Cybersecurity News of the Week, May 1, 2022

A weekly aggregation of important cybersecurity and privacy news helping you meet your data care challenges and responsibilities.

Stan’s Top-3

Our lead story is a reminder that data care begins at home. Google has just updated its Chrome browser to fix several critical vulnerabilities. These vulnerabilities can be exploited by cybercriminals to take control of your computer. Keeping your computer updated is a critical part of good data care. SecureTheVillage publishes our Weekend Patch and Update Report to alert home users and small offices of major updates. It’s included in our email of our Cybersecurity News of the Week.

This next story is one more illustration of the increasing challenges in managing all the data we’re collecting … made all the more problematic by the fact that it’s our data, yours and mine. It’s also a challenge that may come back to bite Facebook in the butt as privacy regulations are increasingly requiring companies to know where its data is and who it’s shared with. Stay tuned.

  • Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: “We do not have an adequate level of control and explainability over how our systems use data,” Facebook engineers say in leaked document. … Facebook is facing what it describes internally as a “tsunami” of privacy regulations all over the world, which will force the company to dramatically change how it deals with users’ personal data. And the “fundamental” problem, the company admits, is that Facebook has no idea where all of its user data goes, or what it’s doing with it, according to a leaked internal document obtained by Motherboard. Motherboard, April 26, 2022
  • And – if it isn’t already obvious – while law enforcement has a role to play, getting out from under cybercrime requires all of us to work together, collaboratively doing our part in protecting our data and our privacy.
    • Interpol: We can’t arrest our way out of cybercrime: As cybercriminals become more sophisticated and their attacks more destructive and costly, private security firms and law enforcement need to work together, according to Interpol’s Doug Witschi. The Register, April 29, 2022

Cyber Humor

The Front Page 

Other front page cybersecurity and privacy stories.

Several stories this week deal with the Russian war against Ukraine.

  • European Wind-Energy Sector Hit in Wave of Hacks: Three Germany-based wind-energy companies have been the targets of cyberattacks since Russia’s invasion of Ukraine; hacks come as governments move to transition away from Russian fuel. Cyberattacks on three European wind-energy companies since the start of the war in Ukraine have raised alarm that hackers sympathetic to Russia are trying to cause mayhem in a sector set to benefit from efforts to lessen reliance on Russian oil and gas. Wall Street Journal, April 25, 2022
  • Government and researchers keep US attention on Russia’s cyber activity in Ukraine: The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) added several strains of wiper malware to its advisory on tools used to attack Ukrainian organizations. The additions came one day after Microsoft researchers said they observed nearly 40 destructive cyberattacks targeting hundreds of systems in Ukraine. The Record, April 28, 2022
  • The hybrid war in Ukraine: Today, we released a report detailing the relentless and destructive Russian cyberattacks we’ve observed in a hybrid war against Ukraine, and what we’ve done to help protect Ukrainian people and organizations. We believe it’s important to share this information so that policymakers and the public around the world know what’s occurring, and so others in the security community can continue to identify and defend against this activity. All of this work is ultimately focused on protecting civilians from attacks that can directly impact their lives and their access to critical services. Microsoft, April 27, 2022
  • Russian hackers are seeking alternative money-laundering options: Russian hackers are seeking alternative money-laundering options … The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets. Bleeping Computer, April 22, 2022
  • DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine: Kaspersky recently released findings that the number of DDoS attacks are the most frequent they have ever been and dwarf the rate of DDoS attacks from just a year prior. According to the cybersecurity company, the total number of attacks from Q1 of 2022 were four-and-a-half times higher than that of Q1 of 2021. This has been chalked up to the ongoing war in Ukraine and the subsequent attacks on businesses in the government and financial sectors, specifically. Tech Republic, April 26, 2022

In 2017, Russia unleashed a cyberattack on Ukraine named “NotPetya” that ended up infecting computers around the world. Now 5 years later and in the shadow of Russian aggression, the State Department has just announced a $10 million bounty on the Russian hackers.

  • State Department announces $10M bounty for Russian intelligence hackers behind NotPetya: The State Department announced Tuesday that it is offering a reward of up to $10 million for information leading to six Russian intelligence hackers responsible for the infamous 2017 NotPetya malware. … That malware knocked out Chernobyl’s radiation monitoring system and did more than $1 billion in damage to a number of U.S. organizations, according to a federal indictment. Cyberscoop, April 27, 2022

I’m at a loss about what to write regarding this next story. It cries out for an emotional outburst, not a reasoned observation. One can only hope that the startup Brian Krebs writes about works to cut down on what can only be described as slime.

  • Hackers Have Been Sexually Extorting Kids With Data Stolen From Tech Giants: Criminals have been tricking tech giants into sending them sensitive user data, then using it to sexually blackmail users, a new report claims. Gizmodo, April 26, 2022
  • Fighting Fake EDRs With ‘Credit Ratings’ for Police: When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide. KrebsOnSecurity, April 27, 2022

Speaking of slime, here’s a story about 34 repressive governments shutting down the Internet to stop protests or stifle dissent.

Governments intentionally shut down internet 182 times across 34 countries in 2021: Dozens of repressive governments intentionally shut down their country’s internet as a way to stop protests or stifle dissent in 2021, according to a new report from Access Now, a nonprofit tracking internet access globally. The Record, April 28, 2022

While here’s a story of hope and courage in North Korea, one of the world’s most repressive regimes.

  • North Koreans Are Jailbreaking Phones to Access Forbidden Media: For most of the world, the common practice of “rooting” or “jailbreaking” a phone allows the device’s owner to install apps and software tweaks that break the restrictions of Apple’s or Google’s operating systems. For a growing number of North Koreans, on the other hand, the same form of hacking allows them to break out of a far more expansive system of control—one that seeks to extend to every aspect of their lives and minds. Wired, April 27, 2022

Security Nonprofit of the Week

This week’s security nonprofit is Nonprofit Cyber. Nonprofit Cyber is a coalition of implementation-focused cybersecurity nonprofits to collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. SecureTheVillage is a proud member of Nonprofit Cyber.

Live on Cyber with Dr. Stan Stahl – Live on LinkedIn

Live on Cyber with Dr. Stan Stahl: Join Julie Morris and me as we discuss the latest in cybersecurity. Can, should a government spy on it’s citizens?  Where does democracy, cybersecurity, and data privacy connect?  Philanthropy, public and private all have a place in the cybersecurity discussion.  Join us to learn more. SecureTheVillage, April 28, 2022

Nicole Perlroth. Register Now.

SecureTheVillage presents Nicole Perlroth, Award-winning Cybersecurity Journalist, New York Times Bestselling Author, and CISA advisor. A Virtual Learning Opportunity By & For Leaders in Cybersecurity. May 4, 11:00AM Pacific. Registration now open.

Section 2 – Personal Data Care – Security and Privacy

Important data care stories for protecting yourself and your family.

Our personal data care stories this week are all about protecting your privacy.

Section 3 – General Cybersecurity and Privacy Stories

Cybersecurity and privacy stories for those wanting a deeper look.

This week’s potpourri of cybercrime stories includes all the usual suspects. Of special note is the report that ransom payment to cybercriminals accounts for only 15% of the total cost of a ransomware attack.

  • Inside a ransomware incident: How a single mistake left a door open for attackers: There are many things you can do to protect yourself against cyberattacks – but if you still don’t do the basics, then it’s easy pickings for cyber criminals. … A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware. ZD Net, April 26, 2022
  • Blockchain Hackers Stole $1.3 Billion In Q1 2022: According to the Atlas VPN team’s new research, blockchain hackers stole approximately $1.3 billion in 78 hack events in the first quarter of 2022. Furthermore, hacks on the Ethereum and Solana ecosystems resulted in over $1 billion in losses in this quarter alone. Bitcoinist, April 27, 2022
  • More than $13 million stolen from DeFi platform Deus Finance: Decentralized finance (DeFi) platform Deus Finance confirmed reports that an attacker used an illicit method to steal millions of dollars on Wednesday evening. April 28, 2022
  • Ransom payment is roughly 15% of the total cost of ransomware attacks: Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors. This includes the financial burden imposed by the incident response effort, system restoration, legal fees, monitoring costs, and the overall impact of business disruption. Bleeping Computer, April 28, 2022
  • Ransomware demands are growing, but life is getting tougher for malware gangs: Ransom payments are going up, but there are signs that the tide may be turning against the gangs. … Victims of ransomware attacks are paying higher ransoms than ever before, but there are signs that organisations are starting to take heed of cybersecurity advice, making them more resilient to cyber criminals. ZD Net, April 27, 2022
  • Drugs, Drugs and More Drugs: Crypto on the Dark Web: It’s a website that sells products. Just like on Amazon, the products have customer reviews. “Was the harshest tar I’ve ever smoked. I’m never using this vendor again,” grumbled one customer. Another: “Nice big rocks.” A third: “F#cking fire.” One more: “Quality BTH, very strong, great for smoking and shooting.” Yahoo!Finance, April 25, 2022
  • Coca-Cola Investigates Data-Theft Claims After Ransomware Attack: The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn’t confirmed that the heist happened. DARK Reading, April 27, 2022

On the intersection of law enforcement and privacy, the F.B.I. has released its annual surveillance report.

And, in a blinding glimpse of the obvious, Fedscoop reports that there’s still a great deal of uncertainty in the Pentagon’s program to get 300,000 defense contractors up to a basic level of cybersecurity.

Section 4 – Data Care in the Organization

Stories to support executives and top management in securing their organizations.

Our lead organization security story is based on a PwC survey exploring the kinds of attacks larger companies are experiencing. These reports serve as an early-warning for the many mid-size and smaller firms that lack the information security support of larger companies.

This next story is a list from the Five Eyes nations of 2021’s Top-15 most exploited vulnerabilities. IT departments should ensure their applications are updated with the latest patches.

  • U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities: Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. … That’s according to a “Top Routinely Exploited Vulnerabilities” report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S. The Hacker News, April 27, 2022

This next story reflects an all too common occurrence of failing to properly secure databases in the cloud. IT departments need security expertise to make sure databases and other cloud installations are properly configured. And their work needs to be checked to minimize the likelihood of error. In the spirit of the second article: Don’t trust. Verify.

  • Redis, MongoDB, and Elastic: 2022’s top exposed databases: Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with 308,000 identified in 2021. The growth continued quarter over quarter, peaking in the first months of this year. Bleeping Computer, April 27, 2022
  • Zero-Trust For All: A Practical Guide: How to use zero-trust architecture effectively in today’s modern cloud-dependent infrastructures. … While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is. Is it a concept? A standard? A framework? An actual set of technology platforms? According to security experts, it’s best described as a fresh mindset for approaching cybersecurity defense, and companies of all sizes should start implementing it – especially for cloud security. Threat Post, April 22. 2022

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge