Cybersecurity News of the Week, January 31, 2021

Individuals at Risk

Identity Theft

The Taxman Cometh for ID Theft Victims: The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year. KrebsOnSecurity, January 29, 2021

Identity theft a risk to consumers as online purchases increase: Over the last year, the coronavirus pandemic has changed almost every aspect of American life, including shopping habits. In fact, 56% of Americans reported an uptick in their online shopping between mid-March and December of last year, according to a new survey from the AICPA. But Americans may not be doing all they can to protect themselves from identity theft while shopping online. Journal of Accountancy, January 28, 2021

Cyber Privacy

These malicious tracking apps have already been downloaded over a billion times: Smartphone apps have become a central part of our daily lives as we are increasingly compelled to install them for travel, banking and even our health records. However, while these apps are convenient, many of them contain deep privacy issues as they allow companies to track our every move. TechRadar, January 29, 2021

More Than a Dozen Apps With ‘Misleading or Flat-Out Inaccurate’ Privacy Labels Found on App Store: Last month, Apple introduced privacy labels on the App Store, providing users with a broad overview of the data types an app may collect, and whether the information is used to track them or is linked to their identity or device. MacRumors, January 29, 2021

Cyber Defense

Google uncovers new iOS security feature Apple quietly added after zero-day attacks: Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. The Hacker News, January 29, 2021

What You Need to Know About Scam Text Messages in 2021: The threat of scam text messages may now seem distant, even quaint. With all the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But, they can still be a big problem. SecurityIntelligence, January 28, 2021

Cyber Update

Apple patches three iOS zero‑days under attack: The company emits emergency updates to fix bugs affecting devices ranging from iPhones to Apple Watches. WeLiveSecurity, January 27, 2021

Cyber Warning

Beware — A New Wormable Android Malware Spreading Through WhatsApp: A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. The Hacker News, January 24, 2021

Cyber HUmor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

How to Make Cybersecurity a Top Priority for Boards and CFOs: As an executive responsible for delivering security solutions to our global customers, I see cybersecurity moving higher on the agendas of boards of directors. At a time when most budgets are shrinking, worldwide security spending is expected to grow 8.1% annually and hit $174.7 billion by 2024, according to IDC. HBR, January 28, 2021

Information Security Management

Is the Web Supply Chain Next in Line for State-Sponsored Attacks?: Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target. DarkReading, January 29, 2021

FBI Encounters: Reporting an Insider Security Incident to the Feds: Most insider incidents don’t get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality? DarkReading, January 29, 2021

Cyberbit Survey: Most HR Pros Unfamiliar with Cybersecurity Requirements – MSSP Alert: There is a “significant gap” between cyber leadership and human resources in many global organizations, according to the “SOC Skills Survey Report of 2020” from cyber range platform provider Cyberbit. MMSP Alert, January 29, 2021

NIST SP 800-128 – Because Patching May Never Fix Your Hidden Flaws: Over the last few years, the idea of patching systems to correct flaws has graduated from an annoying business disruption to a top priority. With all of the notorious vulnerabilities that can wreak total havoc, the time it takes to patch becomes a minor inconvenience when weighed against both the technical challenges and possible regulatory penalties of not patching. TripWire, January 5, 2021

Privacy Management

Sensitivity Training – Sensitive Personal Information under the California Privacy Rights Enforcement Act of 2020: Just as we were getting used to the California Consumer Privacy Act of 2018 (the “CCPA”), Californians voted to approve Proposition 24, the California Privacy Rights Enforcement Act of 2020 (the “CPRA”). For now, the CCPA is still with us – the CPRA becomes effective on January 1, 2023 – but companies that do business in California need to address the new industry requirements, consumer privacy rights, and enforcement mechanisms as far in advance as possible. CyberLeader Robert Braun, JMBM, Cybersecurity Lawyer Forum, January 25, 2021

Cyber Warning

Trickbot is back again – with fresh phishing and malware attacks: The Trickbot botnet was disrupted by a coalition of cybersecurity companies late last year – but researchers have detailed what appears to be a new Trickbot campaign targeting law firms and insurance companies. ZDNet, January 29, 2021

2020 Marked a Renaissance in DDoS Attacks: Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around. DarkReading, January 29, 2021

Microsoft 365 Becomes Haven for BEC Innovation: Two new phishing tactics use the platform’s automated responses to evade email filters. ThreatPost, January 29, 2021

CISA Warns of New Malware Threat to Vulnerable SolarWinds Orion Tech: While not part of the initial supply chain cyberattack, hackers are leveraging a new malware variant known as SUPERNOVA to directly target vulnerable SolarWinds Orion tech. HealthItSecurity, January 28, 2021

Cybersecurity in Society

Cyber Crime

Ransomware Payoffs Surge by 311% to Nearly $350 Million: Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds. DarkReading, January 29, 2021

Ghost hack – criminals use deceased employee’s account to wreak havoc: Many, if not most, organisations will tell you that they have processes and procedures that they follow when employees leave. Naked Security, January 26, 2021

Cyber Surveillence

The Coup We Are Not Talking About: We can have democracy, or we can have a surveillance society, but we cannot have both. The New York Times, January 29, 2021

Cyber Privacy

Tim Cook May Have Just Ended Facebook. Looks like it’s no more Mr. Nice Guy: What happens when an unstoppable force hits an immovable object? INC, January 30, 2021

5 ways to finally fix data privacy in America: As a new administration enters the White House, we have the chance to finally fix privacy in America. Short of passing a national privacy law (which the majority of Americans want), we need action on data privacy. We need changes enacted swiftly and without delay. Both consumers and businesses deserve consistency and clarity. VentureBeat, January 29, 2021

Apple CEO criticizes social media for ‘algorithm-driven’ misinformation: “Technology does not need large amounts of personal data, bundled on dozens of websites and applications, to be successful,” says Tim Cook at a digital privacy conference. Entreprenuer, January 29, 2021

Know Your Enemy

Phishing Kit Can Change Lures and Text…Researchers: ‘LogoKit’ Found on 700 Domains: Researchers at the security firm RiskIQ have discovered a phishing kit they call “LogoKit” that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening messages and clicking on malicious links. BankInfoSecurity, January 29, 2021

Back to the Future: Inside the North Korean Kimsuky KGH Spyware Suite: The Cybereason Nocturnus Team has been tracking various North Korean threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe. Some of their observed targets include: CyberReason, November 2, 2020

National Cybersecurity – Solar Winds

SolarWinds attack is not an outlier, but a moment of reckoning for security industry, says Microsoft exec: Security companies need to be unified in their response, says Microsoft. ZDNet, January 29, 2021

30% of ‘SolarWinds’ Hacking Victims Did Not Actually Use SolarWinds Software, Feds Say: The hacker group behind the ongoing SolarWinds scandal found other ways to intrude on U.S. firms and public agencies than just compromising the titular software company. In fact, nearly a third of the victims of the hack—approximately 30%—have no connection to SolarWinds at all, said a senior federal security official this week. Gizmodo, January 29, 2021

SOLARWINDS: REVIEW AND ANALYSIS WITH CHRIS TAYLOR: SolarWinds with Chris Taylor. Recording of SolarWinds Review by ME-ISAC’s Chris Taylor presented at SecureTheVillage Technology & Security Management Happy Hour. SecureTheVillage, January 26, 2021

Cyber Warning

North Korea hackers use social media to target security researchers: Google finds use of bogus Twitter, LinkedIn profiles to identify vulnerabilities. ars technica, January 26, 2021

Cyber Enforcement

International Action Targets Emotet Crimeware: Authorities across Europe on Tuesday said they’d seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections. KrebsOnSecurity, January 27, 2021

Arrest, Seizures Tied to Netwalker Ransomware: U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. KrebsOnSecurity, January 27, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge