Cyber Security Headlines – July 5, 2021

Kaseya was fixing zero-day just as REvil sprang their attack

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack. The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers. However, in what can only be seen as a case of bad timing, the REvil ransomware gang beat Kaseya and used the same zero-day to conduct their Friday night attack against managed service providers worldwide and to their customers.

(Bleeping Computer)

Further context on the Kaseya attack

Deployed at noon on Friday, the start of the US Fourth of July holiday weekend, the REvil ransomware attack affected eight known managed service providers and over a thousand of their customers through Kaseya, a cloud-based MSP. Huntress Labs’ John Hammond  told BleepingComputer that all of the affected MSPs are using Kaseya VSA and that they have proof that their customers are being encrypted as well. Kaseya issued a security advisory on their help desk site, warning all VSA customers to immediately shut down their VSA server to prevent the attack’s spread while investigating. DoublePulsar researcher Kevin Beaumont posted a summary stating that the REvil ransomware arrived via a Kaseya update and used the platform’s administrative privileges to infect systems. Once the Managed Service Providers were infected, their systems were able to attack the clients that they provide remote IT services for (network management, system updates, and backups, among other things). As of this recording, this first time a ransomware group has used a zero-day in attacks, hitting around 40 customers worldwide, including 500 stores belonging to the Swedish grocery chain Coop.

(The Verge, BBC News, and The Hacker News

DHS announces most successful cybersecurity hiring initiative in its history

Secretary of Homeland Security Alejandro N. Mayorkas on Friday announced the Department’s largest cybersecurity hiring initiative ever with the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers. This hiring initiative, which exceeded its goal by almost 50 percent, is part of a 60-day Cybersecurity Workforce Sprint focused on building a more diverse cybersecurity workforce. The initiative also includes an Honors Program for recent cybersecurity graduates for a one-year professional development program at DHS, followed by eligibility for permanent, full-time positions, an expansion of of its K-12 initiative to cultivate the next generation of diverse cybersecurity professionals, and a new cybersecurity initiative for girls in grades 6-12.

(DHS Press Release)

Thanks to our episode sponsor,
RevCult

On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.

Windows Update bug blocks Azure Virtual Desktops security updates

Microsoft is working to fix a known issue blocking Azure Virtual Desktops devices from downloading and installing recent security updates via Windows Server Update Services (WSUS). “Devices running Windows 10 Enterprise multi-session, version 1909 might not be able to download updates later than May 2021,” Microsoft says in the Windows Health Dashboard. The Settings app under the Windows Update setting, will display the message ‘You’re up to date’ even if no updates later than May 2021 have been installed. Microsoft is currently working on resolving this bug and will update it in an upcoming Windows release.

(Bleeping Computer)

Robinhood ordered to pay $70 million over ‘harm’ caused to millions of traders

On June 30, the US Financial Industry Regulatory Authority (FINRA) levied the penalty in response to a series of systematic failures including major outages in March 2020, the GameStop fiasco of January of this year, as well as the impact on millions of customers who “received false or misleading information” from the company. In addition, Robinhood allegedly allowed thousands of customers to trade options improperly, relying on algorithms and bots rather than performing due diligence. FINRA says that these actions caused “widespread and significant harm, and this is reported to have included one suicide. Robinhood has neither admitted nor denied the charges.

(ZDNet)

China blocks Didi from App stores days after mega U.S. IPO

China’s Cyberspace Administration ordered app stores to remove Didi Chuxing, dealing a major blow to a ride-hailing giant that just days ago pulled off one of the largest U.S. initial public offerings of the past decade. Citing serious violations regarding the collection and usage of personal information, the decision requires the largest app stores in China, operated by the likes of Apple Inc. and smartphone makers Huawei Technologies Co. and Xiaomi Corp., to strike Didi from their offerings. But the current half-billion or so users can continue to order up rides and other services so long as they downloaded the app before Sunday’s order. Beijing has recently been curbing the growing influence of China’s largest internet corporations.

(Bloomberg)

Could technological diversity help keep systems secure?

A growing school of thought suggests that resilience and preparation against cyberattacks might be helped if there was less focus on homogeneous systems. Robert M. Lee, the CEO and founder of the security company Dragos, Inc., notes the increasing trend of homogenous infrastructure in recent years as vendors acquire one another and settle common technologies and operating platforms, and suggests this makes it easier for threat actors to practice, deploy and refine their techniques across a wide selection of victims. This isn’t a vendor issue, he adds, instead pointing the finger at customers as the source of the conformity pressure. His thoughts are available in full at robertmlee.org.

(robertmlee.org)


Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.