Cybersecurity News of the Week, October 17, 2021



The first annual SecureTheVillage Golf Tournament is October 20. Celebrate Cybersecurity Awareness Month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. A limited number of foursomes are still available.

CybersecureAmerica 2021: A Reasonable Approach to Reasonable Security, the Sequel

Following last year’s successful conference, this year’s annual conference in support of Cybersecurity Awareness Month returns to the topic of reasonable security. … Join SecureTheVillage and our expert panel of information security professionals for a workshop-style conference on reasonable security. October 21. 9:00 – 12:30 Pacific Time.

Individuals at Risk

Cyber Defense

Don’t get phished! How to be the one that got away: If it looks like a duck, swims like a duck, and quacks like a duck, then it’s probably a duck. Now, how do you apply the duck test to defend against phishing? WeLiveSecurity, October 13, 2021

Cyber Warning

Password-Stealing Attacks Surge 45% in Six Months: Attacks using password-stealing malware have surged by 45% over the past six months, highlighting the continued need for additional log-in security measures, according to Kaspersky. InfoSecurity, October 13, 2021

Cyber Poll

The Public Is Highly Concerned About Cyber-attacks on the United States: Most Americans are concerned about cyber-attacks on U.S. institutions, and many say the Chinese and Russian governments are a big threat to the nation’s cybersecurity, according to a new Pearson Institute/AP-NORC Poll.

Cyber Humor

Information Security Management for the Organization

Information Security Management

Mandating a Zero-Trust Approach for Software Supply Chains: Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains. ThreatPost, October 13, 2021

Securing the edge: 4 trends to watch: The global COVID-19 pandemic exacerbated some of the security risks associated with the move to a more distributed computing model. Here are 4 ways security organizations are responding as edge computing threats evolve. CSO, October 12, 2021

Cyber Culture

From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor: With a career in cybersecurity that started over 15 years ago, my work has traversed the security landscape: managing incident responses, designing endpoint detection and investigative methodologies, and leading compromise assessments to identify targeted threats. Now, as the director of global operations for a managed detection and response provider, I oversee our clients’ security needs and our organization’s internal security functions, in addition to managing, mentoring, and coaching security operations center analysts and detection and response engineers. DarkReading, October 15, 2021

7 Smart Ways a Security Team Can Win Stakeholder Trust: In any enterprise, building stakeholder trust and confidence is an important part of moving important initiatives forward. The security team is not exempt from this responsibility, and the effectiveness and success of a security team is highly correlated to its ability to build trust and confidence among its stakeholders. DarkReading, October 11, 2021

Cybersecurity in Society

Cyber Crime

US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments: The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments. TheRecord, October 15, 2021

Accenture confirms data breach after August ransomware attack: Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company’s systems in August 2021. BleepingComputer, October 14, 2021

Suspected ransomware payments total nearly $600 million for first half of 2021: That’s more than the total value of ransomware payments made in all of 2020, a Treasury report says. CNet, October 15, 2021

Verizon’s Visible cell customers hacked, leading to unauthorized purchases: Company suspects credential stuffing, but questions remain. ars technica, October 14, 2021

Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha: Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. BleepingComputer, October 12, 2021

Quest-owned fertility clinic announces data breach after August ransomware attack: 350,000 patients of ReproSource had their medical data leaked, and some even had SSNs and credit card numbers exposed as well. ZDNet, October 11, 2021

Cyber Surveillance

Cambridge University halts £400m deal with UAE over Pegasus spyware claims: Exclusive: UK institution was in line for huge donation but has paused talks due to concerns Gulf state used hacking software. The Guardian, October 14, 2021

Cyber Leak

Twitch says no passwords or login credentials leaked in massive breach: The company is still investigating a massive hack that drew headlines two weeks ago. ZDNet, October 15, 2021

Cyber Journalism

Pegasus project consortium awarded EU prize for spyware revelations: Group of 17 organisations including the Guardian win inaugural Daphne Caruana Galizia prize for journalism. The Guardian, October 14, 2021

Cyber Ludicrous

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability: On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.” KrebsOnSecurity, October 14, 2021

Cyber Privacy

Cybersecurity Experts Sound Alarm on Apple and E.U. Phone Scanning Plans: A group of researchers said the “dangerous technology” was invasive and not effective at detecting images of child sexual abuse. The New York Times, October 14, 2021

Know Your Enemy

Russian cybercrime gang targets finance firms with stealthy macros: A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations. BleepingComputer, October 15, 2021

Google: We’re sending out lots more phishing and malware attack warnings – here’s why: Google’s state-sponsored hacker alerts are outpacing last year’s warnings by a big margin. Turn on multi-factor authentication, it warns. ZDNet, October 15, 2021

Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds: IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti ransomware. SecurityIntelligence, October 13, 2021

Russia and neighbours are source of most ransomware, says UK cyber chief: Lindy Cameron, head of National Cyber Security Centre, says extortion is most serious online threat to UK. The Guardian, October 11, 2021

How Coinbase Phishers Steal One-Time Passwords: A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. KrebsOnSecurity, October, 11, 2021

National Cyber Defense

U.S. Holds Global Meeting to Fight Ransomware, Minus the World’s No. 1 Culprit: Russia, the biggest source of the problem, was not invited to the 30-nation conference, which sought to engage allies in efforts to disrupt cybercrime. The New York Times, October 14, 2021

The White House’s Plan to Stop Government Employees From Getting Phished: An Office of Management and Budget official explained the large scale plan to move the federal government to phishing-resistant multi-factor authentication. Vice, October 15, 2021

FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware: This week the National Security Council is facilitating an international counter-ransomware event with over 30 partners to accelerate cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity. The White House, October 13, 2021

Cyber Regulation

Credit-card firms are becoming reluctant regulators of the web: From sex to free speech, what goes online is increasingly up to financial companies. The Economist, October 16, 2021

Apple warns of cybercrime risks if EU forces it to allow others’ software: BRUSSELS, Oct 13 (Reuters) – Apple Inc (AAPL.O) on Wednesday ramped up its criticism of EU draft rules that would force it to allow users to install software from outside its App Store, saying that would boost the risk of cybercriminals and malware. Reuters, October 13, 2021

Cyber Warning

Agencies warn of cyber threats to water, wastewater systems: A coalition of federal agencies on Thursday warned that hackers are targeting the water and wastewater treatment sectors, strongly recommending that organizations take steps to protect themselves. The Hill, October 14, 2021

Cyber experts warn of ‘aggressive’ threat actor targeting healthcare: Analysts from Mandiant Intelligence say FIN12 has been behind multiple ransomware attacks on hospitals and other provider organizations dating back at least to October 2018. HealthCareITNews, October 12, 2021

Cyber Enforcement

Ukraine arrests operator of DDoS botnet with 100,000 bots: Ukrainian law enforcement announced the arrest of a suspect on accusations of running a giant malware botnet of more than 100,000 infected systems. TheRecord, October 11, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge