Cybersecurity News of the Week, March 7, 2021

Individuals at Risk

Identity Theft

What we know about the data breach targeting frequent flyer info: A “highly sophisticated” cyber attack targeting frequent flyer data has affected at least 11 airlines around the globe, including U.S. carriers American and United. The Feb. 24 incident targeted SITA, a technology provider that helps process communications and passenger information across numerous carriers. The Points Guy, March 5, 20201

Cyber Privacy

Popular password manager in the spotlight over web trackers: While the trackers in LastPass’s Android app don’t collect any personal data, the news may not sit well with some privacy-minded users. welivesecurity, March 1, 2021

Cyber Defense

Using TikTok? Check out these six security tips: TikTok is a video-sharing social media platform, owned by Chinese company ByteDance, where users make and share short-form videos that range from three seconds to one minute long. NakedSecurity, March 4, 2021

Secure The Human

5 Ways Social Engineers Crack Into Human Beings: These common human traits are the basic ingredients in the con-man’s recipe for trickery. Dark Reading, March 5, 2021

Cyber Warning

Is Your Browser Extension a Botnet Backdoor?: A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition. KrebsOnSecurity, March 1, 2021

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

The Cybersecurity 202: Companies are doing a terrible job of reporting cybersecurity risks to investors, a new study says: Many publicly traded companies are leaving investors in the dark on important cybersecurity risks, a new report suggests. That includes vulnerabilities like the ones that allowed Russian hackers to exploit SolarWinds and other firms to infiltrate nine federal agencies and at least 100 companies. The Washington Post, March 5, 2021

Information Security Management

NSA and CISA release cybersecurity guidance on strengthening cyber defense through protective DNS: The National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity information sheet, “Selecting a Protective DNS Service.” This publication details the benefits of using a Protective Domain Name System (PDNS), which criteria to consider when selecting a PDNS provider, and how to effectively implement PDNS. SecurityMagazine, March 5, 2021

NIST Cybersecurity Framework: A cheat sheet for professionals: The US National Institute of Standards and Technology’s framework defines federal policy, but it can be used by private enterprises, too. Here’s what you need to know. TechRepublic, March 5, 2021

80% of senior IT leaders see cybersecurity protection deficits: A lack of confidence in companies’ defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study. TechRepublic, March 5, 2021

Microsoft issues emergency patches for 4 exploited 0-days in Exchange: Attacks are limited for now but may ramp up as other hackers learn of them. ars technica, March 2, 2021

Cyber Update

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails: Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group. KrebsOnSecurity, March 2, 2021

Privacy Management

Reflecting Back on Data Privacy Day 2021: Why This Day Mattered More Than Ever Before: In the spring of 2020, SolarWinds Orion, popular system monitoring and management software widely used by the U.S. government and thousands of private companies, was hacked and infiltrated with malware. CPO, March 5, 2021

Cyber Law

What’s Good for Litigation Isn’t Necessarily Good for Cybersecurity: When Guo Wengui fled to the United States from China in 2015, he hired the Clark Hill law firm to assist him in his bid for political asylum. In 2017, unknown parties hacked Clark Hill’s computer systems and Guo’s personal information was published on the internet. Clark Hill hired experts to do a post-breach investigation. Guo, embracing the American system, sued Clark Hill and demanded the investigating expert’s report and associated materials in discovery. Clark Hill refused, arguing that the materials were protected by the attorney work-product and attorney-client privileges. The U.S. District Court for the District of Columbia ruled on Jan. 12 in Guo’s favor, finding the privileges did not protect the expert post-breach analysis from discovery. Lawfare, March 5, 2021

Cyber Insurance

Court Up’holds’ Insurers’ Denial of $6M Crime Claim for Phishing Loss: Real estate software maker RealPage has been denied a $6 million computer crime insurance coverage claim because the stolen funds were not in its possession but were instead being held by a payment processing firm at the time of a phishing scheme. InsuranceJournal, March 1, 2021

Cybersecurity in Society

Cyber Crime

Mark of Ransomware’s Success: $370 Million in 2020 Profits…”Ransomware as a Service” Accounts for Nearly two-thirds of Ransomware Campaigns: Proceeds Boosted via Big Game Hunting, Data Leaking, Hitting Healthcare Sector. BankInfoSecurity, March 5, 2021

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software: At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. KrebsOnSecurity, March 5, 2021

The Growing Problem of Marketing Fraud: Bots Pose as Legitimate Internet Users to Fake Traffic, Milk Digital Advertising Services: A new report from White Ops demonstrates that marketing fraud is growing, but that many in the online advertising space may not realize exactly how much the problem has grown in the past year. CPO, March 5, 2021

Accellion Attack Involved Extensive Reverse Engineering: Sophisticated Attackers Took the Time to Master a 20-Year-Old Product, FireEye Says. BankInfoSecurity, March 4, 2021

Three Top Russian Cybercrime Forums Hacked: Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. KrebsOnSecurity, March 4, 2021

CompuCom Hit With Malware As MSPs Remain Under Siege: A recent malware attack is affecting some of the services CompuCom provides to customers, and the Office Depot subsidiary said Wednesday it’s in the process of restoring customer services and internal operations. CRN, March 3, 2021

Payroll/HR Giant PrismHR Hit by Ransomware?: PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. KrebsOnSecurity, March 2, 2021

SonicWall Was Hacked. Was It Also Extorted?: Hacker Claims SonicWall Paid Ransom; SonicWall Stays Silent. BankInfoSecurity, February 22, 2021

Cyber Attack

Trump’s is one of 15,000 Gab accounts that just got hacked. Transparency group DDoSecrets will make the 70 GB of passwords, private posts, and more from far-right platform available to researchers, journalists, and social scientists: The founder of the far-right social media platform Gab said that the private account of former President Donald Trump was among the data stolen and publicly released by hackers who recently breached the site. ars technica, March 1, 2021

Cyber Defense

White House Cybersecurity Adviser Wants a ‘Cleanliness Rating’ for Software Security: Policymakers are considering a number of changes to the nation’s cybersecurity posture as a result of the SolarWinds supply chain attack discovered late last year, including data breach notification laws and greater oversight of the nation’s critical infrastructure. The Record, March 5, 2021

New York Cyber Task Force Report Identifies Near-Term Cyber Defense Challenges, Calls for Increased Government and Private Industry Collaboration: A new report prepared by the New York Cyber Task Force examines the leading cyber defense challenges anticipated through 2025 and finds that coordination between government agencies and private business must be revamped in a dramatic way for the United States to be up to the task. CPO, March 4, 2021

Threat Intelligence Case Study: A SIEM of SIEMs: When industry comes together with government through a true business case- a rising cyber security tide can indeed lift all boats. States across Australia are creating SOCs through integration with industry. Each organization is feeding actionable SIEM information through to those central SOCs so that they can then benefit from “SIEM of SIEM” integrated information. CyberSecurity Hub, March 3, 2021

National Cybersecurity – Solar Winds

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers: Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack. ThreatPost, March 4, 2021

National Cybersecurity

U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures: The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks. ThreatPost, March 5, 2021

CISA Orders Federal Agencies to Patch Exchange Servers Amid a Fire of Cyberattacks: Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading. ThreatPost, March 4, 2021

China Appears to Warn India: Push Too Hard and the Lights Could Go Out: As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning. The New York Times, February 28, 2021

CISA, FBI, and Treasury Issue Guidance on State Sponsored Cryptocurrency Malware Targeting Financial Institutions and Cryptocurrency Exchanges: This past week the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) released a joint advisory report on HIDDEN COBRA—the cyber threat to cryptocurrency posed by North Korea—and provided mitigation recommendations for addressing this ongoing threat. This report was issued in conjunction with the unsealing of a wide-ranging indictment by the United States Attorney’s Office for the Central District of California that charged three North Korean hackers for their participation in a broad criminal conspiracy to conduct destructive cyberattacks that targeted the financial and entertainment industries, government contractors, and government agencies, including the U.S. Departments of State and Defense. Subject to Inquiry, February 25, 2021

Cyber Danger

First Fully Weaponized Spectre Exploit Discovered Online: A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The Record, March 1, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge