could Change the Conversation on Cybersecurity: The incoming administration could mean significant changes for technology, especially where federal cybersecurity is concerned. The increased attention will no doubt mean big changes for state and local governments as well. GovernmentTechnology, November 30, 2020

Cyber Enforcement

Bomb Threat, DDoS Purveyor Gets Eight Years: A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. KrebsOnSecurity, December 1, 2020

Cyber Warning

The Dark Side of AI: Previewing Criminal Uses: Threats Include Social Engineering, Insider Trading, Face-Seeking Assassin Drones. BankInfoSecurity, November 20, 2020

Cyber Misc

Rusty but intact: Nazi Enigma cipher machine found in Baltic Sea: Enigma device stymied Allied intelligence until Alan Turing cracked it. ArsTechnica, December 4, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge