This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Marnie Wilking, CISO, Wayfair
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
US DoJ announces shut down of Russian RSOCKS Botnet
An international police operation that involved law enforcement partners from Germany, the Netherlands, and the U.K. shut down the RSOCKS botnet which was composed of millions of compromised computers and other electronic devices around the world. This included industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. It had also expanded into compromising additional types of devices, including Android devices and conventional computers. The operators behind the RSOCKS botnet offered their clients access to IP addresses assigned to the compromised devices to route internet traffic.
Chrome extensions can be used for fingerprinting
There have long been ways to use browser information to fingerprint users. However a web developer who goes by ‘z0ccc’ released the site “Extension Fingerprint,” which can generate a tracking hash based on a browser’s installed Chrome extensions alone. Some extensions use a secret token that is required for external pages to view if it’s installed, but z0ccc found that comparing loading times for the protection extensions can reveal which ones are installed. Bleeping Computer found that installing 3 to 4 extensions brough the percentage of users with the same extensions to as low as 0.006%. The approach works for Chrome and Edge browsers, but not on Firefox, which use unique Firefox extension IDs for every browser instance. The developer claims that while every browser can’t be uniquely identified by extensions alone, it could be easily combined with other information to create a truly unique ID.
Overconfidence in API security leaves orgs at high risk
Radware’s 2022 State of API Security report reveals a sharp increase in API usage due to reliance on cloud infrastructure and other intersystem communications. While 92% of those surveyed believe they have adequate protection for their APIs, 62% admit a third or more of APIs are undocumented, leaving organizations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks. Additionally, half of respondents indicated their existing tools provide only partial or minimal API protection highlighting that cyber security leaders may have a false sense of security when it comes to their APIs. Michelle McLean, Vice President at Salt Security, said the findings reinforce that API security is vastly under prioritized, and the time is now to turn the dial and incorporate adequate solutions as old tools are not enough.
Thanks to today’s episode sponsor, Optiv
Daycare apps found insecure
The Electronic Frontier Foundation looked into the security used by daycare apps, which are often required when enrolling children. It found that almost all apps lack any kind of 2FA, with one of the more popular Brightwheel claiming it was the “1st partner to offer this level of security.” It also found many apps had weak password policies, used undisclosed Facebook trackers, and had cleartext traffic enabled. The EFF wasn’t the first to highlight these issues, but found that many app makers lacked basic emails to send security issues to, and often were unresponsive. A previous Australian study found that just 14% of vendors responded to security issues with daycare apps. The EFF also points out that regulations like COPPA don’t apply to these applications.
DARPA finds blockchains aren’t all that decentralized
A new report from the Defense Advanced Research Project looking into if blockchains are decentralized found some “unintended centralities” leading the authors to believe that many blockchains could eventually have power centralized with a few select individuals or groups. The paper found the cryptographic underpinning of blockchain “quite robust.” But it points out that three ISPs saw 60% of all Bitcoin traffic, opening the door to these providers having the ability to restrict certain transactions, letting it become a majority voice in consensus of what actually gets written to the blockchain. The report also points out that 21% of Bitcoin nodes run older versions of the Bitcoin client that are vulnerable to attacks.
Cloud email threats soar 101% in a year
Trend Micro announced this number as their observation of growth in email-borne cyber-threats that they blocked last year. They also note a 138% year-on-year increase in phishing emails, of which 40% were credential phishing attempts. They also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. Another security company, Proofpoint warned in a new report of the continued dangers posed by social engineering, highlighting how many users don’t realize that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.