Cybersecurity News of the Week, March 20, 2022

A weekly aggregation of important cybersecurity and privacy news helping you navigate the new world of cybersecurity and privacy.

Stan’s Top-3

This week’s Top-3 are all about the exciting work of volunteer hackers taking the war to Russia … including something we can all do to help.

‘It’s the right thing to do’: the 300,000 volunteer hackers coming together to fight Russia: Ukraine appealed for a global army of IT experts to help in the battle against Putin – and many answered the call. We speak to people on the digital frontline. The Guardian, March 15, 2022

Russian government websites are facing ‘unprecedented’ wave of cyberattacks: Russian government websites are facing an “unprecedented” number of hacking attacks that are at least twice as powerful as previous incidents, the country’s Ministry of Digital Development and Communications said. The Week, March 17, 2022

This story is about the app that everyone can use to send a message to a Russian, telling them the truth that Putin is trying to censor.

Anonymous Hackers Vow to Accelerate Cyber War, ‘Paralyze’ Putin Regime ‘by Any Means Necessary’: Using one Anonymous tool, 20,000,000 text messages, emails, and WhatsApp messages have been sent to Russians by concerned people around the globe. Homeland Security Today, March 15, 2022 (FYI. I have used the app. It is very easy to use. Like all apps, its use is not without risk.)

Cyber Humor

The Front Page

Other front page cybersecurity and privacy stories.

New. New. New. Cybersecurity News from SecureTheVillage – Live on LinkedIn

SecureTheVillage has launched a weekly video series that looks beneath the headlines of the cybersecurity and privacy news. Join me as this week’s guest Kelley Misata, Ph.D., CEO, Sightline Security, our moderator, Julie Morris, and I discuss the cybersecurity news and the special challenges our nonprofits have in managing information security.  SecureTheVillage, March 16, 2022

New law requires companies in critical infrastructure industries like food, water, energy, financial, etc to report breaches within 72 hours and ransomware payments within 24. The bad news is that it may take 2 years to fully implement.

Biden signs cyber incident reporting bill into law: President Joe Biden on Tuesday signed into law a $1.5 trillion government funding bill that includes legislation mandating critical infrastructure owners report if their organization has been hacked or made a ransomware payment. The Record, March 15, 2022

An interview with one of the people who wrote the app.

‘We are unstoppable’: How a team of Polish programmers built a digital tool to evade Russian censorship: Over the last two weeks, as the Kremlin has increasingly tightened its control on independent media and censored news about its invasion of Ukraine, people around the world have used a new tool to send messages to random Russian citizens about the reality of the ongoing war. The Record, March 17, 2022

Please tell me this isn’t true: TransUnion in South Africa said to have protected a server with “Password” as its password. Not surprisingly the server was breached with as many as 54 million personal records  stolen.

Hackers claim to breach TransUnion South Africa with ‘Password’ password: TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a ransom payment not to release stolen data. Bleeping Computer, March 18, 2022

Save the Date. Invitation to Sponsor.

SecureTheVillage presents Nicole Perlroth, Award-winning Cybersecurity Journalist and New York Times Bestselling Author. A Virtual Learning Opportunity By & For Leaders in Cybersecurity. May 4, 11:00AM Pacific. Sponsorships now available. Registration opens soon.

Section 2 – Personal Security and Privacy

Important stories for protecting yourself and your family.

Let’s be careful out there.

The IRS Won’t Send You Unsolicited Emails, So Don’t Fall for This Malware Tax Scam: It’s tax season again, and the scammers are out. … Be on the lookout for suspicious-looking tax-related emails until April 18th, the end of tax season. Gizmodo, March 16, 2022

Phishing attempts against smartphones are on the rise. And those small screens aren’t helping: We use smartphones for almost everything – cyber criminals know this and are looking to exploit it. ZD Net, March 15, 2022

Section 3 – General Cybersecurity and Privacy Stories

Cybersecurity and privacy stories for those wanting a deeper look.

Other news related to the war in Ukraine .

Cyber Attack Targeted 21 Natural Gas Producers on the Eve of the Russian Invasion of Ukraine: A new report says that hackers executed a major cyber attack campaign against multiple natural gas producers in the United States ahead of Russia’s invasion of Ukraine. CPO Magazine, March 18, 2022

Why You Haven’t Heard About the Secret Cyberwar in Ukraine: “Cyberwar is coming!” … For decades now, we have heard this refrain from the American defense establishment. We were warned that the next big state-on-state military confrontation could start with a flash-bang cyberattack: power outages in major cities, air traffic control going haywire, fighter jets bricked. New York Times, March 18, 2022

CISA, FBI warn of satellite network hacks following Viasat cyberattack: CISA and the FBI issued a joint cybersecurity advisory Thursday evening calling for U.S. and international satellite communication (SATCOM) network providers and customers to stay alert of possible threats and begin implementing a new set of mitigations. The Record, March 18, 2022

Software developer purposely sabotages own code to behave differently in Russia. Concerns raised that others could do the same thing with potentially devastating consequences.

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion: In what’s an act of deliberate sabotage, the developer behind the popular “node-ipc” NPM package shipped new tampered version to condemn Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. The Hacker News, March 17, 2022

Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks: The maintainer of a widely used open source module for Windows, Linux, and Mac environments recently sabotaged its functionality to protest the war in Ukraine and in the process focused attention once again on the potentially serious security issues tied to code dependencies in software. DARKReading, March 18, 2022.

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware: Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses. KrebsOnSecurity, March 17, 2022

Meanwhile the impact of sanctions extends to data storage…

Russia faces IT crisis with just two months of data storage left: Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage. Bleeping Computer, March 15, 2022

And in other cybersecurity and privacy news

Israeli government websites attacked in massive denial of service attack.

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’: Distributed Denial of Service (DDoS) attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Threatpost, March 15, 2022

Last December’s ransomware attack on Kronos is forcing re-evaluation of legal cyber-responsibilities throughout the supply chain.

Kronos ransomware attack raises questions of vendor liability: A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae. … The December ransomware attack against workforce management company Ultimate Kronos Group hindered the ability of its customers to process payrolls. The attack, which has far-reaching ramifications, has stakeholders looking for who is to blame. Cybersecurity Dive, March 14, 2022

For techies only: Story shows difficulty in explaining “basic” cybersecurity to non-technical users.

This browser-in-browser attack is perfect for phishing: A novel way of tricking people out of their passwords has left us wondering if there’s a need to rethink how much we trust our web browsers to protect us and to accelerate efforts to close web security gaps. The Register, March 18, 2022

Section 4 – Securing the Organization

Stories to support executives and top management in securing their organizations.

Guidance from an attorney on navigating cybersecurity and privacy from the corner office.

Facing the Knowledge Gap: Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is no indication that the trend will end soon. Robert Braun, Esq. Jeffer Mangels, March 1, 2022

Let’s be careful out there. Warn your users.

This sneaky type of phishing is growing fast because hackers are seeing big paydays: Researchers warn about an increase in conversation hijacking emails, where hackers abuse accounts of people you trust to send you phishing links and malware. There’s been a steep rise in phishing attacks that hijack legitimate, ongoing conversations between users to steal passwords, steal money, deliver malware and more.   According to cybersecurity researchers at Barracuda Networks, conversation hijacking attacks grew by almost 270% in 2021 alone. ZD Net, March 616, 2022

IT: CISA says get these highly critical vulnerabilities off your network ASAP.

CISA Adds 15 Known Exploited Vulnerability to Catalog: CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. CISA< March 16, 2022

Ideas to improve the practice of IT security management.

The Golden Hour of Incident Response:  As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. … Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully handling a security incident. This blog will elaborate on some key points to help readers facilitate better incident response procedures. The Hacker News, March 17, 2022

How Should My Security Analyst Use the MITRE ATT&CK Framework?: As a curated knowledge base for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for. DARKReading, March 16, 2022

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge