Cybersecurity News of the Week, January 10, 2021

Individuals at Risk

Identity Theft

Are You at Risk for Unemployment Identity Theft?: Wherever there are funds that can be stolen, identity thieves are likely to be at work. It turns out that unemployment benefits are no exception. Business2Community, January 6, 2021

Cyber Privacy

WhatsApp updates privacy policy to enable sharing more data with Facebook: Many users have until February 8 to accept the new rules – or else lose access to the app. WeLiveSecurity, January 7, 2021

Cyber Update

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking: Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices. ThreatPost, January 6, 2021

Cyber Warning

PayPal users targeted in new SMS phishing campaign: The scam starts with a text warning victims of suspicious activity on their accounts. WeLiveSecurity, January 4, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

7 cybersecurity priorities CISOs should focus on for 2021: For 2021, Vishal Salvi argues that CISOs should tie cybersecurity to business agendas better, invest in cloud security, implement IT hygiene, modernize security architecture and more. TechTarget, January 8, 2021

Considering the value of leveraging a virtual chief information security officer (vCISO): Ensuring the confidentiality, integrity, and availability of information must be at the forefront of any business in today’s environment. While many think they are up to this task, there’s a lot that goes into protecting data. Cyberattacks and data security breaches are at an all-time high in 2020 due to the increase in remote work, and according to a recent Information Systems Security Association and Enterprise Strategy Group survey, 63% of cybersecurity professionals have seen an increase in cyberattacks and security breaches related to the pandemic. This ultimately is a call to all businesses today that we all need to take the proactive steps to remain safe and secure. Security Magazine, January 7, 2021

Considerations For A Threat-Informed Approach To Cybersecurity: Chief security officers (CSOs) and chief information security officers (CISOs) carry the pressure of protecting their organization from a cyberattack. While this grueling responsibility has not changed, the task has become harder over the years and is particularly challenging in 2020. Since the onset of the virus in March, organizations all over the world are under stress, and cybercriminals have launched numerous scams related to the coronavirus pandemic. They are targeting health care organizations and other enterprises that are struggling to operate under increased budgetary and operational pressures. Forbes, January 4, 2021

Cyber Warning

Cybersecurity: This ‘costly and destructive’ malware is the biggest threat to your network: Emotet remains a major threat to corporate computer networks entering 2021, warn researchers – and other threats including ransomware, trojans and cryptominers are lurking out there too. ZDNet, January 8, 2021

Malware Developers Refresh Their Attack Tools: Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features. DarkReading, January 8, 2021

Secure The Human

Cybersecurity Is Not (Just) a Tech Problem: As remote work continues to be a pillar of our new normal, organizations are realizing that the security environment has dramatically changed. Securing remote work isn’t solely the job of the IT team, however — it also requires trust. Senior leadership needs to be able to trust from the beginning that their teams have secured systems for remote work. Customers need to trust that their data is protected. Employees need to trust that there are systems in place to support them. HBR, January 6, 2021

Creating a Mindful Information Culture: Acme’s cloud storage provider just got hacked. Private information was exposed. Acme’s customers who lost information in the hack are angry and don’t care that it was a third party that failed to secure the information or that some maleficent hacker from across the globe got into their system. Likewise, their customers don’t care how difficult it is for Acme to migrate data, or how they retain and store their records, or what regulations govern each part of Acme’s business. Acme’s customers care only about their information, their data, and whether Acme performs for them. ABA, January 13, 2020

Cyber Talent

10 fastest-growing cybersecurity skills to learn in 2021: People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck. TechRepublic, January 7, 2021

Cybersecurity in Society

Cyber Crime

Ryuk Ransomware Profits: $150 Million: Researchers Track Funds in 61 Cryptocurrency Wallets. BankInfoSecurity, January 8, 2021

National Cybersecurity – Solar Winds

Russia’s SolarWinds Attack and Software Security: The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses — ­primarily through a malicious update of the SolarWinds network management software — ­may have slipped under most people’s radar during the holiday season, but its implications are stunning. Schneier on Security, January 8, 2021

CISA: SolarWinds hackers also used password guessing to breach targets: CISA says the threat actor behind the SolarWinds hack also used password guessing and password spraying to breach targets, not just trojanized updates. ZDNet, January 8, 2021

FireEye’s Mandia: ‘Severity-Zero Alert’ Led to Discovery of SolarWinds Attack: CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks. DarkReading, January 7, 2021

A Moment of Reckoning: Understanding the Russian Cyber Attack: In the spring of 2020—and without detection—Russia infiltrated federal agencies and possibly hundreds of America’s largest corporations. How did the nation’s cybersecurity defenses fail so severely, what are the risks, and what do we do now? … Senator Mark Warner, Vice-Chair, Senate Intel Committee. Kevin Mandia, CEO, FireEye. Katie Moussouris, Founder & CEO Luta Security, John Carlin, Chair Cyber & Tech, The Aspen Institute. Aspen Institute, January 7, 2021

Sealed U.S. Court Records Exposed in SolarWinds Breach: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. KrebsOnSecurity, January 7, 2021

National Cybersecurity

Could the Rioters Have Breached the Capitol’s Cybersecurity?: They made off with laptops and even accessed Nancy Pelosi’s computer. Here’s how worried legislators should be. Slate, January 8, 2021

Cybersecurity and the Occupation of the Capitol: On Jan. 6, a large number of pro-Trump rioters occupied portions of the U.S. Capitol building to protest and disrupt the counting and certification of electoral votes from the November 2020 election. The significance of this event for American democracy, the rule of law, and the depths of extremism in the U.S. populace will be addressed by others but I am compelled to point out this siege has created potentially serious cyber risks for Congress and other affected offices. LawFare, January 7, 2021

DHS Warns That American Businesses Face Ongoing Data Theft Threat From Vendors in China: The Department of Homeland Security (DHS) has issued a broad warning to all American businesses about potential data theft by partners in China that have connections to the government. The advisory outlines “PRC legal regimes and known PRC data collection practices” that could present a risk to any organization not based in the country, warning that China’s ambitious plans to become the premier “global technological superpower” by 2049 translate into an increased focus on all types of data collection. CPO, January 6, 2021

Cyber agency rebuffed DHS request for businesses’ data: The latest source of friction between DHS and CISA involved information related to the massive SolarWinds hacking campaign, a person familiar with the request told POLITICO. Politico, January 5, 2021

Cyber Defense

Right Strategy, Wrong Century: As a baby boomer who grew up during the Cold War, I can still remember getting under my desk in elementary school as we tried to protect ourselves from a nuclear attack. Yes, we actually did that. For the past 244 years, the United States military has defended our country with great valor and distinction on the battlefield. The American homeland and its citizenry have been protected by two great oceans and more recently, a strategic doctrine known as “Mutual Assured Destruction.” For decades, the Soviet Union and the United States, both superpowers with nuclear capability, were in a virtual stand off because each country understood the destructive power of those weapons and did not want use them. But with the “information age” in the 21st century and the total integration of computers into physical systems (i.e., cyber-physical convergence), that situation has changed significantly. Ron Ross, NIST, LinkedIn, January 2, 2021

Know Your Enemy

Hamas May Be Threat to 8chan, QAnon Online: In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas. KrebsOnSecurity, January 5, 2021

Disinformation

All Aboard the Pequod!: Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation’s capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon’s origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions. KrebsOnSecurity, January 7, 2021

Cyber Enforcement

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies: Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies. Department of Justice, January 7, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge