Cyber Security Headlines Week in Review:  Russia’s satellite warning, Mark of Web flaw, Industrial ransomware attacks rise

This week’s Cyber Security Headlines – Week in Review, October 24-28, is hosted by Rich Stroffolino with our guest, Will Gregorian, former Senior Director, Technology Operations and Security, Rhino

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

Musk buys Twitter

Last night, Elon Musk closed his $44 billion deal to buy Twitter, and began cleaning house, with at least four top Twitter executives — including the chief executive and chief financial officer being fired. The deal sets Twitter on an uncertain course, with Musk describing himself as a “free speech absolutist.” Twitter stock has been delisted as the company becomes privately owned by his purpose-created company X Holdings. His goal, he has said, is to make Twitter an “everything app” similar possibly to China’s WeChat.

(New York Times)

Russia warns West: We can target your commercial satellites

This warning comes from senior Russian foreign ministry official Konstantin Vorontsov, deputy director of the Russian foreign ministry’s department for non-proliferation and arms control, speaking to the United Nations. He stated that commercial satellites from the United States and its allies could become legitimate targets for Russia if they were involved in the war in Ukraine. Vorontsov did not mention any specific satellite companies though the comment may be connected to  SpaceX which has pledged to continue to fund its Starlink internet service in Ukraine.

(Reuters)

Industrial ransomware attacks rise in North America

According to a new analysis by Dragos, in Q3 36% of all industrial ransomware cases hit North American organizations, from 25% in Q2. Overall the rate of attacks remained virtually flat, with 128 incidents in the quarter, up 2.4%. The manufacturing sector remains a popular target for industrial ransomware, representing 68% of attacks in Q3. Within this group, metal production and food and beverage sectors were the most commonly hit. LockBit operated 35% of all these attacks. Other groups targeted more specific industries, with the Ragnar Locker group hitting the energy sector specifically.  

(Dark Reading)

Exploited Windows zero-day lets JavaScript files bypass Mark of the Web security warnings

According to Bleeping Computer, this has already been seen in ransomware attacks. Windows includes a security feature called Mark-of-the-Web (MoTW) that flags a file as having been downloaded from the Internet and therefore should be treated with caution as it could be malicious. The MoTW flag is added to a downloaded file or email attachment as a special Alternate Data Stream called ‘Zone.Identifier.’ which uses JavaScript and generates a warning pop-up window. HP’s threat intelligence team recently reported that threat actors are infecting devices with Magniber ransomware using the JavaScript to bypass the warning window and deliver the malware.

(Bleeping Computer)

NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry

Rob Joyce, director of the NSA Cybersecurity Directorate, speaking Wednesday at the Trellix Cybersecurity Summit in Washington, stated that “rapidly and proactively sharing intelligence on cyberthreats with industry and critical infrastructure providers “can really make a big and decisive difference,” adding that this was one of his main “lessons learned” from the ongoing war in Ukraine. Stressing the need for greater knowledge sharing despite the competitive nature of business is possible and necessary for mutual benefit and safety. “We can make available the insights about what we know without putting at risk how we know it” he said.

(Cyberscoop)

Thanks to this week’s episode sponsor, Votiro

UFOs are everywhere.
They’re in your applications, cloud storage, endpoints, and emails.
That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. 
UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs.

CISOs struggle to articulate business impacts of cyber risks

According to a new survey from FTI Consulting, 85% of US CISOs indicated that cybersecurity has gained prominence on the Board’s agenda over the last 12 months. Additionally, 79% of CISOs feel heightened scrutiny from senior leadership. Unfortunately, 53% say their cybersecurity priorities are not completely aligned with C-suite leadership. Further, 58% of CISOs indicated they struggle to communicate technical information and cyber risk in a manner that the Board and senior leadership can understand. Other notable findings include 82% of CISOs feeling that they need to exaggerate their role to their Board while 46% of CISOs who experienced a cyber incident struggled to rebuild trust with leadership afterward.

(Security Magazine)

Industrial ransomware attacks rise in North America

According to a new analysis by Dragos, in Q3 36% of all industrial ransomware cases hit North American organizations, from 25% in Q2. Overall the rate of attacks remained virtually flat, with 128 incidents in the quarter, up 2.4%. The manufacturing sector remains a popular target for industrial ransomware, representing 68% of attacks in Q3. Within this group, metal production and food and beverage sectors were the most commonly hit. LockBit operated 35% of all these attacks. Other groups targeted more specific industries, with the Ragnar Locker group hitting the energy sector specifically.  

(Dark Reading)

Pizza123 password takes momentum out of Fast Company

The breach of the Fast Company news channel that occurred in late September was achieved by exploiting an easily guessed default password, “pizza123.” The business magazine reused the weak password across a dozen WordPress accounts, according to the hacker, who goes by the handle “Thrax” and who described the attack as “ridiculously easy” in an article published on FastCompany.com before the publication took the site down. The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

(Bleeping Computer)