Cybersecurity Digest #17: 18/01/2021 – 29/01/2021

Cybersecurity News

  • EUR 272.5 million of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to international law firm DLA Piper. EUR 158.5 million of fines imposed since 28 January 2020, a 39% increase on the previous 20 month period since the application of General Data Protection Regulation.
  • Cybersecurity firm FireEye released a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks.
  • The JSOF research labs are reporting 7 vulnerabilities found in dnsmasq, an open-source DNS forwarding software in common use. The experts have identified approximately 40 vendors using dnsmasq in their products, as well as major Linux distributions.
  • A security researcher launched this month a web portal that lists vulnerabilities in the code of common malware strains. The researcher hopes other security professionals will use the bugs to crash, disable, and uninstall malware on infected hosts as part of incident response operations. Created and launched by bug hunter John Page, the new MalVuln portal is available at malvuln.com.
  • Windows 10 NTFS corruption bug gets unofficial temporary fix. OSR, a software development company specializing in Windows internals, has released an open-source filter driver that prevents the NTFS bug from being abused while waiting for an official fix from Microsoft.
  • Drupal developers released a patch for a critical vulnerability in the third-party Archive_Tar library included in the CMS. The fact is that exploits are already created are available in the network.
  • Networking device maker SonicWall has announced that it is investigating a security breach of its internal network after detecting what it described as a “coordinated attack.”. In a short statement posted on its knowledgebase portal, the company said that “highly sophisticated threat actors” targeted its internal systems by “exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
  • Symantec, a division of Broadcom (NASDAQ: AVGO), has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers. Raindrop (Backdoor.Raindrop) is a loader which delivers a payload of Cobalt Strike.

Cybersecurity Blog Posts

  • 5 Tips for Cyber Risk Management are listed in Galvanize article: use risk scoring and analytics, create a cyber risk committee, take a phased approach, put the spotlight on your cybersecurity initiatives and identify the right automation tools to help you manage risk.
  • Roark Pollock tells about risk management in his article OT Cybersecurity in 2021 and Beyond Series: Part II. He provides IT experts’ opinion on various topics related to information security risks, such as quantifying OT cyber risk and focus on resilience.
  • Hunter Sekara explained why NIST Cybersecurity Framework is a key to critical infrastructure cyber resiliency. He described the history of creation of the NIST Cybersecurity Framework, its main functions and their brief description. He also concluded that Cybersecurity Framework is an excellent resource for integrating and aligning security risk management activities between the federal and private sectors.

Research and analytics

  • Check Point Research (NASDAQ: CHKP) has published its new Brand Phishing Report for Q4 2020. The report highlights the brands, which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials. In Q4, Microsoft was again the brand most frequently targeted by cybercriminals, as it was in Q3 2020.
  • According to Global cybersecurity 2021 forecast performed by Canalys’ researchers, the overall cybersecurity market value is expected to reach US$60.2 billion in 2021, covering shipments of endpoint security, network security, web and email security, data security, vulnerability and security analytics, and identity access management. The latest quarterly Canalys cybersecurity forecast predicts spending will increase 10.0% worldwide in the best-case scenario in 2021. Even in Canalys’ worst-case scenario, the outlook is for annual growth of 6.6%.
  • Emsisoft has published The State of Ransomware in the US: Report and Statistics 2020. Unfortunately, at least 2,354 US governments, healthcare facilities and schools have been impacted during 2020. The private sector was hit hard too, globally, more than 1,300 companies, many US-based, lost data including intellectual property and other sensitive information.
  • Wiz research team conducted an extensive research of permissions provided to 3rd party vendors in cloud environments and the results should be a wake-up call: 82% of companies unknowingly give 3rd parties access to all their cloud data and over 90% of cloud security teams were not aware they gave high permissions to 3rd party vendors.
  • Sophos have published «Cybersecurity: The Human Challenge» – findings from an independent survey of 5,000 IT managers across 26 countries. This comprehensive study provides brand new insights into the state of cybersecurity skills and resources across the globe. It reveals the realities facing IT teams when it comes to the human-led delivery of cybersecurity and explores how organizations are responding to the challenges they face.
  • ISACA’s Privacy in Practice 2021 report: Data Privacy Trends, Forecasts and Challenges presents a snapshot of the range of privacy issues dominating IS/IT leaders’ focus, from technical privacy controls to board of directors’ support. Learn the key findings from the report, focusing on organizational approaches to privacy, hiring and workforce trends.
  • Digital Shadows experts provided the latest details on ransomware in 2020 and the ransomware threat landscape for 2021 in their report. Ransomware operators targeted organizations in various sectors, Industrial Goods & Services was the most targeted industry, accounting for 29% of all alerts, while the remaining were split among several sectors. North America was the most targeted geographic region with 66% of our ransomware alerts coming from organizations in NA.
  • Trend Micro researchers investigated VPNFilter, an IoT botnet discovered over two years ago, to see why there are still routers infected by the malware and what else can be done to minimize its potential risks. Even though solutions have been deployed to lower the effectivity of VPNFilter, for end users restarting is still not enough to protect their devices from reinfection.

Major Cyber Incidents