Cybersecurity News of the Week, October 24, 2021

Individuals at Risk

Cyber Warning

Romance scams cost consumers a record $304 million as more people searched for love online during the pandemic: As pandemic pushed people to spend more time online, criminals targeted people on dating apps and social media platforms, especially older Americans. Adults 60 and older lost $139 million to romance scams in 2020, the FTC says. The Washington Post, October 19, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

What Squid Game Teaches Us About Cybersecurity: When life inside the security operations center feels treacherous, here are some suggestions for getting out alive. DarkReading, October 22, 2021

Ransomware: Looking for weaknesses in your own network is key to stopping attacks: Ransomware criminals look for easy targets – knowing what could be vulnerable on your network can help stop attacks. ZDNet, October 22, 2021

Mitre releases latest version of its ATT&CK framework: The not-for-profit Mitre Corporation announced Thursday the release of the latest version of its MITRE ATT&CK framework – a knowledge base of adversary tactics and techniques. SCMedia, October 21, 2021

Corporate Vulnerabilities To Ransomware Highlighted In Survey; Attacks May Be Tip Of Iceberg: Ransomware may be a larger problem than many people think and recent high-profile attacks such as those on Colonial Pipeline and a JBS meat packing plant could be the tip of the proverbial iceberg. Forbes, October 19, 2021

Secure The Human

How Psychology Can Save Your Cybersecurity Awareness Training Program: Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization. DarkReading, October 21, 2021

Cyber Insurance

Viewpoint: Some Insurers are Delaying Payment on Ransomware Claims: Ransomware attacks are on the rise. Cyber criminals continue to exploit lax security measures, which have become more acute in the work-from-home environment, and hack into companies’ systems, encrypt their data, and then demand multimillion-dollar ransoms. Though cyber insurance policies are designed to cover these losses, insurers have responded to the increasing size and frequency of these attacks by increasing premiums, skyrocketing self-insured retentions, narrowing policy terms, and more recently, advancing coverage defenses to avoid claim payments. ClaimsJournal, October 21, 2021

Cybersecurity in Society

Cyber Crime

Palo Alto warns of BEC-as-a-service: According to Palo Alto Networks ‘ researchers, business email compromise continues to be one of the leading ways cybercriminals scam victims finding an average wire fraud attempt of $567,000 with a peak of $6 million. ZDNet, October 21, 2021

Olympus Suffered a Second Cyber Attack That Disrupted Operations in the Americas a Month After a Ransomware Incident on EMEA Networks: Japanese medical tech giant Olympus suffered a subsequent cyber attack, almost exactly one month after hackers disrupted its European, Middle East, and Africa (EMEA) operations. CPO, October 20, 2021

How Hackers Hijacked Thousands of High-Profile YouTube Accounts: Google has shed light on a spate of attacks that turned creator channels into cryptocurrency scam livestreams. Wired, October 20, 2021

A Cybercrime Group Has Been Hacking Telecoms to Steal Phone Records All Over the World: A new report shows that a particular hacker group, believed to be based in China, has been targeting telecommunication firms throughout the globe. Gizmodo, October 19, 2021

Cyber Surveillance

Scoop: Israel and France hold secret talks to end NSO spyware crisis: Israeli national security adviser Eyal Hulata secretly visited Paris several days ago for talks with his counterparts at the Élysée aimed at ending the crisis around the alleged use of Pegasus spyware developed by Israeli firm NSO to hack the cell phones of President Emmanuel Macron and other top French officials, Israeli officials tell me. AXIOS, October 21, 2021

Cyber Ludicrous

Cybersecurity expert demands apology from Missouri governor over hacking claims: University of Missouri-St. Louis professor Shaji Khan helped the St. Louis Post-Dispatch report data breach on state system. Missouri Independent, October 21, 2021

Missouri Governor Parson doubles down on push to prosecute reporter who found security flaw in state site: Meanwhile, the governor’s estimate that the incident would cost the state $50 million continues to be called into question. Missouri Independent, October 21, 2021

Know Your Enemy

Cybercrime matures as hackers are forced to work smarter: An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today. BleepingComputer, October 21, 2021

The Dark Web has become darker and busier, cybercrime services cost less than $500: Stolen data spreads 11 times faster compared to 6 years ago. Techspot, October 19, 2021

National Cyber Defense

DHS Secretary: “Killware,” Malware Designed To Do Real-World Harm, Poised To Be World’s Next Breakout Cybersecurity Threat: Ransomware is the current king of the cybersecurity threat landscape, in part because of a demonstrated willingness by criminal groups to escalate to real-world damage to infrastructure. U.S. Department of Homeland Security Secretary Alejandro Mayorkas thinks that things are poised to go a step further in that direction in the very near future. CPO, October 22, 2021

CISA seeks 24-hour timeline for cyber incident reporting: The Biden administration favors a 24-hour timeline for cyber incident reporting for critical infrastructure operators and other key entities. FCW, October 19, 2021

U.S. National Cyber Director Chris Inglis and the Gathering Cyber Storm: Chris Inglis’ new White House office has a startup feel to it. There are desks, a few chairs, a coffee maker and a poster hanging on the wall. But as the head of the newly established Office of the National Cyber Director, Inglis has to make due with what he has while still advising President Joe Biden on the smartest ways for the US to prevent and respond to cyberattacks. The Cipher Brief, October 17, 2021

Internet of Things

Dutch forensic lab decrypts Tesla’s driving safety data and finds a wealth of information: The Dutch government’s forensic lab said on Thursday that it had decrypted Tesla’s closely guarded data-storage system, and found a wealth of information that could be used to investigate serious accidents. TheRecord, October 21, 2021

Cyber Warning

CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure: A joint Cybersecurity Advisory issued Monday by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warns that BlackMatter ransomware “has targeted multiple U.S. critical infrastructure entities,” including two within the U.S. food and agriculture sector. TheRecord, October 18, 2021

Cyber Talent

CISA Awards $2M to Cybersecurity Training Programs: The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs. InfoSecurity, October 21, 2021

Cyber Enforcement

DarkSide ransomware gang moves some of its Bitcoin after REvil got hit by law enforcement: The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that fellow ransomware gang REvil had its servers taken over by a coalition of law enforcement agencies. TheRecord, October 22, 2021

EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline: Oct 21 (Reuters) – The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Reuters, October 21, 2021

Two Eastern Europeans sentenced for providing ‘bulletproof hosting” services: Two Eastern European men who pleaded guilty to providing “bulletproof hosting” services to facilitate the distribution of malware used to attack financial institutions in the U.S. were sentenced to prison today, the Department of Justice said. TheRecord, October 20, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge