Cybersecurity News of the Week, January 23, 2022

Individuals at Risk

Identity Theft

IRS Will Soon Require Selfies for Online Access: If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to will be through, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. KrebsOnSecurity, January 19, 2022

Cyber Warning

DHL, Microsoft, WhatsApp top phishing list of most imitated brands: DHL took over the top spot of Check Point Research’s list of the most imitated brands among cybercriminals this year, surpassing Microsoft and Google as the brand used most often in phishing emails and scams. Google, LinkedIn and Amazon also ranked highly on Check Point Research’s list. ZD Net, January 17, 2022

FBI warning: Crooks are using fake QR codes to steal your passwords and money: As businesses turned to QR codes for contactless payments during the pandemic, scammers seized on the trend to steal cash and financial credentials.  ZDNet, January 19, 2022

Cyber Privacy

What to Know About Facebook’s New ‘Privacy Center’: Facebook has introduced a new Privacy Centerthat gives users more control over how the platform collects and uses their data. Meta’s former namesake has long been the subject of complaints and concerns about its privacy and data policies. Now, users have a little more say over what data Facebook has access to. Lifehacker, January 20, 2022

Cyber Defense

Microsoft disables Excel 4.0 macros by default to block malware: Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents.  Bleeping Computer, January 21, 2022   ​

Ransomware and phishing: Google Drive will now warn you about suspicious files: Users of the Google Drive file and syncing app will now start to see warning banners if they open a potentially dodgy file. … The new alerts are rolling out to Workspace Google Drive users globally today and aim to help protect users and their organizations from malware, phishing and ransomware.  ZD Net, January 21, 2022

Cybersecurity in Society

Cyber Crime

Nurses Demand Accurate Pay One Month After Ransomware Attack: A ransomware attack on payroll processor Ultimate Kronos Group in December crippled systems at Umass Memorial Health, including payroll, paid time off and schedules. Months later, some nurses say they still haven’t been reimbursed for the correct hours worked. NBC Boston, January 21, 2022

2FA Bypassed in $34.6M Heist: In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds. Early Thursday morning, acknowledged that it had lost $34.65 million worth of cash, Bitcoin and Ethereum after getting ransacked in an attack that slipped fat transactions past two-factor authentication (2FA).  Threatpst, January 20, 2022

Marketing giant RRD confirms data theft in Conti ransomware attack:   RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. Bleeping Computer, January 19, 2022

Cyber Attack

Microsoft: Data-wiping malware disguised as ransomware targets Ukraine again: Microsoft said today that it has observed a destructive attack taking place in Ukraine where a malware strain has wiped infected computers and then tried to pass as a ransomware attack, but without providing a ransomware payment and recovery mechanism. The Record, January 16, 2022

Sophisticated cyber-attack targets Red Cross Red Crescent data on 500,000 “highly vulnerable” people: A sophisticated cyber security attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world. ICRC, January 19, 2022

Cyber Privacy

IOC disputes Citizen Lab’s security concerns about Chinese Olympics app: Controversy has swirled around China’s MY2022 Olympics app due to privacy and security vulnerabilities. The International Olympic Committee has defended China’s MY2022 Olympics app following a report from Citizen Lab that found serious privacy issues with the platform. ZD Net, January 18, 2022

Know the Enemy

Crime Shop Sells Hacked Logins to Other Crime Shops:  Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites. KrebsOnSecurity, January 21, 2022

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums: Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say. … Law enforcement action typically does little to deter cybercriminal activity. But last week’s arrests in Russia of several members of the notorious REvil ransomware group, as well as the dismantling of its criminal infrastructure, appear to have finally grabbed the attention of at least some threat actors. DARKReading, January 21, 2022

Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem. Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos. CYBERSCOOP January 18, 2022

National Cybersecurity / Cyber Defense

UK mulls making MSPs subject to mandatory security standards where they provide critical infrastructure: Small and medium-sized managed service providers (MSPs) could find themselves subject to the Network and Information Systems Regulations under government plans to tighten cybersecurity laws – and have got three months to object to the tax hikes that will follow. The Register, January 20, 2022

Cyber Insurance

Merck wins legal battle over insurance coverage after ransomware attack: Merck has emerged victorious from a years-long legal battle with insurers over the coverage of more than a billion dollars in losses from the malware NotPetya, with a New Jersey Superior Court judge concluding that the responsibility is on insurers to clarify their policies around cyber attacks. Endpoints News, January 21, 2022

Cyber Enforcement

Federal investigators say they used encrypted Signal messages to charge Oath Keepers leader: Federal investigators say they accessed encrypted Signal messages sent before the Jan. 6, 2021, riot on the U.S. Capitol, and used them as evidence to charge the leader of Oath Keepers, an extremist far-right militia group, and other defendants in a seditious plot.  CNBC, January 13, 2022

Europol takes down VPNLab, a service used by ransomware gangs: An international law enforcement operation has seized the servers of, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK.  The Record, January 18, 2022

Cyber Lawsuit

EHR Vendor Faces Legal Action Over Data Breach:   A Tennessee-based healthcare technology services company is facing legal action over a cyber-attack that occurred in August 2021. The class action lawsuit was filed against QRS Healthcare Solutions (QRS, Inc), an electric health record (EHR) vendor and provider of integrated practice management and clinical services, including electronic patient portals. Infosecurity, January 17, 2022

Cyber Regulation

Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt: Fines for violations of the European Union’s landmark privacy law have soared nearly sevenfold in the past year, according to new research. EU data protection authorities have handed out a total of $1.25 billion in fines over breaches of the bloc’s General Data Protection Regulation since Jan. 28, 2021, law firm DLA Piper said in a report published Tuesday. That’s up from about $180 million a year earlier. CNBC, January 17, 2022

Internet of Things

More than half of medical devices found to have critical vulnerabilities: A new report reveals what kind of medical devices are at most risk of security threats. More than half of the connected medical devices in hospitals pose security threats due to critical vulnerabilities that could potentially compromise patient care.  ZD Net, January 20, 2022

How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App:  A 19-year-old hacker and security researcher said he was able to control some features of dozens of Tesla cars all over the world thanks to a vulnerability in a third-party app that allows car owners to track their car’s movements, remotely unlock doors, open windows, start keyless driving, honk, and flash lights. Vice, January 13, 2022

Information Security Management in the Organization

Information Security Management

Update now as CISA adds 13 exploited vulnerabilities to catalog: CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. . ZD Net, January 21, 2022

The emotional stages of a data breach: How to deal with panic, anger, and guilt: Intense situations require both the security experts and stakeholders to be calm and focused, but that is easier said than done. This advice can help. CSO, January 17, 2022

New Vulnerabilities Highlight Risks of Trust in Public Cloud: Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services. DARKReading, January 13, 2022

Cyber Warning

Preparing for the Next Cybersecurity Epidemic: Deepfakes: In light of rapidly advancing deepfake technology and increasing reliance on virtual collaboration tools due to post-COVID work arrangements, organizations need to be prepared for malicious actors getting more sophisticated in their impersonation attempts. What was a cleverly written phishing email from a C-level email account in 2021 could become a well-crafted video or voice recording attempting to solicit the same sensitive information and resources in 2022 and beyond. DARKReading, January 19, 2022

Cyber Talent

Build a stronger cybersecurity team through diversity and training: The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series, Microsoft Security Product Marketing Manager Natalia Godyla talks with Heath Adams, Chief Executive Officer (CEO) at TCM Security about being a mentor, hiring new security talent, certifications, upskilling, the future of cybersecurity training, and lots more. Microsoft Security, January 20, 2022

Cloud Adoption Widens the Cybersecurity Skills Gap: Managing security for cloud-based software-as-a-service (SaaS) applications or for your own applications in the cloud is placing different, more complex demands on cybersecurity teams. While cybersecurity skills remain in short supply, the availability of people with both cloud and on-premises security skills is even more constrained, particularly for small to midsize organizations. DARKReading, January 19, 2022

Secure the Human

Research: Why Employees Violate Cybersecurity Policies: In the face of increasingly common (and costly) cyberattacks, many organizations have focused their security investments largely on technological solutions. However, in many cases, attacks rely not on an outsider’s ability to crack an organization’s technical defenses, but rather on an internal employee knowingly or unknowingly letting a bad actor in. But what motivates these employees’ actions? A recent study suggests that the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate policy on days when they were more stressed out, suggesting that high stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs. In light of these findings, the authors suggest several ways in which organizations should rethink their approach to cybersecurity and implement policies that address the real, underlying factors creating vulnerabilities. Harvard Business Review, January 20, 2022

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge