Cybersecurity News of the Week, June 13, 2021

Individuals at Risk

Cyber Privacy

Cybersecurity Tips for Business Travelers: Best Practices for 2021: As we emerge from the pandemic, organizations will confront a new world of business travel and a new world of cybersecurity tips for travelers. What has changed? What hasn’t changed? SecurityIntelligence, June 11, 2021

Cyber Update

Microsoft Patches Six Zero-Day Security Holes: Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. KrebsOnSecurity, June 8, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

Confidential Computing: The Future of Cloud Computing Security: Two years ago, a group of tech companies introduced a new roadmap for cloud computing security. Confidential computing “uses hardware-based techniques to isolate data, specific functions, or an entire application from the operating system, hypervisor or virtual machine manager, and other privileged processes,” says IEEE Spectrum. So, what sets this apart from other digital defense efforts? How does it work? SecurityIntelligence, June 10, 2021

Eliminating weekend War Rooms—the shift from reactive to proactive security operations: Cybersecurity emergencies seem to happen when an organisation feels it is least prepared. And that call for a weekend war room is an experience that no CISO and their team want, writes MK Palmore, Cybersecurity Strategic Advisor & Risk Consultant at Palo Alto Networks. While it might appear to be a bolt out of the blue, in my experience, it is more like a slow rolling thunder that builds into a loud clap that you can never properly anticipate. So how can cybersecurity leaders be better prepared and avoid being caught out? The Stack, June 2021

How the CISO role is evolving: Learn what it takes to land a CISO job and how to be successful in the role. CSO, April 1, 2021

Cybersecurity in Society

Cyber Crime

How Hackers Used Slack to Break into EA Games: A representative for the hackers explained to Motherboard how the group stole a wealth of data from the game publishing giant. Vice, June 11, 2021

What’s Driving the Surge in Ransomware Attacks?: As the United States emerges from the coronavirus lockdown, digital experts are combating a “pandemic of a different variety,” as the former head of U.S. cybersecurity Chris Krebs warned in May. On several occasions in the past seven months, ransomware attacks have shut down large sectors of the American economy, with hackers taking advantage of lax security measures for an easy payday. The concept is fairly simple: Hackers use malicious software to break into and encrypt a company’s data, then hold it ransom until the victim pays up, often in seven-figure installments. NYMag, June 11, 2021

Ransomware Gang Goes Nuclear, Hitting US Weapons Contractor: Demanding Ransom, REvil Ransomware Operation Leaks Some Data Stolen From Sol Oriens. BankInfoSecurity, June 11, 2021

Monumental Supply-Chain Attack on Airlines Traced to State Actor: Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks. ThreatPost, June 11, 2021

Ransomware attack hit Teamsters in 2019 — but they refused to pay: The FBI advised the union to “just pay” the ransom, according to sources. Union officials chose to rebuild their computer network instead. NBC, June 11, 2021

Ransomware to Riches Story: JBS Pays Criminals $11 Million: With Nonstop Cryptocurrency Paydays, No Wonder Extortionists Love Ransomware. BankInfoSecurity, June 10, 2021

Capitol Hill vendor hit by ransomware attack: report: A tech vendor used by dozens of House offices on Capitol Hill for constituent outreach services has reportedly been hit by a ransomware attack, becoming the latest victim in a series of cyberattacks to target U.S.-based entities. TheHill, June 9, 2021

Cyber SURVEILLANCE

APT group targets diplomatic organizations in Africa and the Middle East: Security experts have discovered a new cyber-espionage (APT) group that has spent the past four years targeting diplomatic organizations across Africa and the Middle East. TheRecord, June 11, 2021

Cyber Privacy

The GDPR, Privacy and Monopoly: In Privacy Without Monopoly: Data Protection and Interoperability, we took a thorough look at the privacy implications of various kinds of interoperability. We examined the potential privacy risks of interoperability mandates, such as those contemplated by 2020’s ACCESS Act (USA), the Digital Services Act and Digital Markets Act (EU), and the recommendations presented in the Competition and Markets Authority report on online markets and digital advertising (UK). EFF, June 11, 2021

Know Your Enemy

Phishing sites reached all-time high in January 2021: The number of active phishing sites hit a record number earlier this year in January, according to an industry report published this week by the Anti-Phishing Working Group (APWG). TheRecord, June 11, 2021

New Ransomware Group Claiming Connection to REvil Gang Surfaces: “Prometheus” is the latest example of how the ransomware-as-a-service model is letting new gangs scale up operations quickly. DarkReading, June 10, 2021

Adventures in Contacting the Russian FSB: KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. KrebsOnSecurity, June 7, 2021

Ransomware business achieves critical mass: The Memorial Day weekend ransomware attack that left the world’s largest meat processor hobbled also had CEOs around the globe asking, “Am I next?.” Axios, June 2, 2021

National Cybersecurity

Cyber standards are key in battling ransomware attacks: The development of a set of cybersecurity standards could go a long way in arming companies with more options when it comes to breaches. CNBC, June 11, 2021

DOJ Treating Ransomware As Terrorism Brings It ‘Out Of The Darkness’: MSPs: The U.S. Department of Justice is reportedly seeking to elevate investigations of ransomware attacks to a similar level as terrorism after a series of high-profile cyber breaches, including the Colonial Pipeline attack. MSPs think it’s a first great first step, but more needs to be done. CRN, June 11, 2021

The Cybersecurity 202: Our expert network says it’s time for more cybersecurity regulations: The time has come for government to mandate that companies vital to U.S. national and economic security meet basic cybersecurity standards, according to a vast majority of cybersecurity experts. The Washington Post, June 11, 2021

The Cybersecurity 202: Congress is tiring of the ‘don’t blame hacked companies’ line: Colonial Pipeline CEO Joseph Blount will today face his second round of congressional grilling from lawmakers who are clearly frustrated with the private sector’s slow pace in getting its cybersecurity up to snuff. The Washington Post, June 9, 2021

U.S. Suffers Over 7 Ransomware Attacks An Hour. It’s Now A National Security Risk: The United States suffered 65,000 ransomware attacks last year – or over seven an hour. And it will likely get worse. NPR, June 9, 2021

Are We Waiting for Everyone to Get Hacked?: It’s been almost a decade since Leon Panetta, then the secretary of defense, warned of an impending “Cyber Pearl Harbor.” He didn’t want to be right. The New York Times, June 7, 2021

Cyber Law

$1 billion piracy ruling could force ISPs to disconnect more Internet users: Increased account terminations would punish “innocent” users, groups tell court. ars technica, June 7, 2021

Financial Cybersecurity

Cybersecurity Enforcement Activity From NYDFS Fashions Regulatory Expectations and Suggests More Enforcement Is To Come: Cybersecurity remains an important policy objective for Governor Cuomo and DFS, and regulated entities and cybersecurity practitioners are likely to see a good deal more action flow from DFS before 2021 is done. Law.com, June 7, 2021

Cyber Enforcement

How Did FBI Recover Colonial Pipeline’s DarkSide Bitcoins?: Suspect’s Device, Seized by Foreign Law Enforcement Agency, May Have Had Private Key. BankInfoSecurity, June 11, 2021

F.B.I. Arrests Hundreds in Global Sting Operation: “For the first time, the F.B.I. developed and operated its own hardened encrypted device company, called ANOM — A-N-O-M. As we allege in our indictment, criminal organizations, and the individual defendants that we have charged, purchased and distributed ANOM devices in an effort to secretly plan and execute their crimes. The New York Times, June 8, 2021

Cryptocurrency

How Bitcoin Has Fueled Ransomware Attacks: The problem has long plagued bank robbers and drug smugglers: how to transport and hide huge sums of ill-gotten gains without getting caught? NPR, June 10, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge