Cyber Security Headlines – Week in Review – Dec 6-10, 2021

This week’s Cyber Security Headlines – Week in Review, Dec 6-10, is hosted by David Spark with our guest, Paul Truitt, Principal, Mazars

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion on LinkedIn.

Pegasus spyware reportedly hacked iPhones of U.S. State Department and diplomats

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have been singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.

(The Hacker News)

Realistic looking fake Office 365 spam quarantine alerts on the rise

A new series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages held in quarantine, with the end goal of stealing their Microsoft credentials. The emails use quarantine[at]messaging.microsoft.com address with an official Office 365 logo and other standard footer material. Details of the quarantined spam message are provided along with personalized subject headings to create a sense of urgency. However, they still come with text formatting issues and out-of-place extra spaces that would allow spotting these emails’ malicious nature on closer inspection.

(Bleeping Computer)

Text message service helped governments track phones

The company Mitto AG was founded in 2013, providing automated text message services for businesses, for things like appointment reminders or security codes. The company worked with global telco operators to deliver messages and served major technology platforms. However a report from Bloomberg and the Bureau of Investigative Journalism found that the company’s co-founder and COO Ilja Gorelik also sold access to its network to surveillance-technology companies to help locate devices. These companies were in turn used by government agencies. This service wasn’t shared with the company’s technology partners and was limited to a small group inside the company. Mitto denies the report.  

(Bloomberg)

Volume of attacks on IoT/OT devices increasing

A new study commissioned by Microsoft shows that 44 percent of more than 600 respondents interviewed  said their organization experienced a cyber incident that involved an IoT or OT device in the past two years. Thirty-nine percent said such a device was the target of the attack and 35% said the device was leveraged to conduct a broader attack — this includes lateral movement, detection evasion and persistence. Less than one-third said their organization has a complete inventory of devices, and 42% don’t have the ability to detect vulnerabilities affecting IoT and OT devices. 61% have low or average confidence when it comes to identifying compromised systems, and nearly half still mainly rely on manual processes to identify and correlate impacted devices. Roughly half of respondents said their OT network is connected to the corporate IT network, and 56% admitted that their OT network is directly connected to the internet.

(Security Week)

Thanks to our episode sponsor, Tines

Tines is no-code automation for security teams, trusted by the world’s best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause.

Burnout can lead to security threats, insider risk

1Password has released “The Burnout Breach” report studying the rising burnout rates across all industries throughout the COVID-19 pandemic. The report found that more than 80% of professionals are feeling burned out leading to serious backsliding related to security protocols. Burned out employees are a third less likely to follow their company’s security guidelines and are 60% more likely to create, download or use software at work without IT’s permission. Security professionals are twice as likely as other workers to indicate that they are “completely checked out” and “doing the bare minimum at work.” Security professionals are also more likely than other types of workers to work around their company’s policies in order to solve their own IT problems or because they dislike the software their company provides.

(Security Magazine)

Twitter bots pose as support staff to steal your cryptocurrency

Threat actors have been abusing Twitter APIs to monitor all public tweets containing requests for support on MetaMask, TrustWallet, and other popular crypto wallets. After identifying the tweets, the scammers leverage Twitter bots to simulate support agents that automatically reply seconds later with links appearing to offer technical support. Once the victim clicks on the link, they’re directed to a fake support form on Google Docs or other cloud platforms to steal recovery phrases allowing attackers full access to their cryptocurrency wallet.

(Bleeping Computer)

IT execs half as likely to face the axe after breaches, shortages to blame?

Senior IT and cybersecurity professionals are nearly half as likely to be fired following a data breach today versus three years ago, according to new data from Kaspersky. Its newly published report, IT Security Economics 2021 revealed that just 7% of organizations laid off senior IT staff following a security breach in 2021 versus 12% in 2018. The figure for senior security staff was 8% this year versus 14% three years ago. The findings may indicate that skills shortages are biting across the globe, a concept supported by a study from ISC2 that revealed 2.7 million security professionals are still needed worldwide, meaning the workforce is still 65% below what it needs to be

A look at health data leaks in 2021

According to data submitted to the Office for Civil Rights at the Department of Health and Human Services, over 40 million people in the US had personal health information exposed through data breaches this year. The total number of breaches impacting 500 or more people, which healthcare organizations are required to disclose, were down from 599 in 2020 to 578 in 2021. But the number of people impacted increased 53% on the year. The largest leak impacted 3.5 million people of the Florida Healthy Kids Corporation health plan. Much of this comes from under investment in cybersecurity by healthcare organizations, even as federal rules have required them to use electronic medical records.

(The Verge)

AWS as the internet’s biggest single point of failure

An opinion piece in Vice describes how this week’s AWS outage has shown the world just how much the internet relies on it, and why that’s a bad thing. Written by Motherboard senior staff writer Lorenzo Franceschi-Bicchierai, the article points out that even though lasting just a few hours the world has seen just how much it now depends on Amazon’s infrastructure. Quoting Steven Bellovin, a computer science professor at Columbia University, “If an attacker could gain control of AWS infrastructure, they could do very great damage.” They highlight that access isn’t the only concern, but the way in which AWS manages security for its customers sites means that features such as MFA and SMS verification systems to disappear, as happened recently at Parler. The full editorial is available at vice.com.

(Vice)