Finland pushes through change to ID code law
The Finish government said it was preparing new legislation to allow citizens to change their personal identity codes in cases of data breaches that carry a high risk of identity theft. The move comes after thousands of citizens had their personal information stolen during a hack of patient records at the Vastaamo psychotherapy clinic. Previously, Finnish law did not allow for changing a ID code in order to prevent criminal activity. The government expects to have the legislation finished in early 2021.
Researchers find Trickbot is still kicking
Last month, the US Cyber Command, Microsoft, and other companies participated in a coordinated effort to disrupt the Trickbot botnet. A new report by the threat intelligence firm Intel 471 now finds that the botnet is down but not out. According to the firm, Trickbot appears to have shifted to a different tool called BazarLoader to distribute Ryuk ransomware. BazarLoader uses similar code and infrastructure to Trickbot. While the original Trickbot architecture appears to have been mostly wiped out, the group has spun up new C2 servers, and in some cases has begun launching successful targeted ransomware campaigns again. According to Intel 471, the only way to permanently disrupt Trickbot would be to arrest the actual operators.
New study looks at the source of Android malware
The study comes from security researchers from NortonLifeLock and the IMDEA Software Institute, who found that 67% of unwanted and malware app installs on Android came from the Google Play Store. This study looked at the origin of app installations across 12 million Android devices from June through September 2019, analyzing 34 million APK installs. The Play Store accounted for 87% of overall app installs in the study. Alternative app marketplaces came in second with 10% of unwanted installs. Overall the study found 12 major categories of app installations, including web browsers, mobile device management services, instant messaging platforms, and side loaded through a local file manager.
Most Americans reuse passwords on work devices
A September survey by Visual Objects found that 63% of respondents reused passwords across multiple accounts on work devices. The survey also found that 91% of employees said employers were more responsible for cybersecurity than their employees. The survey also found an interesting age gap: 2% of baby boomers admitted to always reusing work-related passwords, compared to 13% of millennials.
Thanks to our sponsor, Blumira
Microsoft calls to stop using phone-based MFA
Microsoft’s Director of Identity Security Alex Weinert has spent the past year encouraging Windows users to enable multi-factor authentication. In a new blog post, Weinert advises that users avoid telephone-based MFA solutions if possible, citing known security issues in phone networks. These include SMS and voice calls being transmitted in cleartext, the easy availability of phishing tools to acquire phone-based MFA codes, and the prevalence of SIM swapping attacks to transfer phone numbers to an attackers SIM. Weinert expects the security gap between phone-based MFA and other solutions to widen in the future. Weinert recommends authenticators apps as a more secure solution, with hardware security keys as the most secure option.
CISA head reportedly resigns
CISA’s assistant director for cybersecurity Bryan Ware confirmed to Reuters that CISA head Christopher Krebs handed in his resignation on November 12th, after the White House reportedly asked for him to leave earlier this week. Krebs came under fire in the White House for CISA’s “Rumor Control” website that debunked misinformation about the election, with CISA refusing to delete accurate information at the White House’s request. Krebs had previously drawn bipartisan praise for how the agency handled security around the 2020 election.
Animal Jam breach leaks data on 46 million accounts
The platform is aimed at children ages 7-11, with 130 million registered users. After a threat actor published partial databases with information on millions of accounts, Animal Jam publisher WildWorks launched an investigation, finding that the leak came from a compromised server from a third-party vendor. The database includes 7 million email addresses of parents and 32 million usernames and encrypted passwords, as well gender, birthday, and payment address information. WildWorks recommends all account holders change their passwords as a precaution.
Google patches more Chrome zero-days