Cybersecurity News of the Week, February 21, 2021

Individuals at Risk

Cyber Privacy

New browser-tracking hack works even when you flush caches or go incognito: At least 4 top browsers affected by “powerful tracking vector,” researchers say. ars technica, February 19, 2021

WhatsApp Is Pushing Ahead With Its Controversial Privacy Update Despite User Backlash: WhatsApp has confirmed that it is pushing ahead with the controversial privacy policy changes that sparked a massive backlash against the Facebook-owned messaging app. Forbes, February 19, 2021

Cyber Defense

The 20 Most Common Passwords Found On The Dark Web: By now, you’re probably familiar with common advice surrounding online passwords. Don’t use a sequence of numbers. Don’t use your name. Don’t reuse the same password for all of your accounts. HuffingtonPost, February 20, 2021

Cyber Warning

Malformed URL Prefix Phishing Attacks Spike 6,000%: Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said. ThreatPost, February 19, 2021

LinkedIn phishing scam tries to fool you with fake document — what you need to know: If anyone shares a ‘LinkedIn Private Shared Document,’ don’t open it. Toms Guide, February 18, 2021

IRS Warns of Fresh Fraud Tactics as Tax Season Starts: Site Spoofing, Phishing Campaigns Proliferate. BankInfoSecurity, February 18, 2021

“ShareIt” Android app with over a billion downloads is a security nightmare: Trend Micro audited one of Android’s most popular file-sharing apps. It’s not good. ars technica, February 16, 2021

Cyber humor

Information Security Management for the Organization

Information Security Management

About 26 Million Fortune 1000 Employee Credentials Available on the Dark Web, Password Reuse Rampant: SpyCloud Breach Exposure Report shows that about 25.9 million Fortune 1000 business accounts and 543 million employee credentials were circulating on the underground hacking forums. Password reuse across personal and professional accounts, weak passwords, and info-stealing bots were blamed for leaking employee login credentials. CPO, February 19, 2021

Turning the page on Solorigate and opening the next chapter for the security community: The recent SolarWinds attack is a moment of reckoning. Today, as we close our own internal investigation of the incident, we continue to see an urgent opportunity for defenders everywhere to unify and protect the world in a more concerted way. We also see an opportunity for every company to adopt a Zero Trust plan to help defend against future attacks. Microsoft, February 18, 2021

Combining Three Pillars Of Cybersecurity: Our digital world is under assault, and we need to urgently upgrade our defenses. In the past couple of years, the digital attack surface has vastly expanded from a move to remote work, from more people coming online, and from more interconnectivity of PCs and smart devices around the globe. Simultaneously, criminal enterprises and state actors have taken advantage of the lack of visibility and security administration. They are sharing resources and tactics over Dark Web forums and are growing more sophisticated and capable of using advanced hacking tools that enable them to discover vulnerable targets to infiltrate malware and automate attacks. Forbes, February 18, 2021

Privacy Management

Your Computers & Privacy: Ready or Not, There They Go: Our right to privacy is being challenged in new and urgent ways. As consumers, we must be aware of the impact our choices have on privacy. As businesses, we must know our obligations to protect Personally Identifiable Information (PII) we collect from customers, employees, and others. This obliga-tion has taken on increased urgency as cybercrime has grown to epidemic levels and it is too easy to access, steal, change, and destroy information. David, Lam, Miller Kaplan, February 15, 2021

Secure The Human

What behavioral experts can teach us about improving security. As organizations tackle the new reality of a distributed workforce, there is much to be learned from the behavioral economics discipline: The “castle and moat” approach to protecting one’s domain was effective for centuries. At the start of the internet age, when a company’s greatest assets were physically located on-premises and when employees were accessing them in a predictable way (using company-issued computers, from familiar locations and at expected times), it still largely worked. HelpNetSecurity, February 19, 2021

Cybersecurity in Society

Cyber Crime

The U.S. Has Released the Most Comprehensive Catalog of North Korean Cybercrimes Ever Made Public…The range of activities, victims, and theft and extortion models laid out in the indictment is staggering: North Korea has always been a bit of an outlier among the countries that make extensive use of offensive cyber capabilities. Unlike the United States, Russia, China, Israel, or Iran, North Korea has never appeared to be particularly focused on cyber-espionage or targeted cyber-sabotage. Instead it has performed a series of financially-motivated cybercrime campaigns like the 2017 WannaCry ransomware, as well as some splashy revenge-motivated breaches, most notably the 2014 Sony Pictures compromise. These high-profile incidents have suggested for a while that North Korea has more in common with cybercriminals than other nation states. But a December indictment unsealed this week by the Department of Justice makes clear just how central financial gain is to North Korea’s cyber activities. More importantly, it sheds light on the extent to which cryptocurrency and cybercrime can allow countries to undermine existing economic sanctions. Slate, February 19, 2021

Kia outage may be the result of ransomware; Company says ‘no’: A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer. TechRepublic, February 19, 2021

Safety Certification Giant UL Has Been Hit By Ransomware… The 127-year-old company once known as Underwriters Laboratories is wrestling with a ransomware outbreak: UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Forbes, February 19, 2021

Ransomware Gang Claims to Sell Off Data from AFTS Cyberattack: A ransomware gang called “Cuba” claims to be selling off data on the dark web belonging to Automatic Funds Transfer Services (AFTS), a Seattle-based financial services and data management firm that suffered a bad ransomware attack in early February. Gizmodo, February 19, 2021

California DMV Warns Millions of Records May Have Been Exposed in Worrisome Data Breach: The California Department of Motor Vehicles has warned state residents that over a year’s worth of data—including customer addresses and license plate numbers—may have been compromised in a recent cyberattack on third-party contractor, Automatic Funds Transfer Services (AFTS). Gizmodo, February 18, 2021

Cyber Attack

New malware found on 30,000 Macs has security pros stumped: With no payload, analysts are struggling to learn what this mature malware does. ars technica, February 20, 2021

FBI, other agencies issue warnings after Oldsmar water system attack: At the time of the attack, Pinellas County Sheriff Bob Gualtieri said the intrusion likely happened through software called TeamViewer, which is used for remote access. Tampa Bay Times, February 18, 2021

Researcher Hacks 35 Major Companies In A Mock Supply Chain Attack: A cybersecurity researcher breached over 35 major companies, including Apple and PayPal in a novel software supply chain attack. CPO, February 18, 2021

National Cybersecurity

The Untold History of America’s Zero-Day Market: The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now. Wired, February 14, 2021

U.S. Cyber Weapons Were Leaked — And Are Now Being Used Against Us, Reporter Says: In December 2020, a U.S. cybersecurity company announced it had recently uncovered a massive cyber breach. The hack dates back to March 2020, and possibly even earlier, when an adversary, believed to be Russia, hacked into the computer networks of U.S. government agencies and private companies via SolarWinds, a security software used by many thousands of organizations in the U.S. and around the world. NPR, February 10, 2021

National Cybersecurity – Solar Winds

SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments: Bill Whitaker reports on how Russian spies used a popular piece of software to unleash a virus that spread to 18,000 government and private computer networks. 60 Minutes, CBS, February 14, 2021

The Right Response to SolarWinds: A strongly worded message has been sent to Moscow, but a forcible response that changes minds is elusive. Council on Foreign Relations, February 8, 2021

Cyber Defense

CIS launches MDBR, a no-cost ransomware protection service for private hospitals: The Center for Internet Security is launching a no-cost ransomware protection service, Malicious Domain Blocking and Reporting (MDBR), for private hospitals in the U.S. CIS is fully funding this service for all private hospitals in the U.S. as part of its nonprofit mission to make the connected world a safer place. HelpNetSecurity, February 19, 2021

Cyber Privacy

Privacy Without Monopoly: Data Protection and Interoperability: The problems of corporate concentration and privacy on the Internet are inextricably linked. A new regime of interoperability can revitalize competition in the space, encourage innovation, and give users more agency over their data; it may also create new risks to user privacy and data security. This paper considers those risks and argues that they are outweighed by the benefits. New interoperability, done correctly, will not just foster competition, it can be a net benefit for user privacy rights. Electronic Frontier Foundation, February 12, 2021

Cyber Surveillence

PRC Spying, Malware and Disinformation Campaigns Push Hong Kong Dissidents to Underground Communications Channels: Following the anti-extradition protests that spanned from 2019 into 2020, the Chinese Communist Party has stepped up its digital actions against Hong Kong activists and dissidents. A new report from threat intelligence firm Intsights finds that aggressive disinformation campaigns and related measures have forced organizers to move to the digital underground, using encryption and the dark web to keep the PRC from observing and inserting itself into their communications. CPO, February 19, 2021

Know Your Enemy

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang: The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015. KrebsOnSecurity, February 19, 2021

Compromised Credentials Show That Abuse Happens in Multiple Phases: The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says. DarkReading, February 16, 2021

Cyber Enforcement

Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams: The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013. ThreatPost, February 18, 2021

U.S. Indicts North Korean Hackers in Theft of $200 Million: The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide. KrebsOnSecurity, February 17, 2021

Cyber Miscellany

What we can learn from the Facebook-Australia news debacle: Democracies are right to look for creative ways to direct money from big tech to the news industry. MIT Technology Review, February 20, 2021

Atheists warn followers of unholy data leak, hint dark deeds may have tried to make it go away: Rival atheists accused of not believing in privacy law. The Register, February 19, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge