Cybersecurity News of the Week, May 31, 2020

SecureTheVillage Calendar

TownHallWebinar: Online Event: Doing it…. Online with Dr. Steve Krantz. June 3 @ 1:00 pm – 2:30 pm PDT

TownHallWebinar: Ephemeral Messaging: Balancing the Benefits and Risks from Leadership Council Member Driven. June 3 @ 2:00 pm – 3:00 pm EDT

TownHallWebinar: Securing Your Home and Family (Part 2) – SecureTheVillage. June 11 @ 10:00 am – 11:00 am PDT

Financial Services Cybersecurity Roundtable: Cyber and the Insider Threat – June 2020. June 19 @ 8:00 am – 10:00 am PDT

STVHappyHour: A CIO and a Cyberinsurance Broker Walk Into a Bar … June 23 @ 4:30 pm – 5:30 pm PDT

TownHallWebinar: Up On Cyber 2020. June 25 @ 8:00 am – 12:30 pm PDT

TownHallWebinar: Personal Cyber Security with Dr. Steve Krantz. July 21 @ 1:00 pm – 2:30 pm PDT Calabasas Senior Center Calabasas, CA

Individuals at Risk

Cyber Privacy

Immunity Passports Are a Threat to Our Privacy and Information Security: With states beginning to ease shelter-in-place restrictions, the conversation on COVID-19 has turned to questions of when and how we can return to work, take kids to school, or plan air travel. EFF, May 28, 2020

Watch EFF Cybersecurity Director Eva Galperin’s TED Talk About Stalkerware: Stalkers and abusive partners want access to your device for the same reason governments and advertisers do: because “full access to a person’s phone is the next best thing to full access to a person’s mind,” as EFF Director of Cybersecurity Eva Galperin explains in her TED talk on “stalkerware” and her efforts to end the abuse this malicious software enables. EFF, May 28, 2020

Secure The Human

UK Ad Campaign Seeks to Deter Cybercrime: The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. KrebsOnSecurity, May 28, 2020

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

Cybersecurity’s Greatest Insider Threat Is In The C-Suite: C-level based breaches, phishing, and fraud attempts are increasing today. Cybercriminals are learning how to impersonate executives and send e-mails asking for wire transfers, privileged access account resets, corporate credit card requests, and more, all in the CXOs’ name. With cybercriminals and bad actors fine-tuning their social engineering skills, CEOs and the C-Suite need to bolster their own cybersecurity awareness and practices. Forbes, May 29, 2020

Enterprise Risk Management: Give Cybersecurity a Seat at the Table: COVID-19 is forcing organizations of all sizes to re-evaluate their enterprise risk management strategies. Here’s how cybersecurity leaders can help. Govering, May 28, 2020

5 principles for effective cybersecurity leadership in a post-COVID world: COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders. WeForum, May 26, 2020

Spotting the Gray Rhinos Charging Toward Your Business Continuity Posture: There may be some elephants in the board room from time to time, but what about Black Swans or Gray Rhinos? Many of us might be ignoring the warnings of risks to our business from “corporate Cassandras” — named for the priestess in Greek mythology who was cursed to pronounce true prophecies, but never to be believed. By understanding how risks manifest themselves, organizations can improve their business continuity planning and, ultimately, their resiliency. SecurityIntelligence, May 21, 2020

Information Security Management

In Cybersecurity, Best Practices Are The Worst: Clichés are overused, and they tend to be broad generalizations that contain kernels of truth. They are convenient, often colorful phrases offered as unoriginal descriptions of things or nonspecific responses to situations. We’re all familiar with clichés, and we all use them often (that’s how they become clichés). For example, we might say, “It’s not rocket science,” when we mean that something is not difficult or, “It’s like herding cats,” when something is. Forbes, May 29, 2020

Cyber Danger

Cyber-Criminals Impersonating Google to Target Remote Workers: Remote workers have been targeted by up to 65,000 Google-branded cyber-attacks during the first four months of 2020, according to a new report by Barracuda Networks. The study found that Google file sharing and storage websites were used in 65% of nearly 100,000 form-based attacks the security firm detected in this period. InfoSecurity Magazine, May 28, 2020

Cyber Defense

This new Trickbot malware update makes it even harder to detect: The notorious information-stealing trojan is one of the most prolific forms of malware out there – and has evolved yet again. ZDNet, May 29, 2020

NetWalker Ransomware – What You Need to Know: NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. The State of Security, May 28, 2020

Microsoft warns about attacks with the PonyFinal ransomware: Microsoft’s security team has issued an advisory today warning organizations around the globe to deploy protections against a new strain of ransomware that has been in the wild over the past two months. ZDNet, May 27, 2020

Here’s a list of all the ransomware gangs who will steal and leak your data if you don’t pay: Ransomware gangs are getting more aggressive these days about pursuing payments and have begun stealing and threatening to leak sensitive documents if victims don’t pay the requested ransom demand. ZDNet, April 21, 2020

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing: Configure Defenses to Block Attackers, Security Experts Advise. BankInfoSecurity, May 29, 2020

Inside a ransomware gang’s attack toolbox: If you’re a Naked Security Podcast listener, you’ll have heard Sophos’s own Peter Mackenzie telling some fairly wild ransomware stories. NakedSecurity, May 28, 2020

Cyber Talent

Critical Insights to Closing the Growing Cybersecurity Skills Gap: The cybersecurity industry is facing an increasingly widening skills gap that has left many organizations even more vulnerable to breaches. According to a recent Fortinet-commissioned study, conducted by MaritzCX, 73% of respondents reported having had at least one intrusion or breach over the past year that can be directly attributed to a shortage in available cybersecurity talent. And as infrastructures become even more distributed amidst the COVID-19 pandemic, with a large percentage of the workforce now working from home, governments and businesses must work to close the skills gap to effectively secure these networks. CSO, May 29, 2020

Secure The Human

The ‘Sippy Cup’ Problem: Redefining Cybersecurity Awareness: The best employees cannot keep your organization safe if they do not know how. Taking stock of the human dimension, the reality is that your employees are not all as cyber-aware as you think., May 28, 2020

Cybersecurity in Society

Cyber Crime

Ransomware Gangs’ Ruthlessness Leads to Bigger Profits: Criminals continue to tap ransomware, backed by more advanced network penetration techniques, hitting larger targets and leaking data in an attempt to maximize their illicit paydays. BankInfoSecurity, May 28, 2020

States plead for cybersecurity funds as hacking threat surges: Cash-short state and local governments are pleading with Congress to send them funds to shore up their cybersecurity as hackers look to exploit the crisis by targeting overwhelmed government offices. The Hill, May 25, 2020

Riding the State Unemployment Fraud ‘Wave’: When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims. Meanwhile, a number of U.S. states are possibly making it easier for crooks by leaking their citizens’ personal data from the very websites the unemployment scammers are using to file bogus claims. KrebsOnSecurity, May 23, 2020

Cyber Attack

Israel Thwarts Major Cyber Attack Against Its Water Systems: Israel’s national cyber chief Thursday officially acknowledged the country had thwarted a major cyber attack last month against its water systems, an assault widely attributed to arch-enemy Iran, calling it a “synchronized and organized attack” aimed at disrupting key national infrastructure. Insurance Journal, May 29, 2020

Cyber Espionage

Five-Year Cyber Espionage Campaign Targets Asia Pacific Governments: Naikon, a Chinese threat group, has been engaged in a five-year-long cyber espionage campaign targeting several governments across the Asia Pacific region, including that of Western Australia. This is according to findings revealed by intelligence researchers at security firm Check Point. CPO, May 28, 2020

Cyber Law

Capital One Must Turn Over Mandiant’s Forensics Report to Data Breach Class Action Lawsuit Plaintiffs, Judge Rules. Says report is not protected under the work product doctrine.: A federal judge has ordered Capital One to turn over the results of a digital forensics investigation into its 2019 data breach. Plaintiffs in a class action lawsuit have been seeking release of the forensics report. BankInfoSecurity, May 29, 2020

Amended Lawsuit Alleges Identity Theft Related to Deloitte PUA Leak: COLUMBUS, Ohio- The list of plaintiffs suing the manufacturer of the state’s pandemic unemployment system grew by two this week. SpectrumNews1, May 28, 2020

GDPR is Two Years Old. Here’s How It’s Working and What the US Can Learn from It: This week marked the two-year anniversary of the General Data Protection Regulation, Europe’s major privacy law. GDPR was the first major European effort to put some legal and regulatory power behind demands for less free-wheeling data collection and selling. StreetFight, May 28, 2020

Know Your Enemy

Report: ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office: A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division. KrebsOnSecurity, May 26, 2020

National Cybersecurity

North Korea accuses U.S. of hurting its image with cyber threat warning: SEOUL (Reuters) – North Korea accused the United States of smear tactics on Friday after Washington renewed accusations last month that Pyongyang was responsible for malicious cyber attacks. Reuters, May 29, 2020

Cyber Freedom

Cyber LEAP Act aims for innovations through Cybersecurity Grand Challenges: New bill seeks to set up competitions across the US to spur security breakthroughs. CSO, May 29, 2020

Cyber Enforcement

CyberThanks and CyberCongratulations to IC3 – the Internet Crime Complaint Center – for 20 Years of Service. IC3 Federal Bureau of Investigation: By the late 1990s, the internet already played a key role in most our lives. FBI, May 28, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge