Cybersecurity News of the Week, October 10, 2021

Individuals at Risk

Cyber Defense

Cybersecurity Awareness Month: Time for your safety check: Sure, it’s a cheesy, made-up event. But that doesn’t mean you shouldn’t lock down your accounts. CNet, October 7, 2021

Microsoft to disable Excel 4.0 macros, one of the most abused Office features: Microsoft plans to disable a legacy feature known as Excel 4.0 macros, also XLM macros, for all Microsoft 365 users by the end of the year, according to an email the company has sent customers this week, also seen by The Record. TheRecord, October 7, 2021

Google Puts a Date on When It Will Auto-Enroll Everyone in 2FA: Earlier in May, Google casually dropped in a password security blog that it planned on automatically enabling 2FA on Google Accounts. At the time, Google didn’t give any idea of what that timeline would look like other than “soon.” But in a Cybersecurity Awareness Month blog, Google now says that the process is already underway. Gizmodo, October 5, 20201

Social Media — Facebook

For Teen Girls, Instagram Is a Cesspool: When Frances Haugen, a former product manager at Facebook, told a Senate hearing this week that the company put its “astronomical profits before people,” the outcry was loud and indignant. The social media company’s founder and chief executive, Mark Zuckerberg, responded with a Facebook post insisting, “We care deeply about issues like safety, well-being and mental health.” The New York Times, October 8, 2021

The Moral Bankruptcy of Facebook: On Sunday, October 3rd, shortly before “60 Minutes” aired an interview in which Frances Haugen outed herself as the Facebook whistle-blower, Mark Zuckerberg, Facebook’s C.E.O., posted a video that began with his wife, Priscilla Chan, sitting on a sailboat. She grins for a second, as if posing for a photo; then she turns, her grin starting to fade; then, apparently realizing that she is being videotaped, she does her best to sustain a smile. In the final edit, the sound of whipping wind was replaced by Duke Ellington and John Coltrane playing the opening bars of “In a Sentimental Mood.” “Sailing with Priscilla and friends,” Zuckerberg’s caption read. “Shot on 😎.” The clip, in other words, was not just a life update but a product demo: Zuckerberg had recorded it using a pair of Stories, new “first-generation smart glasses” co-designed by Facebook and Ray-Ban—ideal for those relatable everyday moments when you want to keep streaming but you need to keep both hands on your jib sheets. The New Yorker, October 7, 2021

Whistleblower: Facebook is misleading the public on progress against hate speech, violence, misinformation: Frances Haugen says in her time with Facebook she saw, “conflicts of interest between what was good for the public and what was good for Facebook.” Scott Pelley reports. CBS, October 4, 2021

Facebook’s outage likely cost the company over $60 million: Configuration change cascaded down the data centers, bringing systems to a halt. ars technica, October 6, 2021

Understanding How Facebook Disappeared from the Internet: “Facebook can’t be down, can it?”, we thought, for a second. Cloudflare, October 4, 2021

What Happened to Facebook, Instagram, & WhatsApp?: Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online. KrebsOnSecurity, October 4, 2021

Cyber Warning

New York DMV warns of text message phishing scam asking for vaccine info: NEW YORK (WCBS 880) — The New York State Department of Motor Vehicles on Friday issued a warning to drivers about a text messaging phishing scheme. MSN, October 9, 2021

These Are the Games Malware Scammers Are Exploiting Most: Hackers capitalize on the popularity of games like Minecraft to infect your PC and phone with malware. PC Mag, October 8, 2021

Cyber Humor

Information Security Management In the Organization

Cybersecurity in the C-Suite & Board

The Real Cost of Ransomware: Ransomware is an expensive cybercrime and getting more so all the time. Payouts have risen massively in the past few years. But while ransomware payment amounts make headlines, the real costs go far beyond what’s paid to the attackers. SecurityIntelligence, October 7, 2021

Information Security Management

Ransomware: Cyber criminals are still exploiting these old vulnerabilities, so patch now: Years-old security vulnerabilities remain a common attack method for ransomware attacks because organisations aren’t applying the patches to fix them. ZDNet, October 8, 2021

A holistic approach to vulnerability management solidifies cyberdefenses: Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises. TechRepublic, October 7, 2021

Cyber Warning

Intuit warns QuickBooks customers of ongoing phishing attacks: Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges. BleepingComputer, October 8, 2021

Cybersecurity in Society

Cyber Crime

Infosec Experts: Twitch Breach “As Bad as it Gets”: Gaming and content streaming giant Twitch has confirmed a breach has taken place at the firm, after reports claimed a hacktivist leaked its entire source code, creator info and internal data. InfoSecurity, October 7, 2021

Company that routes SMS for all major US carriers was hacked for five years: Syniverse hasn’t revealed whether text messages were exposed. ars technica, October 5, 2021

Why today’s cybersecurity threats are more dangerous: Greater complexity and interdependence among systems gives attackers more opportunity for widespread, global damage, say government and industry experts. CSO, October 4, 2021

Cyber Attack

Hackers are waging a guerrilla war on tech companies, revealing secrets and raising fears of collateral damage: A resurgence of ‘hacktivism’ has sought to portray cyberattacks as a moral crusade, but everyday users can also end up having their private information exposed. The Washington Post, October 7, 2021

North American Orgs Hit With an Average of 497 Cyberattacks per Week: New data released this week confirms what numerous others have reported as a massive surge in attacks against organizations worldwide since the COVID-19 pandemic forced dramatic changes to workplace and operational environments. DarkReading, October 8, 2021

Cyber Surveillance

NSO Pegasus spyware can no longer target UK phone numbers: Israeli maker of surveillance software blocked +44 code after detecting hack against Princess Haya, source says. The Guardian, October 8, 2021

Know Your Enemy

Russian cyberattacks pose greater risk to governments and other insights from our annual report: During the past year, 58% of all cyberattacks observed by Microsoft from nation-states have come from Russia. And attacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year. Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security or defense. The top three countries targeted by Russian nation-state actors were the United States, Ukraine and the UK. Microsoft, October 8, 2021

Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy: Why is one of cyber crime’s oldest threats still going strong? The Anti-Phishing Working Group (APWG) reports that January 2021 marked an unprecedented high in the APWG’s records, with over 245,771 phishing attacks in one month. SecurityIntelligence, October 6, 2021

National Cyber Defense

New DOJ Civil Cyber-Fraud Initiative Will Hold Contractors Accountable for Data Breaches: Deputy Attorney General Lisa O. Monaco announced Wednesday the launch of the department’s Civil Cyber-Fraud Initiative, which will combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems. Homeland Security, October 8, 2021

A new US bill would force companies to disclose ransomware payments: Conducting market research at each stage of your product lifecycle is a critical component to a successful product launch and sustained growth in an increasingly competitive market. While traditional market research can be costly and require a specialized team, agile market research software makes it possible for anyone on your team to get the insights you need fast. Watch’s session to learn how to conduct your own market research to identify what kinds of products and features users value most, get insight into the competitive landscape, and track your brand’s awareness and shifting perceptions over time. TechCrunch, October 8, 2021

Biden signs bill to strengthen K-12 school cybersecurity: President Biden on Friday signed into law legislation intended to strengthen the cybersecurity of K-12 institutions after a year in which cyberattacks aimed at schools spiked as classes moved online during the COVID-19 pandemic. TheHill, October 8, 2021

Cyber Defense

Google announces new efforts to protect journalists and high-risk users from cyberattacks: The announcement comes one day after the Google TAG team alerted journalists and high-risk groups that could be targets to ongoing attacks. ZDNet, October 8, 2021

Content Security

Motion Picture Academy employs cutting-edge tech to keep Oscar contenders secure: With video use on the rise across the board, new technologies are being deployed to prevent it from being pirated or showing up in places it shouldn’t. TechRepublic, October 8, 2021

Cyber Enforcement

US Department of Justice creates cryptocurrency enforcement unit: The team will include people from the DOJ money laundering and cyber crimes divisions. The Verge, October 7, 2021

Two ‘prolific’ ransomware operators arrested in Ukraine, Europol announces: (CNN)US and European enforcement agencies last week arrested two people in Ukraine who have allegedly made multimillion-dollar ransom demands following hacks of European and US organizations, Europol announced Monday. CNN, October 4, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge