Cybersecurity Digest #15: 14/12/2020 – 25/12/2020

Cybersecurity News

  • The US-CERT Vulnerability Database has confirmed 17,447 vulnerabilities were recorded in 2020. This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.
  • Palo Alto Networks specialists have detected PGMiner – a new cryptocurrency mining botnet delivered via PostgreSQL.
  • Facebook’s threat intelligence analysts and security experts has taken action against two separate groups of hackers — APT32 in Vietnam and a group based in Bangladesh — removing their ability to use their infrastructure to abuse Facebook platform, distribute malware and hack people’s accounts across the internet.
  • Sophos and ReversingLabs threat researchers have published a production-scale dataset of 20 million Windows Portable Executable (PE) files that will allow researchers to improve security detection and response industry-wide. SOREL-20M dataset further includes 10 million disarmed malware samples available for download and use in research and feature extraction.
  • The European Commission has set out a new EU Security Union Strategy to bolster Europe’s collective resilience against cyber threats and to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. The strategy covers the period from 2020 to 2025.

Cybersecurity Blog Posts

  • Gert Svaiko wrote about the 10 most common website security attacks and protection methods. He described Cross-Site Scripting (XSS), Distributed Denial-of-Service (DDoS), Man-In-The-Middle Attack, etc.
  • American Electric Power’s CSO Steve Swick gives 5 recommendations for cyber maturity. He advises to make threat intelligence more relevant, not to be afraid to share threat information with the government and to grow cyber talents from within the company.
  • Warren Axelrod is reasoning about complicated CISO’s role in the company. He explains that CISO’s invariably get blamed and sometimes fired even if the CISO warned management ahead of time to invest in appropriate defense and tried to get the budget for it approved, but to no avail.
  • Laura Paine told about defense in depth strategy. She described the use of DAST, SAST, SCA and Pen Testing to deliver a “secure-by-design” AppSec methodology across the entire software development life cycle.

Research and analytics

  • Positive Technologies have published 5G Standalone Core Security Research. The security experts dived into the 5G Standalone core and uncovered how cybercriminals can exploit vulnerable configuration components, breach the 5G architecture, and pull off DoS attacks.
  • Experts from the Linux Foundation & The Laboratory for Innovation Science have published the Report on the 2020 FOSS Contributor Survey. All types of contributors reported they spend very little of their time responding to security issues (an average of 2.27% of their total contribution time) and reported that they do not desire to increase this significantly.
  • The 2021 Financial Services Data Risk Report by Varonis focuses on the data security of the financial industry: banking, insurance, and investments. It was compiled using data analysis of 4 billion files across 56 financial services organizations. On average, a financial services employee has access to nearly 11 million files the day they walk in the door.For large organizations, the number is double: 20 million files open to all employees.
  • According to the Tripwire Survey “Retail Industry Ramps Up Cybersecurity for 2020 Holiday Season”, 78% of cybersecurity professionals take additional safeguards this year. 63% of organizations say their IT security teams started preparing for holiday shopping earlier than usual, and 57 percent said the increase in remote shopping has made security more difficult.
  • In OT/IoT Security Report performed by Nozomi Networks specialists you will find out about the OT/IoT threat landscape, the tactics and techniques of the most important threat actors, the top 2020 ICS vulnerabilities and their ongoing impact on risk and recommendations for securing OT/IoT networks.
  • The Veriff Fraud Report 2020 has revealed the effect of Covid-19 and how the major industries were affected. Identity fraud is the second most prevalent type of fraud in crypto (40%) and the most common type in fintech (70%). After comparing H1 2020 to H2, Veriff saw an 11% increase in identity fraud rates.
  • Orange Cyberdefense delivered its in-depth analysis of the state of threat in 2020 and shared its vision for 2021. The researchers have analyzed 168 vulnerabilities within security products where patches were available over the last 12 months. Less than 19% of them were patched within 7 days and 57% of these available patches took between 31 and 180 days to be applied.

Major Cyber Incidents

  • The state-sponsored hackers who breached US software provider SolarWinds earlier this year pivoted to Microsoft’s internal network, and then used Microsoft’s own products to further the attacks against other companies. Microsoft now joins a list of high-profile entities that have been hacked via a backdoored update for the SolarWinds Orion network monitoring application. The vast majority of other victims are US government agencies, including The National Nuclear Security Administration (NNSA) and The US Department of State.
  • ​Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion.
  • The US SIPRNET system, which is used for internal communications in the US government, was breached. The system was turned off for several hours, with virtually no means of communication with the US Department of Defense. The hacker attack was prevented, after which the system began updating.
  • Citizen Lab has announced a major digital espionage campaign targeting Al Jazeera staff. According to experts, attackers, using a previously unknown vulnerability in iOS, hacked the smartphones of dozens of journalists.