Cybersecurity Digest #7: 22/06/2020 – 03/07/2020

Cybersecurity News

  • Google said it will automatically delete some location history after 18 months for new users and make it easier for everyone to access its search, Maps and YouTube apps without being tracked.
  • US Senators introduced the Lawful Access to Encrypted Data Act, a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior.
  • Security researchers from the Shadowserver Foundation, a non-profit organization focused on improving cyber-security practices across the world, have published a warning about companies that are leaving printers exposed online. Experts said they usually found an average of around 80,000 printers exposing themselves online via the IPP port on a daily basis.
  • Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days. Apple unilaterally took this decision in February 2020, following their announcement, other companies have stated similar intentions to implement the same rule in their browsers.
  • Microsoft announced that it would be acquiring CyberX, a security startup that focuses specifically on detecting, stopping, and predicting security breaches on internet of things networks and the networks of large industrial organizations. Terms of the deal are not being disclosed but sources say that it’s in the region of $165 million.
  • The U.S. Federal Reserve issued guidance on how financial organizations from the United States can mitigate payment fraud attempts scammers carry out using synthetic identity accounts. Synthetic identities are created by fraudsters after combining real information and fake information. The Federal Reserve says that traditional fraud detection models are not designed to detect synthetic identities, and this leads to fraudsters successfully using them as part of their fraud attempts.
  • A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software. EvilQuest goes beyond the normal encryption capabilities for run-of-the-mill ransomware, including the ability to deploy a keylogger and the capability to steal cryptocurrency wallets on the victims’ systems.
  • Microsoft has released two out-of-band security updates to address remote code execution security vulnerabilities affecting the Microsoft Windows Codecs Library on several Windows 10 and Windows Server versions. The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as critical while the second received an important severity rating.

Cybersecurity Blog Posts

  • Doug Helton, chief strategy officer and VP of Intelligence at King & Union, told how epidemiology can solve the people problem in security. The World Health Organization (WHO) describes a three-step process for contact tracing: Contact ID, then Listing (investigating who individuals with confirmed cases had contact with), and finally, Follow-up.
  • Recorded Future shared a fragment from the second edition of their book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program.” Here is the chapter seven, “Threat Intelligence for Risk Analysis.”
  • Louis Columbus describes why AI and machine learning are defining the future of remote monitoring. His article also presents three dominant types of machine learning algorithms current and future-generation AI-based video recognition systems are relying on: supervised learning algorithms, unsupervised learning algorithms and reinforcement learning algorithms.

Research & Analytics

  • ESET conducted a study on the state of IT infrastructure for startups and microbusinesses during the pandemic. It turned out that a third of entrepreneurs (33%) faced various types of cyber threats during this period. Spam was the most common — it was chosen by 36% of respondents. One of five companies (21%) were affected by banking Trojans, 13% by phishing attacks, and 12% by encryptors.
  • The Ponemon Institute just released its annual «The Cyber Resilient Organization» report, sponsored by IBM Security. In its fifth year, this study takes an in-depth look at organizations’ ability to prevent, detect, contain and respond to cyberattacks. The report examines changes in cyber resilience and identifies approaches and best practices organizations took to improve their overall cyber resilience.
  • WatchGuard Technologies announced the release of its Internet Security Report for Q1 2020. For the first time ever, this report includes data on the percentage of malware in the wild delivered via encrypted HTTPS connections. WatchGuard’s threat intelligence shows that 67% of all malware in Q1 was delivered via HTTPS, so organizations without security solutions capable of inspecting encrypted traffic will miss two-thirds of incoming threats. Additionally, 72% of encrypted malware was classified as zero day.
  • Secureworks Counter Threat Unit (CTU) researchers presented a report on changes in threat behavior and lessons learned for March-April 2020. According to the report, multiple threat actors leverage COVID-19, remote access security is essential in the current working environment and big breaches begin with small intrusions.
  • Synack’s 2020 State of Compliance Report finds that financial services is the most targeted industry for cyberattacks, with 150% more breach-worthy vulnerabilities than other industries. In this report you will learn the most effective methodologies used for compliance and security testing, how crowdsourced testing is expected to be used by 50% of organizations by 2020, and why 44% of respondents are performing testing monthly or more frequently.
  • In the first quarter of the year, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter. Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals alike.
  • ATA Haxil, an expert in computer engineering, published the results of his large-scale study of password practices. Haxil analyzed more than a billion compromised credentials. According to the analyst, one of every 142 passwords analyzed was a combination of the digits “123456”.
  • Open source software (OSS) continues to grow in popularity and remains a key part of application development. in the  Forrester’s The State of Application Security 2020  industry report, were discussed the security implications of using OSS. According to the report, there was an increase of nearly 50% in the number of reported OSS vulnerabilities over 2018.
  • According to a Linklaters analysis, there has been a major increase of data breach notifications to data protection authorities, with an average increase in notifications of 66% compared to Year 1 of the EU General Data Protection Regulation (‘GDPR’) (25 May 2018 to 24 May 2019). However, the UK has bucked the trend, reporting a decrease.
  • In April, the company NordLocker polled 1,400 Internet users in the US and UK, revealing that over 50% of respondents had fallen victim to malicious cyber activity. Brits hold steady at 55%, while 67% of Americans admit to having encountered malicious cyber activities while using their Internet-enabled devices. Computer viruses, phishing scams and stolen passwords were among the most common cyber-related incidents mentioned by users.
  • Check Point experts have uncovered a sophisticated phishing campaign aimed at collecting corporate data and compromising Microsoft Office 365 accounts. To avoid detection, hackers used the servers of well — known organizations-the University of Oxford, Adobe and Samsung.

Major Cyber Incidents

  • Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics.The details of the attack have not been released but the hackers stated that they have stolen from the company proprietary information for projects that involve big U.S. Companies.
  • Cybercriminals claim they have hacked the systems of U.S. printing giant Xerox and they are threatening to leak files stolen from the company unless they get paid. The threat actor operating the ransomware known as Maze has published several screenshots on its website in an effort to demonstrate that it has gained access to Xerox systems.
  • A leading medical-research institution of University of California San Francisco (UCSF) working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation. The Netwalker criminal gang attacked it on 1 June. These hackers alone have been linked to at least two other ransomware attacks on universities in the past two months.
  • The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework.
  • Archived SQL files stolen from 945 websites are being offered on the dark web, with tens of millions of potential victims. Information that is now publicly available includes usernames, full names, phone numbers, hashed and non-hashed passwords, IP and email addresses as well as physical addresses.
  • An unknown attacker used a sophisticated hack to exploit a loophole in the Balancer protocol, which tricked it into releasing $500,000 worth of tokens. The attacker borrowed around $23 million worth of WETH tokens, an ETH-backed token suitable for DeFi trading, in a flash loan from dYdX.