Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com.
Hackers have been sending malware-filled USB sticks to U.S. companies disguised as gifts
On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defense, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports. Some of these sent apparently by a group called FIN7 and were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. The FBI says it originally began receiving reports about such activity as far back as last August.
Norton 360 faces blowback for crypto feature
Antivirus software company Norton 360 installed a cryptocurrency mining program on its customers’ computers, which it says allows customers to profit from the scheme, while keeping 15 percent of any currencies mined for itself. This feature is described as being “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove. According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory). Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as their FAQ points out, there are coin mining fees as well as transaction costs to transfer Ethereum.
Half of SMEs hit with breaches
According to a survey by the insurance firm Markel Direct, 51% of SME’s and self-employed individuals in the UK experienced a cybersecurity breach. Of these 24% were a result of malware, 16% from data breaches and 15% from phishing. 88% of respondents said they had at least one form of cybersecurity solution in place, with 70% reporting feeling confident about their security arrangements. 11% of respondents said that they did not intend to increase spend on cybersecurity measures, seeing them as an “unnecessary cost.” 68% of respondents found that the cost of mitigating the breaches exceeded £5000.
Hotel chain switches to Chrome OS to recover from ransomware attack
Last month, Nordic Choice Hotels was hit with Conti ransomware disrupting operations, but instead of paying the ransom, the company was able to recover from the incident by migrating its entire PC fleet from Windows to Chrome OS. The hotel chain indicated that by using a tool called CloudReady, it was able to convert 2,000 computers to its Chrome OS ecosystem in just two days, restoring operations to 212 hotels in five countries. Prior to the attack the hotel had already run a pilot program to test the tool as a way of reusing old computers with a less-demanding OS. The hotel chain said they expect to migrate 2,000 more computers and estimate savings of $6.7 million by avoiding the need to buy new hardware.
Thanks to our episode sponsor, BlackBerry
Security shortfalls ranked top roadblock to IT modernization
According to the 2022 Intelligent Technology Report from Insight Enterprises, Inc., 400 IT leaders have ranked the top internal hindrance to organizational IT modernization as security shortcomings (40%), followed by shadow IT (36%) and competing internal priorities (35%). 51% of IT leaders named security as their top organizational priority when it comes to cloud integration. The survey also indicates that the COVID-19 pandemic may be amplifying the barriers to modernization, as 78% of IT leaders reported taking on new cybersecurity tasks in 2021.
EU planning supply chain attack simulations
Bloomberg’s sources say the EU will launch a large-scale simulation of cyberattacks against multiple member states this week. The simulation will go on for six-weeks and include some knock-on socio-economic impacts in other states, as well as look at how participants handle public communication and diplomatic responses. Documents for the simulation say that the EU doesn’t currently have a framework for coordinating a joint response to a major attack on its supply chain. The simulation will escalate to something that would qualify as armed aggression under the United Nations Charter, and will be modeled on recent attacks or likely near future scenarios.
New undetected backdoor runs across three OS platforms
Security experts are warning of new backdoor malware designed to work across Windows, Mac and Linux, some versions of which are currently undetected in Virus Total. Dubbed “SysJoker” by researchers at Intezer, the malware was discovered during an attack on a Linux web server running in an education sector organization. It’s believed to date back to the second half of 2021. They stated, “SysJoker masquerades as a system update and generates its command and control by decoding a string retrieved from a text file hosted on Google Drive. During our analysis the C2 changed three times, indicating the attacker is active and monitoring for infected machines. Based on victimology and malware’s behavior, we assess that SysJoker is after specific targets.”
Ransomware locks down prison, knocks system offline
The Metropolitan Detention Center in Bernalillo County, New Mexico, went into lockdown on January 5, 2022, after cyberattackers infiltrated Bernalillo County systems and deployed malware. Local government systems were impacted by the cyberattack, including those used to manage the prison. Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the establishment’s internet but also locked staff out of data management servers and security camera networks. In addition to interrupting communications for prison employees and inmates, a number of databases are suspected of being corrupted by the cyberattack, including an incident tracker which records inmate fights and attacks. Prison guards were left unable to manage automatic doors, however, physical keys could still be used.