IT Security News Blast – 8-2-2021
48 Advocacy Groups Call on the FTC to Ban Amazon Surveillance
On Thursday, a coalition of 48 civil rights and advocacy groups organized by Athena asked the Federal Trade Commission to exercise its rulemaking authority by banning corporate facial surveillance technology, banning continuous corporate surveillance of public spaces, and protecting the public from data abuse.
NSA Warns Public Networks are Hacker Hotbeds
More interestingly, the agency cites Bluetooth as a convenient protocol for private use, but when used in public settings it can be a nasty security liability. The NSA advises turning off Bluetooth in public, lest a user be open to a range of attacks such as BlueBorne or BlueBugging – both used to access and exfiltrate corporate data on targeted devices.
Even providers with robust cybersecurity programs are struggling to secure their supply chain systems
According to a recent industry report, less than a quarter of hospitals, accountable care organizations (ACOs) and other healthcare providers demonstrated acceptable conformance with established framework standards. [...] Provider organizations’ primary shortcoming in this area was their ability to validate whether their third-party suppliers and other partners are in line with their contractual security obligations, the firm wrote.
447,000 patients exposed after phishing attack on Florida practice
After the attack, the physician practice launched an investigation and found that three other employee email accounts had been breached. Within 24 hours, unauthorized access to each of the four email accounts was terminated, according to the news release.
Romanian Intelligence: Hospitals Need ‘Urgent’ Protection from Cyber-Attacks
On 22 July this year, the SRI said the servers of the Witting hospital in Bucharest were targeted by a cyberattack conducted with a ransomware application known as PHOBOS. “After encrypting the data, the attackers demanded that a ransom be paid for them to decrypt them again,” the intelligence service said at the time.
Ransomware attacks rise despite US call for clampdown on cybercriminals
Biden has said he told Putin in no uncertain terms that “certain critical infrastructure should be off limits to cyber attack — period”. Nevertheless, data show that ransomware attacks continue apace, including in sectors such as healthcare and education. It is unclear whether Biden will take further action in light of this.
Global cyber attacks up as ransomware surges by 93%
Global cyber attacks have increased by 29% in the last six months, as hackers continue to exploit the COVID-19 pandemic and the shift to remote working, according to new research. [...] During this same period, ransomware attacks surged 93%, fuelled by innovation in attack technique called Triple Extortion.
Top 5 things to know about cyber-physical attacks
If you're the kind of person who was paying attention to ransomware years ago and want to make sure you're prepared for the next kind of attack before it hits, pay attention to Gartner's latest report. Physical systems are a prime target, according to Gartner's analysts.
Biden Administration Issues National Security Memorandum Shortly after the House Passes Three Bills Aimed at Cybersecurity in the Energy Industry
The federal government is seeking to increase cybersecurity in critical infrastructure industries through the implementation of a voluntary Industrial Control Systems Cybersecurity Initiative (Initiative), while the US House of Representatives (House) concurrently focuses on the same goal by passing three bills aimed at enhancing cybersecurity.
Cyber Warfare Begins With Military Precision
Regarding the cyber warfare landscape for 2021, the most critical group to secure is the small and midsize business sector (SMBs), particularly following the pandemic. When working with tech-specific organizations and the military, process management and a sense of purpose can overcome inertia and apathy until a financial loss appears.
Cyberattacks reveal China's willingness to raise the temperature
While this growing consensus on the need to more forcefully engage in competition with China is coming into focus, the pressure will only grow on private sector companies that find themselves in the gyre of this political and economic decoupling. [...] For many U.S. and allied companies, the need to do business in China is a reality of the global economy.
‘Emergency Meeting’: Israeli Cyberarms Firms Scramble After NSO Scandal [Subscription]
Titled “Emergency Cyber Industry Meeting - Events of Recent Weeks”, the get-together is intended to allow the different firms active in the same field as NSO to come together, coordinate and find ways to cooperate in wake of the backlash caused by Project Pegasus.
Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
In revealing these 30 servers' IP addresses and details of their SSL certificates, RiskIQ follows the lead of the US CISA infosec agency, which in April told the world exactly what the SVR was deploying and from where, along with offering avoidance advice.
CISA Issues Alert on Top Exploited Vulnerabilities
The Alert concludes that cyber criminals are exploiting vulnerabilities in unpatched systems, but that many of the vulnerabilities that criminals are exploiting recently are those that have already been disclosed (and should have already been patched) over the past two years.
With help from Google, impersonated Brave.com website pushes malware
The attack worked by registering the domain xn--brav-yva[.]com, an encoded string that uses what’s known as punycode to represent bravė[.]com, a name that when displayed in browsers address bars is confusingly similar to brave.com, where people download the Brave browser. Bravė[.]com (note the accent over the letter E) was almost a perfect replica of brave.com, with one crucial exception: the “Download Brave” button grabbed a file that installed malware known both as ArechClient and SectopRat.
Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?
It's not feasible to ask every org to break out disassemblers, source code editors, and network and memory analysis tools, and have staff on hand capable of using them, to inspect every update, be they open or closed source. It would be better to have robust mechanisms in place to verify that software packages are legit[.]
Russians Tied To The SolarWinds Cyberattack Hacked Federal Prosecutors, DOJ Says
The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee's email account compromised during the hacking campaign.