Cybersecurity News of the Week, March 27, 2022

A weekly aggregation of important cybersecurity and privacy news helping you navigate the new world of cybersecurity and privacy.

Stan’s Top-3

Biden-Harris Administration issues cybersecurity warning to American companies.

FACT SHEET: Act Now to Protect Against Potential Cyberattacks: The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed.  There is now evolving intelligence that Russia may be exploring options for potential cyberattacks. … We urge companies to execute the following steps with urgency … The White House, March 21, 2022

The digital divide is becoming a cyber-digital divide as smaller organizations lack the people and financial resources to adequately protect themselves.

We are headed for an ecosystem of cyber haves and cyber nots: Cisco advisory CISO:  A combination of resourcing, government initiatives, and innovation will mean some organisations are able to handle cyber threats in real time — and then there is everyone else. … When policy makers are dreaming about how cybersecurity will be handled in the future, it consists of governments issuing warnings to organisations, the community sharing intel with each other in real time, and the ecosystem being able to respond with a degree of unanimity. ZD Net, March 20, 2022

Microsoft takes steps to close cybersecurity job shortage.

How Microsoft plans to fill 3.5 million cybersecurity jobs: Microsoft is expanding its campaign to skill cybersecurity workers and diversify the workforce in 23 countries. … Microsoft announced on Wednesday that it will expand its cybersecurity skilling initiative to 23 additional countries. The campaign, which began last year in the U.S., is part of the company’s push to help solve the cybersecurity industry’s growing talent problem, while also helping diversify the industry. Protocol, March 23, 2022

Cyber Humor

Cyber Humor - Cartoon of the week

The Front Page

Other front page cybersecurity and privacy stories.

An in-depth look at collateral damage America might expect in a cyber-war with Russia.

The 3 Russian cyber-attacks the West most fears: US President Joe Biden has called on private companies and organisations in the US to “lock their digital doors”, claiming that intelligence suggests Russia is planning a cyber-attack on the US. BBC News, March 24, 2022

With Eye to Russia, Biden Administration Asks Companies to Report Cyberattacks: A new law requires companies to tell the federal government about hacks, but the Cybersecurity and Infrastructure Security Agency still has to work out the details of what must be reported. … The Biden administration is warning American businesses in increasingly stark terms about Russian cyberattacks, providing thousands of companies with briefings on the threats to critical infrastructure and urging companies to comply with a new law that will require them to report any hacks. But some details of the law remain unclear, leaving executives with questions about what the legislation means for them. The New York Times, March 23, 2022

FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden’s Russia cyberattack warning: Hackers associated with Russian internet addresses have been scanning the networks of five US energy companies in a possible prelude to hacking attempts, the FBI said in a March 18 advisory to US businesses obtained by CNN. CNN, March 23, 2022

Exclusive: Ransomware attacks on U.S. supply chain are undermining national security, CBP bulletin warns: Ransomware attacks on the supply chain are undermining national security, according to a U.S. Customs and Border Protection intelligence bulletin obtained by Yahoo News, and will cause further congestion at ports of entry and delays in shipping nationwide. Yahoo! News, March 21, 2022

The Threat of Russian Cyberattacks Looms Large: Fifteen days into the Russian invasion of Ukraine, Senator Angus King, of Maine, asked the director of the National Security Agency, General Paul Nakasone—who is also the commander of the United States Cyber Command—a question that was on the minds of many observers of the conflict. The  New Yorker March 22, 2022

Join me as Julie Morris and I put context on the cybersecurity news.

Cyber Live with Dr. Stan Stahl – Live on LinkedIn

Join me as Julie Morris and I put context on the cybersecurity news.

This week we discuss Biden’s warning, the emerging digital cybersecurity divide, and the special role played by nonprofits in helping our smaller organizations and our families address their cybersecurity challenges. Plus tips to protect your family and your organization. SecureTheVillage, March 24, 2022

Save the Date. Invitation to Sponsor.

SecureTheVillage presents Nicole Perlroth, Award-winning Cybersecurity Journalist and New York Times Bestselling Author. A Virtual Learning Opportunity By & For Leaders in Cybersecurity. May 4, 11:00AM Pacific. Sponsorships now available. Registration opens soon.

SecureTheVillage presents Nicole Perlroth, Award-winning Cybersecurity Journalist and New York Times Bestselling Author.

Section 2 – Personal Security and Privacy

Important stories for protecting yourself and your family.

Let’s be careful out there.

Influx of Trojanized Apps on Google Play Store: Security researchers have observed an increasing flood of trojans on the official Android store. Most of the trojan-laden apps are used in different scams and cause financial losses or steal sensitive personal information. Cyware Alert, March 21, 2022

Here’s why you need to be using a password manager.

Not using a password manager? Here’s why you should be…: In a competitive field, passwords are one of the worst things about the internet. Long and complex passwords are more secure but difficult to remember, leaving many people using weak and easy-to-guess credentials. One study by the UK’s National Cyber Security Centre (NCSC) revealed how millions are using their pet’s name, football team names, ‘password’ and “123456” to access online services. The Guardian, March 19, 2022

Section 3 – General Cybersecurity and Privacy Stories

Cybersecurity and privacy stories for those wanting a deeper look.

Anonymous successes and the danger of anti-war hacktivism.

Anonymous claims it hacked Russia’s central bank and will soon release thousands of files: A Twitter account claiming to be connected with the activist collective Anonymous announced this week that it hacked Russia’s central bank, and it is planning to release 35,000 documents over the next 48 hours detailing “secret agreements.” Fortune, March 24, 2022

After ‘protestware’ attacks, a Russian bank has advised clients to stop updating software: As the Russian invasion of Ukraine draws on, consequences are being felt by many parts of the technology sector, including open-source software development. … In a recent announcement, the Russian bank Sber advised its customers to temporarily stop installing software updates to any applications out of concern that they could contain malicious code specifically targeted at Russian users, labeled by some as “protestware.” The Verge, March 21, 2022

Some developers are fouling up open-source software: From ethical concerns, a desire for more money, and simple obnoxiousness, a handful of developers are ruining open-source for everyone. … One of the most amazing things about open-source isn’t that it produces great software. It’s that so many developers put their egos aside to create great programs with the help of others. Now, however, a handful of programmers are putting their own concerns ahead of the good of the many and potentially wrecking open-source software for everyone. ZD Net, March 23, 2022

Anti-War Hacktivism is Leading to Digital Xenophobia and a More Hostile Internet: The horrific Russian military invasion of Ukraine has understandably led to a backlash against Russia. The temptation is to label anything Russian, from state media and students to cats, as bad and block it to signal outrage and ostracization. This type of thinking has infected the open source and internet security communities as well—a terrible idea with potentially harmful consequences. Electronic Frontier Foundation, March 21, 2022

Activists are targeting Russians with open-source “protestware”: At least one open-source software project has had malicious code added which aimed to wipe computers located in Russia and Belarus. … Russia’s biggest bank has warned its users to stop updating software due to the threat of “protestware”: open-source software projects whose authors have altered their code in opposition to Moscow’s invasion of Ukraine. MIT Technology Review, March 21, 2022

Hacker Group Anonymous and Others Targeting Russian Data: Researchers See Russian Databases Targeted With Files Erased and Folders Renamed With Pro Ukrainian Messages. … Together with the Website Planet research team we took an in depth look at the cyberattacks targeting Russian websites, technology and cyber assets, perpetrated by the famous group, Anonymous. On the same day of Russia’s unprovoked attack against Ukraine, a Twitter account associated with the “Anonymous” hacking collective called on hackers from around the globe to target Russia and it appears that hackers are answering the call. Website Planet, March 7, 2022

Other cyber-war stories.

Russian military behind hack of satellite communication devices in Ukraine at war’s outset, U.S. officials say: U.S. intelligence analysts have concluded that Russian military spy hackers were behind a cyberattack on a satellite broadband service that disrupted Ukraine’s military communications at the start of the war last month, according to U.S. officials familiar with the matter. The Washington Post, March 24, 2022

Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers: Ukrainian security officials have warned of ongoing attacks by InvisiMole, a hacking group with ties to the Russian advanced persistent threat (APT) group Gamaredon.  ZD Net, March 21, 2022

North Korea targets fintech, IT, and media in reminder that Russia isn’t the only nation to be concerned about.

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms: Google’s Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The Hacker News, March 24, 2022

FCC puts Russian anti-malware firm Kaspersky an security threat list, says it poses “unacceptable risk.”

FCC puts Kaspersky on security threat list, says it poses “unacceptable risk“: Moscow-based firm joins Huawei and ZTE on the same US security threat list. … The Federal Communications Commission on Friday determined that security products from Kaspersky posed an unacceptable risk to US national security and added the company to a covered list of other firms not eligible for FCC funds. Ars technica, March 25, 2002

The week in cyber-crime.

Health care most targeted sector for cyber attacks in 2021, Cisco says: Ransomware was the top threat throughout last year. … The rise of phishing can be correlated to the fact that it is a common means of initial infection for cyber crooks employing ransomware, a Cisco study said. EPA. … The healthcare industry suffered the highest number of cyber attacks in 2021, with ransomware the leading danger, as bad actors took advantage of the Covid-19 pandemic, a study by Cisco has found. The National, March 22, 2022

Morgan Stanley client accounts breached in social engineering attacks: Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. Bleeping Computer, March 24, 2022

Bridgestone Hit as Ransomware Torches Toyota Supply Chain: A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit. … On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters. Threat Post, March 21, 2022

The Okta breach and Lapsus$ gang allegedly behind it.

Police Arrest Suspected Hackers in Wake of Lapsus$ Attack on Okta, Report Says: A number of the people arrested were teenagers, according to ZDNet. The arrests come after Bloomberg reported that a UK teen may be the leader of cyberattacks on Microsoft, Samsung and Nvidia. CNET, March 25, 2022

A Closer Look at the LAPSUS$ Data Extortion Group: Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations. KrebsOnSecurity, March 23, 2022

Okta says hundreds of companies impacted by security breach: Okta says 366 corporate customers, or about 2.5% of its customer base, were impacted by a security breach that allowed hackers to access the company’s internal network. Tech Crunch, March 23, 2022

Understanding the cyber-enemy.

Researchers examined how quickly ransomware encrypts files – in some cases, it just takes a matter of minutes: It takes just five minutes for one of the most prolific forms of ransomware to encrypt 100,000 files, demonstrating how quickly ransomware can become a major cybersecurity crisis for the victim of an attack.  ZD Net, March 24, 2022

This is how much the average Conti hacking group member earns a month: The average Conti ransomware group member earns a salary of $1,800 per month, a figure you might consider low considering the success of the criminal gang. ZD Net, March 23, 2022

The Internet of Things remains far from secure. The bad news is your car is at risk. The good news (?) is that the attacker must be nearby.

Honda bug lets a hacker unlock and start your car via replay attack: Researchers have disclosed a ‘replay attack’ vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. Bleeping Computer, March 25, 2022

Cyber Enforcement

Cybercriminal Connected to Multimillion Dollar Ransomware Attacks Sentenced for Online Fraud Schemes: An Estonian man was sentenced today to 66 months in prison for his years-long role in furthering and facilitating computer intrusions, the movement of fraudulently obtained goods and funds, and the monetization of stolen financial account information. He also participated in ransomware attacks causing over $53 million in losses and was ordered to pay over $36 million in restitution. Department of Justice, March 25, 2022

Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide: Defendants’ Separate Campaigns Both Targeted Software and Hardware for Operational Technology Systems … The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries. Department of Justice, March 4, 2022

Section 4 – Securing the Organization

Stories to support executives and top management in securing their organizations.

How to build a culture of cybersecurity: Technology and training are not enough to safeguard companies against today’s litany of cybersecurity attacks. Here’s how to infuse safe behavior into corporate culture. MIT Management, March 15, 2022

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge