Cyber Security Headlines – Week in Review – August 23-27, 2021

This week’s Cyber Security Headlines – Week in Review, August 23-27, 2021, is hosted by Steve Prentice with our guest, Edward Contreras, (@CISOEdwardC)CISO, Frost Bank

Cyber Security Headlines – Week in Review is live every Friday at at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.

Microsoft and Google to invest billions to bolster US cybersecurity

During the White House cybersecurity summit with business leaders on Wednesday, President Biden and his cabinet discussed how to better protect US businesses and interests against increasing cyberattacks. Commitments made by attending organizations include working with NIST on open-source software security standards to better protect against supply chain attacks. Additionally, Apple will push for mass adoption of multi-factor authentication, vulnerability remediation, event logging, and security training, while Google committed to investing $10 billion over the next five years to expand security initiatives such as zero-trust programs. Microsoft committed to investing $20 billion over the same period to increase its security solutions including initiatives to improve governmental security protections. Amazon will make their internal security awareness training available to the public for free and offer no-cost MFA devices to AWS customers. Cyber insurers pledged to improve the security posture of policyholders and several organizations committed to security awareness training initiatives, some of which specifically focus on historically excluded groups in technology.

(Bleeping Computer)

More Than 600 ICS flaws spotted in H1 2021

The vulnerabilities in Industrial Control Systems marks an increase of 41% year over year, and directly impacts 76 vendors. The most affected manufacturers were Siemens with 146 vulnerabilities, followed by Schneider Electric, Rockwell Automation, WAGO, and Advantech. An important point is that the list of affected manufacturers also includes 20 companies whose products were not affected by any of the bugs reported last year. Most of the vulnerabilities were critically or highly rated and constituted a severe danger to industrial control systems, and the the majority of the vulnerabilities, 90%, were discovered to be exploitable without the need for any specialized knowledge.

(Softpedia News)

Apple started scanning for CSAM in 2019

Earlier this month, Apple announced it would start client-side scanning of devices for hashes derived from child sexual abuse materials or CSAM. These scans would only occur when uploading content to iCloud. This triggered concerns about potential privacy implications and potential uses for state censorship. Apple has now confirmed it has been scanning outgoing and incoming iCloud Mail for CSAM since 2019, although it says it has never scanned iCloud Photos or iCloud backups. Apple’s pages on child safety policy and interviews with executives have previously alluded to some sort of existing CSAM scanning. Sources tell 9to5Mac that the total number of reports Apple makes regarding CSAM each year is measured in the hundreds.

(9to5Mac)

21-year-old claims responsibility for massive T-Mobile hack

John Binns, a 21-year-old Virginia native who now lives with his mother in Turkey, claims to be the driving force behind the T-Mobile hack which exposed the sensitive data of more than 50 million people. Binns told the Wall Street Journal that he conducted the attack from his home, where he gained access to a data center near East Wenatchee, Washington after which it took about one week to gain access to the servers containing the personal data. Binns stated, “I was panicking because I had access to something big. Their security is awful.” Binns revealed that he carried out the attack because he was angry about being tortured and spied on by US law enforcement agencies as part of cybercrime investigations against him. Binns would not confirm if the stolen data has been sold or if anyone paid him to carry out the attack.

(ZDNet)

Thanks to our episode sponsor, Privacy.com

Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you’re shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you’re never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make!

New Hampshire town loses millions to email scammers

The town of Peterborough reported it lost $2.3 million as the result of business email compromise scammers, which redirected bank transfers using forged documents sent to the Peterborough Finance Department. This compromise was achieved using phishing and social engineering techniques. The town first became aware of the issue on July 26th when the ConVal School District reported it didn’t receive its $1.2 million monthly transfer. The US Secret Service Cyber Fraud Task Force is currently investigating the attack, which originated from overseas. It’s unclear if insurance will cover the lost funds, and it’s doubtful the transactions can be reversed. 

(Bleeping Computer)

Does cyber insurance make ransomware worse?

According to a new study from the cybersecurity firm Talion,  70% of cybersecurity professionals believe cyber insurance payouts to victims exacerbates the issue of ransomware. The study also found that 45% of respondents thought organizations don’t report ransomware attacks to law enforcement because they believe it will slow down recovery, while 37% said it was because a company paid a ransom and wanted to avoid legal trouble as a result. 10% of respondents said they didn’t even know how to report a ransomware incident to law enforcement. 

(InfoSecurity Magazine)

Ragnarok ransomware releases master decryptor after shutdown

The Ragnarok ransomware gang, who have been in operation since January 2020, appears to have called it quits Thursday, abruptly replacing all victims on their leak site with a master decryption key and brief instructions for using it. The gang left no explanation for shutting down, and its leak site listed 12 recent victims from various countries including France, U.S., Hong Kong, Spain, and Italy, up until early on Thursday. Ransomware expert Michael Gillespie confirmed the legitimacy of the decryptor by successfully decrypting a random Ragnarok file. A universal decryptor for Ragnarok ransomware is currently in the works and will soon be released by Emsisoft, a company famed for assisting ransomware victims with data decryption.

(Bleeping Computer)

Q for Ed:  These ransomware gangs seem to go into and out of retirement more often than classic rock bands. Is this a clever game of whack-a-mole to keep security people off balance?

Verizon has successfully deployed a VPN that could withstand quantum attacks

Verizon is trialing what it describes as a “quantum-safe” virtual private network (VPN) between one of the company’s labs in London, UK and a US-based center in Ashburn, Virginia. According to Verizon, the trial used encryption keys that were generated using post-quantum cryptography methods and demonstrates that it is possible to replace current security processes with quantum-proof protocols. While NIST has been leading an initiative to develop similar algorithms, Verizon has significant amounts of VPN infrastructure and the company sells VPN products, which is why the team is keen to employ post-quantum cryptography sooner.(ZDNet)


Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.