Cybersecurity News of the Week, June 6, 2021

Individuals at Risk

Cyber Privacy

What Is Amazon Sidewalk, and Should You Disable It?: On June 8, 2021, most Amazon smart home devices—as well as certain other connected gadgets—will become part of a nationwide network called Sidewalk. Here’s what you need to know, and how to opt out if you choose to. HowToGeek, June 4, 2021

IoT Security: Thieves Are Targeting Smart Cameras — Here’s How To Stop Them: Among the many important aspects of Internet of things (IoT) security, live cameras are one of the most open to misuse. People have been video snooping, watching private cameras and doing other sketchy things around connected cameras for many years. But in recent months, the intensity and risk around video have risen. SecurityIntelligence, June 3, 2021

Cyber Warning

Americans face mounting risk of hackers taking over brokerage accounts, regulators say: MarketWatch, June 4, 2021

Fake patient reviews are making it increasingly hard to seek medical help on Google, Yelp and other directory sites: From rehab centers to family doctors, patients trying to find good medical care are increasingly finding fake consumer reviews — and there are no signs of an imminent crackdown. The Washington Post, June 4, 2021

Google PPC Ads Used to Deliver Infostealers: The crooks pay top dollar for Google search results for the popular AnyDesk, Dropbox & Telegram apps that lead to a malicious, infostealer-packed website. ThreatPost, June 3, 2021

5 common scams targeting teens – and how to stay safe: From knock-off designer products to too-good-to-be-true job offers, here are five common schemes fraudsters use to trick teenagers out of their money and sensitive data. WeLiveSecurity, June 1, 2021

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

Data Breaches Drive Higher Loan Interest Rates: Businesses that suffer a security breach may not see their stock price tumble, but they may pay higher rates for loans and be forced to provide collateral, researchers report. DarkReading, June 4, 2021

Business leaders must take urgent action to counter ransomware threat, White House warns in memo: The Biden administration is urging corporate executives and business leaders to take immediate steps to prepare for ransomware attacks. CNBC, June 3, 2021

Memo from White House to Corporate Executives and Business Leaders on Protecting Against Threat of Ransomware: The number and size of ransomware incidents have increased significantly, and strengthening our nation’s resilience from cyberattacks – both private and public sector – is a top priority of the President’s. The White House, June 2, 2021

Information Security Management

What the FedEx Logo Taught Me About Cybersecurity: Cyber threats are staring you in the face, but you can’t see them. DarkReading, June 4, 2021

COVID-19 has transformed work, but cybersecurity isn’t keeping pace, report finds: Underprepared, overwhelmed and unable to move forward, security teams are getting pushback from leadership and simply can’t catch up to necessary post-pandemic modernization. TechRepublic, June 3, 2021

Law Firms … and Other Busineeses … Are Attracting More Cyberattacks – 4 Reasons Why and How to Fix Them. While cyberattacks are increasing, many experts see them as mainly preventable by simply adopting a ‘zero trust’ policy. The vast majority (84 percent) of law firms have increased their IT budgets in response to last year’s boom in remote workforces, according to a recent report from Georgetown University. The new demands of managing a remote workforce have seen law firms adjust their budgets to implement new technologies and platforms to make the transition smoother. However, these same solutions can result in an increased risk to their cybersecurity. LegalReader, June 2, 2021

Cyber-Security: Here’s Why The Bad Guys Are Winning: There’s a war going on in our computers and networks. It’s a silent, invisible war. It’s fierce and continues to escalate. Forbes, May 26, 2021

Cybersecurity in Society

Cyber Crime

Fujifilm confirms ransomware attack on systems in Japan: Fujifilm Corporation confirmed on Friday that the unauthorized access it became aware of in the late evening on June 1 was in fact a ransomware attack. SC Magazine, June 4, 2021

Hackers Breached Colonial Pipeline Using Compromised Password: The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack. Bloomberg, June 4, 2021

TV news stations become apparent target in next cyberattack: “We are only able to communicate with each other over personal phones and text messages,” said an employee at one TV station. NBC, June 4, 2021

Backup appliance firm pays out $2.6 million ransom to attackers: The Conti ransomware gang has successfully managed to extort millions of dollars out of an organisation once again. GrahamCluley, June 3, 2021

Hackers breached several of MTA’s computer systems in April: NEW YORK (WABC) — Hackers breached several computer systems of the Metropolitan Transportation Authority, the nation’s largest mass transit agency that daily carries millions of people in and around New York City. ABC, June 2, 2021

Cyber Attack

Russia’s FSB reports ‘unprecedented’ hacking campaign aimed at government agencies: Foreign hackers compromised Russian federal agencies in a digital espionage campaign that Russian officials described as unprecedented in scope and sophistication. Reuters, May 26, 2021

Cyber Defense

FBI to share compromised passwords with Have I Been Pwned: The FBI will soon begin to share compromised passwords with Have I Been Pwned’s ‘Password Pwned’ service that were discovered during law enforcement investigations. BleepingComputer, May 28, 2021

Know Your Enemy

Hacker group DarkSide operates in a similar way to a franchise, New York Times reporter says: A hacker group called DarkSide is behind the cyberattack on Colonial Pipeline that shut down a major U.S. oil pipeline. CNBC, June 4, 2021

REvil Ransomware Gang Spill Details on US Attacks: The REvil ransomware gang is interviewed on the Telegram channel called Russian OSINT. ThreatPost, June 4, 2021

Ransomware Gangs ‘Playing Games’ With Victims and Public: ‘Free’ Decryptors and Promises of Retirement Plans Are Empty Criminal Marketing Spin. BankInfoSecurity, May 21, 2021

National Cybersecurity

Cyberattack on food supply followed years of warnings: Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy. And now, the risk has become real. Politico, June 5, 2021

As Ransomware Hackers Sit On Millions In Extorted Money, America’s Military Is Urged To Hack Back: In just two months last year, the FBI watched three companies pay hackers wielding ransomware called NetWalker millions in Bitcoin to get their hacked data back. While that seems like a big win for the cybercriminals, it also gave investigators in the U.S. and elsewhere a new roadmap for tracking and prosecuting them. Forbes, June 5, 2021

F.B.I. Director Compares Danger of Ransomware to 9/11 Terror Threat: The Biden administration is taking steps to counter the growing threat of cyberattacks on U.S. businesses, and encouraging companies to do more to protect themselves. The New York Times, June 4, 2021

Ransomware will now get priority treatment at the Justice Department: Directive comes as ransomware is exposing the fragility of critical supply chains. ars technica, June 4, 2021

White House grapples with spike in ransomware attacks as cyber vulnerabilities are laid bare: (CNN)A spike in ransomware attacks cutting across vital American sectors — including summertime mainstays gasoline, meat and vacations — have prompted new urgency inside the Biden administration to formulate a way to respond. CNN, June 4, 2021

FBI director sees ‘parallels’ between challenge posed by ransomware attacks and 9/11: Washington (CNN)FBI Director Christopher Wray sounded the alarm on ransomware in stark terms by likening the challenge posed by the recent spate of damaging cyber attacks on the US to the September 11 terrorist attacks, calling for a similar response. His remarks come as officials across government have tried to step up the urgency of the response to the problem after back-to-back ransomware incidents exposed the vulnerability of critical industries in the United States. CNN, June 4, 2021

Offense is outpacing defense’ on hacking threats, expert says: Silverado Policy Accelerator Chairman Dmitri Alperovitch discusses the role of the U.S. government and private companies in defending against ransomware attacks. ABC, June 3, 2021

Cyber Law

Supreme Court Limits Reach of Federal Law on Computer Crime: In a 6-to-3 decision featuring unusual alliances, the court said it was wary of interpreting the law to allow commonplace conduct to be prosecuted. The New York Times, June 3, 2021

Cyber Enforcement

Boss of ATM Skimming Syndicate Arrested in Mexico: Florian “The Shark” Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court. KrebsOnSecurity, May 28, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge