NATO to create rapid response cyber force
The declaration calling for the force’s creation cites the success of Ukraine’s cyber defense based around a rapid response team on the ground. It also calls for “enhanced civil-military cooperation” to strengthen cyber defenses in the block. The rapid response force would be created on a voluntary basis between members, using national assets. While previous NATO declarations have mentioned concerns about cyber security, this document cites a “radically changed security environment” requiring a “new baseline” for member defense.
FBI warns of deep fakes for remote work
The law enforcement agency issued a warning this week that it has received increasing complaints of people using deepfake videos during interviews for remote tech jobs, particularly ones involving access to sensitive information. To add authenticity, applicants will use stolen identity information in an attempt to pass pre-employment background checks. The FBI did not say who was behind the attack, but advised organizations to look out for “actions and lip movements” that “do not coordinate with the audio of the person speaking” during interviews.
Ship controls identified as another major attack surface
Back in 2019, a container ship sailing for New York experienced a malware attack. The attack never compromised ship controls, but startled authorities. Coast Guard Rear Admiral Wayne Arguin said shipping now faces similar cyber risks to other industries, saying “I feel very confident that every day networks are being tested, which really reinforces the need to have a plan.” The UN’s International Maritime Organization issued cyber security guidelines for the industry to adopt in 2021, but experts warn many shipping companies are doing the bare minimum, even as they expand connectivity to shipping vessels. Added to this is the patchwork of systems from different vendors aboard each ship, making it difficult to make sure patches are applied. It’s believed the occurrence of cyber incidents in shipping is vastly underreported, with the Coast Guard calling for greater information sharing in the industry.
India delays enforcement on new VPN rules
The Indian Computer Emergency Response Team announced it will delay enforcement of new rules that will require cloud, virtual private server, and VPN providers to store customer names, IP addresses, email addresses, and financial transactions. The rules were set to go into effect on July 4th, but now delayed until September 25th to give “additional time” for compliance from the industry. Several VPN providers have announced plans to exit the Indian market as a result of the new rules and many security experts have called on India to not implement the changes, saying it would weaken overall cybersecurity protections.
Thanks to today’s episode sponsor, Optiv
Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters.
If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr.
Former Uber CSO charged with wire fraud
U.S. District Judge William Orrick in San Francisco ruled that former Uber chief security officer Joseph Sullivan will face wire fraud charges over an alleged role in trying to cover up a 2016 cyber attack that leaked information on millions of drivers. Prosecutors allege Sullivan agreed to pay the attackers $100,000 in bitcoin and sign nondisclosure agreements saying they did not steal data. Sullivan attempted to claim that his alleged deception only applied to then CEO Travis Kalanick and Uber’s general counsel, but the judge ruled the actions “were part of a larger scheme to defraud” impacted drivers. Uber settled claims by all 50 US states regarding the data leak in 2018 for $148 million.
(Reuters)
Ukraine busts phishing sites
Ukrainian police arrested nine members of a group operating over 400 phishing sites. These sites appeared to be legitimate EU portals offering financial assistance to people in the country, but would use forms to steal payment card data and banking credentials. The police estimate the group stole the equivalent of $3.3 million from about 5,000 victims. It’s not clear how users ended up on these sites, either through phishing, social media spam, or direct messages. Police worked with the National Bank of Ukraine to track down the scammers.
Firefox update helps with Follina
With the release of Firefox 102, Mozilla made changes to the browser to help combat the Follina PowerShell execution vulnerability. The release blocks “ms-msdt,” “search,” and “search-ms” protocols, which previously bypassed the browser to deliver content to Microsoft applications. Mozilla said it was not aware that these were used for exploits through Firefox, but blocked them since Follina was under active exploitation. The update also fixed bugs where users could drag an image file to your desktop that would allow an executable to be saved, and fixed an address bar spoofing bug on Linux.
A patch in time saves…money
According to a new report by Tetra Defense, in Q1 82% of successful cyber attackers were the result of unpatched vulnerabilities, compared to 18% from social engineering against employees. The Exchange ProxyShell exploit accounted for about a third of external breaches, while insecure Remote Desktop Protocol servers accounted for another quarter. The report found compromises from unpatched systems cost organizations 54% more than those by user action like phishing. The report also notes that the cost of cloud misconfigurations are generally much lower than unpatched systems, even though these can often get more public attention.