Cybersecurity News of the Week, October 31, 2021

SecureTheVillage Reasonable Security

Our annual symposium A Reasonable Approach to Reasonable Security is now available online.

The absence of a clear and unambiguous specification of reasonableness makes it imperative for business owners, Boards, executives, and their trusted advisors to know how to think through “reasonableness.”

Join SecureTheVillage and our expert panel of information security professionals for a workshop-style conversation on how to think through reasonable security.

Leave with a framework for ensuring your information security practices are reasonable.

  • Your information risk exposure
  • Your information risk tolerance
  • Your information risk management practices

Individuals at Risk

Cyber Warning

Beware of unknown QR codes—they could contain malware: The Surveillance Technology Oversight Project has put up QR code-bearing flyers for bogus events, taking visitors to pages warning of the risks of scanning untrusted codes. FastCompany, October 28, 2021

Google just banned 150 dangerous Android apps, so delete them from your phone: No matter what device you’re using, you have to be on the lookout for scams. Any email you receive, text someone sends you, or app you download could be dangerous. We can’t even go a week without a new threat popping up, and this week’s is a collection of fake Android apps on Google Play. BGR, October 28, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

Why the time has come to embrace the Zero-Trust model of cybersecurity: The Zero-Trust model has been widely recognized as an effective approach to prevent data breaches and mitigate the risk of supply chain attacks. World Economic Forum, October 27, 2021

Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains: Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains—AtomSilo, Babuk, and LockFile. TheRecord, October 27, 2021

Google and Salesforce create cybersecurity baseline for companies checking vendors: MVSP is presented in the form of a minimum baseline checklist that can be used to verify the security posture of a solution. ZDNet, October 27, 2021

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure: Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner. ThreatPost, October 26, 2021

Cyber Talent

How We Can Narrow the Talent Shortage in Cybersecurity: Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a “cybersecurity professional” and rewriting traditional job descriptions. DarkReading, October 25, 2021

Cyber Insurance

Gaming companies are paying more than double for cyber insurance, and here’s why: CNBC’s Contessa Brewer joins ‘Power Lunch’ to discuss cybersecurity in online betting. Two industry professionals who discuss why risk is growing inside the sports betting sector. CNBC, October 25, 2021

Cybersecurity in Society

Cyber Crime

Acer Suffers Another Cyber Attack Within Weeks; Hackers Warned of More Vulnerable Servers: Taiwanese global electronics giant Acer suffered a cyber attack on its Taiwan servers by the same hacking group responsible for hacking Acer’s Indian servers a few weeks ago. CPO, October 28, 2021

Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year: Hackers have stolen an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations. TheRecord, October 27, 2021

Cybercriminals claim to have hacked the NRA: A ransomware group that experts say is based in Russia has posted what it claims are 13 National Rifle Association files to the dark web. NBC, October 27, 2021

Ransomware has proliferated because it’s ‘largely uncontested’, says GCHQ boss: Ransomware gangs are making big money today because there has been no coordinated effort to halt the profits, says Sir Jeremy Fleming. ZDNet, October 26, 2021

Cash-Starved North Korea Eyed in Brazen Bank Hack: Hackers who stole tens of millions of dollars to fund North Korea’s nuclear weapons program in 2016 tried hitting another bank last year, The Daily Beast has learned. TheDailyBeast, October 26, 2021

Hackers use SQL injection bug in BillQuick billing app to deploy ransomware: At least one hacking group is exploiting a security flaw in a popular billing software suite to gain initial access, take over servers, and then deploy ransomware inside companies’ networks. TheRecord, October 25, 2021

Cyber Leak Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018: In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary updated its website to remediate a nearly identical customer data exposure. KrebsOnSecurity, October 28, 2021

EU’s Green Pass Vaccination ID Private Key Leaked: French & Polish authorities found no sign of cryptographic compromise in the leak of the private key used to sign the vaccine passports and to create fake passes for Mickey Mouse and Adolf Hitler, et al. ThreatPost, October 28, 2021

Cyber Espionage

I Was Hacked. The Spyware Used Against Me Makes Us All Vulnerable: Invasive hacking software sold to countries to fight terrorism is easily abused. Researchers say my phone was hacked twice, probably by Saudi Arabia. The New York Times, October 24, 2021

Know Your Enemy

Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets better: The ENISA Threat Landscape report details how ransomware has become the ‘prime’ cybersecurity threat facing organisations today. ZDNet, October 28, 2021

REvil gang member identified living luxury lifestyle in Russia, says German media: Die Zeit: He’s got a Beemer, a Bitcoin watch and a swimming pool. The Register, October 28, 2021

Russian Hackers Reportedly Hid Behind Americans’ Home Networks to Mask Their Cyber Espionage: Russian cyber-spies used a special technique to hide behind Americans’ home and mobile networks while on intelligence missions, a recent report says. Gizmodo, October 26, 2021

Conti Ransom Gang Starts Selling Access to Victims: The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked. KrebsOnSecurity, October 25, 2021

National Cybersecurity

FTC Strengthens Security Safeguards for Consumer Financial Information Following Widespread Data Breaches: Agency updates Safeguards Rule to better protect the American public from breaches and cyberattacks that lead to identity theft and other financial losses. FTC, October 27, 2021

National Cyber Defense

How one congressman is working to get the the government and industry to team-up against foreign threats: The last year of high-profile hacks has been a “clarion call” for the federal government and the private sector to work together to combat security threats from foreign adversaries, according to Rep. Rick Crawford (R-Ark.). TheRecord, October 28, 2021

U.S. Launches New Bureau to Combat Cybercrime After Rise in Cyberattacks During Pandemic: The U.S. Department of State announced on Monday that it intends to create a bureau of cyberspace and digital policy dedicated to tackling the issues of ransomware attacks and a global decline in digital freedom. NewsWeek, October 26, 2021

Cyber Warning

NSA warns of threat actors compromising entire 5G networks via cloud systems: The US National Security Agency has published a security advisory today warning about how attackers could compromise entire 5G networks by hijacking a provider’s cloud resources. TheRecord, October 28, 2021

SEO Poisoning Used to Distribute Ransomware: This tactic — used to distribute REvil ransomware and the SolarMarker backdoor — is part of a broader increase in such attacks in recent months, researchers say. DarkReading, October 28, 2021

Microsoft warns of new supply chain attacks by Russian-backed Nobelium group: The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May. TechRepublic, October 27, 2021

Cyber Talent

Microsoft announces plan to cut cybersecurity workforce shortage in half by 2025: Microsoft will partner with community colleges across the U.S. and provide free resources in an attempt to help end a shortage in cybersecurity workers, the company announced Thursday. CNBC, October 25, 2021

Cyber Enforcement

UK Police Seize Bitcoin Worth $2.8 Million From Teen Operating Scam Website: British police have seized bitcoin worth almost $3 million from a teenager who set up a fake website to scam consumers. “At the time they were worth £200,000. They are now worth a little over £2 million.”, October 28, 2021

Russian accused of being part of cybercrime ring extradited from South Korea to Ohio: (CNN)A Russian man accused of being part of cybercrime ring that infected millions of computers worldwide was arraigned in federal court in Ohio on Thursday after being extradited from South Korea, the Justice Department announced. CNN, October 28, 2021

FBI Raids Chinese Point-of-Sale Giant PAX Technology: U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations. KrebsOnSecurity, October 26, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge