This week’s Cyber Security Headlines – Week in Review, August 23-27, 2021, is hosted by Steve Prentice with our guest, Edward Contreras, (@CISOEdwardC)CISO, Frost Bank
Cyber Security Headlines – Week in Review is live every Friday at at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.
Microsoft and Google to invest billions to bolster US cybersecurity
During the White House cybersecurity summit with business leaders on Wednesday, President Biden and his cabinet discussed how to better protect US businesses and interests against increasing cyberattacks. Commitments made by attending organizations include working with NIST on open-source software security standards to better protect against supply chain attacks. Additionally, Apple will push for mass adoption of multi-factor authentication, vulnerability remediation, event logging, and security training, while Google committed to investing $10 billion over the next five years to expand security initiatives such as zero-trust programs. Microsoft committed to investing $20 billion over the same period to increase its security solutions including initiatives to improve governmental security protections. Amazon will make their internal security awareness training available to the public for free and offer no-cost MFA devices to AWS customers. Cyber insurers pledged to improve the security posture of policyholders and several organizations committed to security awareness training initiatives, some of which specifically focus on historically excluded groups in technology.
More Than 600 ICS flaws spotted in H1 2021
The vulnerabilities in Industrial Control Systems marks an increase of 41% year over year, and directly impacts 76 vendors. The most affected manufacturers were Siemens with 146 vulnerabilities, followed by Schneider Electric, Rockwell Automation, WAGO, and Advantech. An important point is that the list of affected manufacturers also includes 20 companies whose products were not affected by any of the bugs reported last year. Most of the vulnerabilities were critically or highly rated and constituted a severe danger to industrial control systems, and the the majority of the vulnerabilities, 90%, were discovered to be exploitable without the need for any specialized knowledge.
Apple started scanning for CSAM in 2019
Earlier this month, Apple announced it would start client-side scanning of devices for hashes derived from child sexual abuse materials or CSAM. These scans would only occur when uploading content to iCloud. This triggered concerns about potential privacy implications and potential uses for state censorship. Apple has now confirmed it has been scanning outgoing and incoming iCloud Mail for CSAM since 2019, although it says it has never scanned iCloud Photos or iCloud backups. Apple’s pages on child safety policy and interviews with executives have previously alluded to some sort of existing CSAM scanning. Sources tell 9to5Mac that the total number of reports Apple makes regarding CSAM each year is measured in the hundreds.
(9to5Mac)
21-year-old claims responsibility for massive T-Mobile hack
John Binns, a 21-year-old Virginia native who now lives with his mother in Turkey, claims to be the driving force behind the T-Mobile hack which exposed the sensitive data of more than 50 million people. Binns told the Wall Street Journal that he conducted the attack from his home, where he gained access to a data center near East Wenatchee, Washington after which it took about one week to gain access to the servers containing the personal data. Binns stated, “I was panicking because I had access to something big. Their security is awful.” Binns revealed that he carried out the attack because he was angry about being tortured and spied on by US law enforcement agencies as part of cybercrime investigations against him. Binns would not confirm if the stolen data has been sold or if anyone paid him to carry out the attack.
(ZDNet)
Thanks to our episode sponsor, Privacy.com
New Hampshire town loses millions to email scammers
The town of Peterborough reported it lost $2.3 million as the result of business email compromise scammers, which redirected bank transfers using forged documents sent to the Peterborough Finance Department. This compromise was achieved using phishing and social engineering techniques. The town first became aware of the issue on July 26th when the ConVal School District reported it didn’t receive its $1.2 million monthly transfer. The US Secret Service Cyber Fraud Task Force is currently investigating the attack, which originated from overseas. It’s unclear if insurance will cover the lost funds, and it’s doubtful the transactions can be reversed.
Does cyber insurance make ransomware worse?
According to a new study from the cybersecurity firm Talion, 70% of cybersecurity professionals believe cyber insurance payouts to victims exacerbates the issue of ransomware. The study also found that 45% of respondents thought organizations don’t report ransomware attacks to law enforcement because they believe it will slow down recovery, while 37% said it was because a company paid a ransom and wanted to avoid legal trouble as a result. 10% of respondents said they didn’t even know how to report a ransomware incident to law enforcement.
Ragnarok ransomware releases master decryptor after shutdown
The Ragnarok ransomware gang, who have been in operation since January 2020, appears to have called it quits Thursday, abruptly replacing all victims on their leak site with a master decryption key and brief instructions for using it. The gang left no explanation for shutting down, and its leak site listed 12 recent victims from various countries including France, U.S., Hong Kong, Spain, and Italy, up until early on Thursday. Ransomware expert Michael Gillespie confirmed the legitimacy of the decryptor by successfully decrypting a random Ragnarok file. A universal decryptor for Ragnarok ransomware is currently in the works and will soon be released by Emsisoft, a company famed for assisting ransomware victims with data decryption.
Q for Ed: These ransomware gangs seem to go into and out of retirement more often than classic rock bands. Is this a clever game of whack-a-mole to keep security people off balance?
Verizon has successfully deployed a VPN that could withstand quantum attacks
Verizon is trialing what it describes as a “quantum-safe” virtual private network (VPN) between one of the company’s labs in London, UK and a US-based center in Ashburn, Virginia. According to Verizon, the trial used encryption keys that were generated using post-quantum cryptography methods and demonstrates that it is possible to replace current security processes with quantum-proof protocols. While NIST has been leading an initiative to develop similar algorithms, Verizon has significant amounts of VPN infrastructure and the company sells VPN products, which is why the team is keen to employ post-quantum cryptography sooner.(ZDNet)