Cyber Security Headlines – February 24, 2021

Most firms now fear nation state attack

This from a study sponsored by the Cybersecurity Tech Accord and compiled from interviews with over 500 director-level or above executives from businesses in Asia-Pacific, Europe and the United States and conducted before the SolarWinds campaign even came to light. Eighty percent of respondents expressed this concern, with a majority claiming these worries have increased over the past five years., A majority of respondents also stated they want their respective governments to play a bigger role in meeting these challenges: 60% said their country only offers a medium or low-level of protection.

(InfoSecurity Magazine)

Firefox 86 gets privacy boost with Total Cookie Protection

Mozilla Firefox 86 was released yesterday with a new privacy feature that prevents web trackers from keeping tabs on web browsing activity. In Total Cookie Protection, every website gets its own ‘cookie jar,’ preventing cookies from being used to track you from site to site,” the Mozilla release notes read. It makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers.” 

(Bleeping Computer)

Shadow attacks let attackers replace content in digitally signed PDFs

Researchers from Ruhr-University Bochum in Germany have demonstrated a novel class of attacks called “shadow attacks” in which a malicious actor creates a PDF document with two different contents: one that shows the content expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed. The attacks leverage PDF features that do not invalidate the signature, such as “incremental update” features that allows for filling out a form, and interactive forms such as radio buttons to hide the malicious content. The findings were presented at the Network and Distributed System Security Symposium on Tuesday.

(The Hacker News)

Twitter removes accounts of Russian government-backed actors

“Our first investigation found and removed a network of 69 fake accounts that can be reliably tied to Russian state actors,” Twitter said. A number of these accounts amplified narratives that were aligned with the Russian government, while another subset of the network focused on undermining faith in the NATO alliance and its stability. The second Russian-linked disinformation network, comprising almost three dozen accounts, was focused on amplifying narratives striving to specifically undermine other users’ faith in the US and the EU. 

(Bleeping Computer)

Thanks to our episode sponsor, PlexTrac

PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

CrowdStrike report introduces new eCrime Index

The key findings in the 2021 CrowdStrike Global Threat Report include the health care sector staying a prime target, that North Korea will be motivated to enhance cyber operations in 2021 due to COVID-19, and a resulting food shortage, data extortion techniques will continue to accelerate through the introduction of Dedicated Leak Sites (DLS), and that China will focus on supply chain compromises and the targeting of key western verticals in support of the 14th Five Year Plan. The report includes a new eCrime index that analyzes the strength, volume, and sophistication of the cybercriminal market, and is updated weekly, based on 18 unique indicators of criminal activity. 

(CISOMag)

Nvidia announces official “anti-cryptomining” software drivers

Nvidia, the graphics chip company that wants to buy ARM, is about to launch its latest GeForce graphics processing unit chip, the RTX 3060. It has openly stated in advance that this chip’s software drivers are deliberately biased against cryptomining, by detecting its code and purposefully performing what amounts to DDoS actions against software it thinks is trying to do Ethereum calculations on the GPU. This strategy focuses on Ethereum more than bitcoin due to the highly specific calculation needs of Ethereum. Experts suggest this will unfortunately not eliminate cryptojacking, but will simply make the process more expensive – in terms of electricity consumption – for the unwitting gamer.

(Naked Security)

The bitcoin blockchain is helping keep a botnet from being taken down

Recently, a botnet that researchers have been following for about two years began using a new way to prevent command-and-control server takedowns: by camouflaging one of its IP addresses in the bitcoin blockchain. By having a server the botnet can fall back on, the operators prevent the infected systems from being orphaned. Storing the address in the blockchain ensures it can never be changed, deleted, or blocked, as is sometimes the case when hackers use more traditional backup methods, said Chad Seaman, a researcher at Akamai.

(ArsTechnica)

Experts find a way to learn what you’re typing during video calls

Research undertaken at the University of Texas at San Antonio and the University of Oklahoma, suggests that video feeds as well as YouTube and Twitch videos can be used to infer what a person is typing through a three part analysis. From a pool of detected keystrokes, words are inferred by making use of the number of keystrokes detected for a word as well as the magnitude and direction of left and right arm displacement that occurs between consecutive keystrokes of the word, combined with predictive analytics. Currently, the findings showed that hunt-and-peck typers and those wearing sleeveless clothes were more susceptible to word inference attacks, as were users of Logitech webcams.

(The Hacker News)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.