Cybersecurity News of the Week, March 22, 2020

Individuals at Risk

Cyber Privacy

Unidentified Database Exposes 200 Million Americans … Leaked information includes name, birth dates, credit ratings, mortgage & tax records, political, charitable, & religious donations: The unsecured database contained a folder that included more than 200 million incredibly detailed records of what looked like profiles of US users. CyberNews, March 20, 2020

How Much Privacy Are You Entitled to During a Pandemic?: According to U.S. government officials, privacy may be a necessary victim of the novel coronavirus. According to the Washington Post, federal officials have recently held conversations with an array of tech companies to discuss increased access to geolocation information taken from Americans’ smartphones. That’s highly personal information, showing who meets with whom and who goes where. Officials say they need the data to map the spread of the disease and determine if people are self-quarantining and that it will be kept anonymous and aggregated to protect privacy. But we should all be concerned about how that data could be used once the current pandemic has passed. Slate, March 20, 2020

Cyber Danger

Thousands of COVID-19 scam and malware sites are being created on a daily basis: In the midst of a global coronavirus (COVID-19) pandemic, hackers are not letting a disaster go to waste and have now automated their coronavirus-related scams to industrial levels. ZDNet, March 18, 2020

Cyber Defense

How to Stay Safe From Cybercrime When Working at Home During the Outbreak: For starters, beware of email and calls claiming to be from your company’s IT department. Consumer Reports, March 20, 2020

7 Spring Cleaning Tasks to Improve Data Security: This year, March 19 ushered in spring in the Northern Hemisphere — the first time since 1896 that the season has started so early. So why not take advantage of the season’s early arrival to do some spring cleaning, not only of your physical space, but of your data and systems, too? Digital spring cleaning can make your life easier and dramatically improve data security as well. SecurityIntelligence, March 20, 2020

The Web’s Bot Containment Unit Needs Your Help: Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding. KrebsOnSecurity, March 16, 2020

Cyber Humor

Information Security Management for the Organization

Information Security Management and Governance

Security Ratings Are a Dangerous Fantasy … They don’t predict breaches, and they don’t help people make valuable business decisions or make users any safer: Security professionals don’t like security ratings, also known as cybersecurity risk scores. Partly this is because people don’t like being criticized. But mostly it’s because security ratings don’t work, and cannot work as presently conceived and sold. The industry is a marketing facade. Security ratings do not predict breaches, nor do they help people make valuable business decisions or make anyone safer. DarkReading, March 20, 2020

Cybersecurity considerations for business leaders navigating coronavirus disruptions: This article outlines cybersecurity issues business leaders should take into consideration as they navigate the business changes brought on by the COVID-19 pandemic. ITProPortal, March 20, 2020

NIST asks for public comments on new cybersecurity risk management document: The National Institute of Standards and Technology is asking for public comments on a new report that provides insight into how organizations can integrate cybersecurity into enterprise risk management. FifthDomain, March 20, 2020

Millions of Americans are suddenly working from home. That’s a huge security risk: Washington (CNN)The dramatic expansion of teleworking by US schools, businesses and government agencies in response to the coronavirus is raising fresh questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data. CNN, March 20, 2020

Cybersecurity in the C-Suite & Board

Cybersecurity: An Ethical Responsibility: A discussion on how to protect legal [and other sensitive] information stored in cloud solutions. Inquiries address the most pressing concerns related to cloud storage and provide guidance for both current and future solutions used by law firms and businesses in general. Law.com, March 20, 2020

Cyber Danger

Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis: In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic. DarkReading, March 20, 2020

Private Equity Is a Tantalizing Target for Ransomware Hackers … Scammers are looking for victims with weak security and deep pockets. Many companies owned by buyout shops fit that bill: Norm Hullinger was heading into work one day in October when he got a call that his company’s network was acting up. It was no simple glitch. Hackers had started freezing the data of Alphabroder, a sportswear distributor. They wanted more than $3 million to restore it. Grappling with whether to pay, Hullinger, the chief executive officer, embarked on a journey that’s increasingly familiar to law firms, hospitals, and cities that have found themselves on the other end of negotiations with ransomware criminals. Bloomberg, March 17, 2020

Cyber Defense

SANS Security Awareness Work-from-Home Deployment Kit: Everything you need to know to create a secure work-from-home workforce during the COVID-19 pandemic and beyond. SANS, March 2020

Cyber Miscellany

Coronavirus: What business pros need to know: The coronavirus is spurring questions and concerns in the tech industry. Get tips on telecommuting, interviewing and hiring, travel, and cybersecurity, as well as the latest news about COVID-19. TechRepublic, March 20, 2020

Cybersecurity in Society

Cyber Fraud

Coronavirus Widens the Money Mule Pool: With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.” KrebsOnSecurity, March 17, 2020

Cyber Privacy

15 GROUPS CALL ON LAWMAKERS TO PROTECT PRIVACY AND PERSONAL DATA IN COVID-19 RELIEF PACKAGES: Congress must take steps to protect our privacy and secure our personal data, including location and health data, in the forthcoming emergency relief packages, 15 groups said in a letter sent to members of Congress today. Amnesty International, March 20, 2020

Covid-19 Spurs Facial Recognition Tracking, Privacy Fears: The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn. ThreatPost, March 20, 2020

Collection of Mobility Data by Los Angeles Government Sparks Creation of Privacy Coalition With a Surprising Leader: Uber: A controversial plan by the Los Angeles Department of Transportation (LADOT) to collect mobility data has met with pushback from a broad variety of sources. Uber, one of the primary market forces that the plan was designed to counteract, has emerged as the leader of an unusual coalition that opposes it for everything from data privacy rights to financial gain. CPO, March 20, 2020

Professing Principles of Digital Ethics and Privacy: An Interview with Dr. Anita L. Allen, Vice Provost and Professor, University of Pennsylvania. CPO, March 20, 2020

Citing COVID-19, Trade Groups Ask California’s Attorney General To Delay Data Privacy Enforcement: As companies around the world deal with the COVID-19 crisis, dozens of trade organizations across multiple industries want California’s attorney general to delay enforcing the state’s new data privacy law until 2021. Forbes, March 19, 2020

Cyber Crime

Security Breach Disrupts Fintech Firm Finastra: Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks. KrebsOnSecurity, March 20, 2020

Cyber Defense

Why cybersecurity matters more than ever during the coronavirus pandemic: As the coronavirus pandemic continues to disrupt global health, economic, political and social systems, there’s another unseen threat rising in the digital space: the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis. WorldEconomicForum, March 17, 2020

National Cybersecurity

What You Need to Know About the Cybersecurity Solarium Commission Report: The Cybersecurity Solarium Commission’s recently released report outlines a strategy to fundamentally reshape the U.S.’s approach to cybersecurity and prepare for resiliency and response before a major cyber incident occurs, not after. Unlike the original Solarium Commission, which operated in a classified environment, the Cybersecurity Solarium Commission chose to release its report publicly out of recognition that cybersecurity involves everyone. GovernmentCIyO, March 20, 2020

Hackers breach contractor for Russian Intelligence Agency FSB and leak details about IoT hacking project: Digital Revolution hacker group leaks details about “Fronton” an IoT botnet a contractor was allegedly building for the FSB, Russia’s intelligence agency. ZDNet, March 20, 2020

The Cybersecurity 202: Coronavirus pandemic makes U.S. more vulnerable to serious cyberattack, lawmakers warn: The United States is increasingly vulnerable to a cyberattack targeting hospitals, food supplies or other vital functions during the coronavirus pandemic, lawmakers and experts say. They’re calling on the Trump administration to take bold action to keep adversaries at bay. Washington Post, March 19, 2020

Cyber Law

In Times Of Pandemic, GDPR Still Applies, EU Warns: Despite the rapid spread of coronavirus, organizations must still take heed of the provisions of the General Data Protection Regulation (GDPR), the EU has warned. In a statement issued this morning, the European Data Protection Board (EDPB) says that it’s possible to adapt to the situation while remaining within the rules. Forbes, March 20, 2020

Cyber Miscellany

AWS, IBM launch programs to encourage developers solving COVID-19 problems: As society comes to grips with the growing worldwide crisis related to the COVID-19 virus, many companies are stepping up in different ways. Today, two major tech companies — Amazon and IBM — each announced programs to encourage developers to find solutions to a variety of problems related to the pandemic. TechCrunch, March 20, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge