This week’s Cyber Security Headlines Week in Review, January 18-22, 2021 is hosted by Steve Prentice @stevenprentice with our guest Joshua Scott, Head of Information Security at Postman.
Link found between data breaches and increased number of fatal heart attacks at US hospitals
A new study from Vanderbilt’s Owen Graduate School of Management and the Vanderbilt University Medical Center shows security remediation initiatives put into place after a hospital data breach, such as stronger passwords and authentication procedures leads to a rise in the time to EKG and in patient mortality rates for heart attack victims. The average increase in time to EKG was by 2.7 minutes, a significant delay considering the industry standard for time to EKG is 10 minutes. This increase was still observable years after a breach had occurred.
Trend Micro predicts AI will replace cybersecurity jobs and boost crime
In its 2021 predictions report, Trend Micro states that 32% of 500 IT leaders polled believe AI will replace all cybersecurity roles by 2030, and that 19% say attackers using AI will be commonplace by 2025, especially focusing on home networks as a critical launch pad to compromising corporate IT and IoT networks. 24% of the IT leaders polled also claimed that by 2030, data access will be tied to biometric or DNA data, making unauthorized access impossible. They suggested companies and IT professionals continue to evolve to keep pace.
Parler resurfaces online
The URL for the social media platform Parler was updated to show a message from CEO John Matze, reiterating the site’s self-proclaimed commitment to free speech and pledging to “welcome all of you back soon.” In a separate interview with Fox News, Matze said he was confident the social network could come back online by the end of January. CNN reports that Parler is now hosted by Epik, which also hosts the fringe websites 8chan and Gab. Amazon suspended Parler from its web services earlier this month, finding the platform failed to implement a system that effectively identified and removed content that incited violence.
Hackers manipulated stolen COVID-19 vaccine data before leaking it online
In the latest update on the cyberattack that was first disclosed last month, the European Medicines Agency (EMA) has revealed how hackers accessed confidential internal emails from November about evaluation processes for COVID-19 vaccines. The ongoing investigation found that some of the contents of those emails had been manipulated by those behind the attack in what appears to be an attempt to create mistrust with disinformation about vaccines. It is not known who the perpetrators are or why they sought to spread disinformation and undermine trust in the vaccines.
Thanks to our episode sponsor Armis
Intel offers CPU-level threat detection capabilities to target ransomware
Intel has announced that its 11th Generation mobile processors sold with a VPro feature set will include threat detection technology that uses telemetry data from the CPU’s performance monitoring unit, combined with accelerated machine learning heuristics to detect potential threats. This is possible because some types of malicious programs including ransomware impact the performance of the CPU through the type of tasks they execute. Telemetry data and machine learning models can identify potentially suspicious or abnormal behavior, allowing malware detection at the CPU-level.
Executive Order addresses malicious use of public clouds
One of the last executive orders from the outgoing Trump administration gives the Commerce Department authority to write rules that could bar foreign entities from using US cloud Infrastructure as a Service offerings if they are used for a cyber attack. The rules would apply to jurisdictions as well as people and companies. The order gives the Commerce Department six months to create rules for US cloud providers, which would require verifying identification of foreign customers and keeping other records. No word on if the order will be kept in place by the new Biden administration.
Malwarebytes breached by the group that attacked Solarwinds
The company is the fourth prominent security firm to announce being targeted by the group, after Microsoft, FireEye, and CrowdStrike. The firm wasn’t victim to the supply chain attack as it doesn’t use SolarWinds’ solutions, but rather found the attackers accessed internal systems by exploiting a dormant email protection product within its Office 365 tenant. Malwarebytes was notified by Microsoft about suspicious activity on a dormant Office 365 security app on December 15th. After an investigation, the company found the group only gained access to a limited subset of internal company emails, with no evidence that any products or production systems were compromised.