Cybersecurity News of the Week, November 1, 2020

SecureTheVillage Calendar

LMG Security Virtual Class: Cyber First Responders. November 5 @ 9:00 am – 6:00 pm PST

Invitational Cybersecurity Workforce Workshop — Linking Supply & Demand. November 10 @ 10:00 am – 12:00 pm PST

Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST

Insurance Brokers Cybersecurity Roundtable: Case Study of a Breach: Helping Your Clients Prepare for the Inevitable. November 17 @ 2:00 pm – 3:00 pm PST

Financial Services Cybersecurity Roundtable: November 2020. November 20 @ 8:00 am – 10:00 am PST

Information Security Management Webinar: PCI DSS 4.0 with Scott Pierangelo. December 10 @ 10:00 am – 11:00 am PST

Individuals at Risk

Cyber Privacy

Should You Be Worried About Your DNA Privacy: I’ve always been wary of at-home DNA tests, and I don’t think I’m alone in that. There are a lot of things I regularly do that might compromise my personal information—online shopping, banking, and healthcare communications spring to mind—but sending off a sample of my DNA to some huge corporation? No, thank you. Reviewed, October 30, 2020

Cyber Warning

Wroba Mobile Banking Trojan Spreads to the U.S., via Texts … The campaign uses text messages to spread, using fake notifications for “package deliveries” as a lure: The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. Threatpost, October 30, 2020

Information Security Management for the Organization

Information Security Management

WannaCry: How the Widespread Ransomware Changed Cybersecurity: If I had polled cybersecurity experts on their way to work on May 12, 2017, most of them would have said they knew a major cybersecurity event loomed. SecurityIntelligence, October 30, 2020

NSA Publishes List of 25 Top Vulnerabilities Exploited by Chinese Hackers; Beijing Calls Us an “Empire of Hacking” in Response: The US National Security Agency (NSA) published a report detailing the top 25 vulnerabilities currently being exploited by Chinese state-sponsored hacking groups. The NSA said that the bugs exist in web services or remote access tools. CPO, October 29, 2020

FinCEN Issues Ransomware Advisory: The US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued an advisory to remind US businesses about some aspects of ransomware scams and attacks. The advisory addresses (1) the process of making ransomware payments; (2) trends in ransomware attacks; (3) “financial red flag indicators” of ransomware activity; and (4) how to report and share information related to ransomware attacks. In the advisory, FinCEN used information from its analysis of cyber- and ransomware-related Bank Secrecy Act data, open source reporting, and law enforcement partners. JDSupra, October 29, 2020

BoozAllenHamilton Releases 2021 Cyber Threat Trends Outlook. “Cybercriminals have discussed proposals to create a venture capital … or stock market … where … parties can finance development of malware and tools. BoozeAllen, October 2020

Cyber Warning

Google discloses Windows zero-day exploited in the wild: Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. ZDNet, October 30, 2020

Cyber Update

Microsoft Warns of Ongoing Attacks Exploiting Zerologon: The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert. DarkReading, October 30, 2020

WordPress Patches 3-Year-Old High-Severity RCE Bug: In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software. ThreatPost, October 30, 2020

Cyber Insurance

‘Act of War’ Clause Could Nix Cyber Insurance Payouts … The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance “is not a get-out-of-jail-free card.”: Companies relying on their business interruption or property insurance policies to cover ransomware attacks and other cyber damages are running the risk of not having coverage during a major attack if insurers are successful in shielding themselves using the ubiquitous “act of war” clause, according to cybersecurity and insurance experts. DarkReading, October 29, 2020

Cybersecurity in Society

Cyber Crime

How $377 million will be lost due to ad fraud in the 2020 US campaign: The U.S. Presidential Election has, in many ways, been digital. Spend on digital ads in the race reached $2.9 billion in 2020. This was up sharply from $0.4 billion four years ago, marking the continuing prominence of digital political campaigning since President Obama’s campaign manager, David Plouffe heralded the channel as a deciding factor in the election 12 years ago. Security Magazine, October 30, 2020

Akamai sees doubling in malicious internet traffic as remote world’s bad actors boom, too: Akamai Technologies’ CEO Tom Leighton is impressed by the amazing traffic levels on the internet during the coronavirus pandemic, and the world technology infrastructure’s ability to handle it. But during the stay-at-home boom, the web and cybersecurity expert also has been closely watching a boom in bad actors. CNBC, October 29, 2020

Wisconsin Republican Party says hackers stole $2.3 million: MADISON, Wis. (AP) — Hackers have stolen $2.3 million from the Wisconsin Republican Party’s account that was being used to help reelect President Donald Trump in the key battleground state, the party’s chairman told The Associated Press on Thursday. AP, October 29, 2020

REvil ransomware gang claims over $100 million profit in a year: REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors. Bleepingcomputer, October 29, 2020

Furniture Giant Steelcase Hit by Suspected Ransomware Attack: A multibillion-dollar furniture maker has become the latest big name apparently hit by a major ransomware attack. InfoSecurity, October 28, 2020

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo: In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. KrebsOnSecurity, October 28, 2020

Cyber Warning

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals: On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” KrebsOnSecurity, October 28, 2020

Know Your Enemy

Ryuk ransomware responsible for one third of all ransomware attacks in 2020: SonicWall Capture Labs threat researchers unveiled third-quarter threat intelligence collected by the company’s more than 1 million global security sensors. Year-to-date findings through September 2020 highlight cybercriminals’ growing use of ransomware, encrypted threats and attacks leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter. SecurityMagazine, October 29, 2020

Cyber Freedom

What Keeps Facebook’s Election Security Chief Up at Night?: The social media company’s head of cybersecurity policy on “perception hacks” and what it will take to have an authentic election. The New York Times, October 30, 2020

Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid: The hacking group, Energetic Bear, is among Russia’s stealthiest. It appears to be casting a wide net to find useful targets ahead of the election, experts said. The New York Times, October 30, 2020

Georgia Election Data Leak: Sizing Up the Impact: Data Dump Could Raise Concerns About Election Integrity, Security Experts Say. BankInfoSecurity, October 30, 2020

EXCLUSIVE-Russian hackers targeted California, Indiana Democratic parties: WASHINGTON, Oct 30 (Reuters) – The group of Russian hackers accused of meddling in the 2016 U.S. presidential election earlier this year targeted the email accounts of Democratic state parties in California and Indiana, and influential think tanks in Washington and New York, according to people with knowledge of the matter. Reuters, October 30, 2020

Florida failed to spend $10 million for election security, COVID-19 protection at polls: With days to go, Florida has failed to spend more than $10 million designated for election security, COVID-19 protection at the polls and a surge in mailed ballots. Tallahasse Democrat, October 29, 2020

The State of Election Security: Clichéd as the concept of a perfect storm is, it also feels more apt than ever to describe this year’s American election—and that’s only taking into consideration the cybersecurity challenges voters face. okta, October 28, 2020

Voters’ Guide To Election Security In The 2020 Presidential Campaign: Foreign interference is a very old problem, but most Americans didn’t used to worry much about it and the security of elections. NPR, October 27, 2020

Cyber Fine

UK watchdog reduces Marriott data breach fine to $23.8M, down from $123M: The U.K.’s ICO has reduced the size of a data breach penalty for hotel business Marriott — dropping it to £14.4 million (~$23.8 million) in a final penalty notice, down from the £99 million ($123 million) figure that the watchdog initially said it would levy in July 2019. TechCrunch, October 30, 2020

Triple Data Breach Earns Insurer $1m Fine … Aetna agrees to pay $1m to settle three HIPAA breaches: An American insurance company has been fined $1m over three data breaches that occurred over a six-month period in 2017. InfoSecurity, October 29, 2020

Content Security

Google Mending Another Crack in Widevine: For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. KrebsOnSecurity, October 26, 2020

National Cybersecurity

Spy agency ducks Senator’s questions about ‘back doors’ in tech products: SAN FRANCISCO (Reuters) – The U.S. National Security Agency is rebuffing efforts by a leading Congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, in a controversial practice that critics say damages both U.S. industry and national security. Reuters, October 28, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge