This week’s Cyber Security Headlines – Week in Review, Sep 6-10, 2021, is hosted by Rich Stroffolino, with our guest, Matt Crouse, CISO, Taco Bell

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.

Salesforce email service used for phishing campaign

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign. According to email security service provider Perception Point, the bad actors are sending phishing emails via the Salesforce email service by impersonating the Israel Postal Service in a campaign that has targeted multiple Israeli organizations. Most email security services are unable to detect attacks using Salesforce’s legitimate platform because they “blindly trust that Salesforce is a safe source,” even to the point of whitelisting the service’s IP addresses to streamline the email process, they wrote.

(ESecurityPlanet.com)

Eight US states to begin accepting digital driving licenses

Arizona and Georgia will be the first states to allow their residents to use this system, in which driver’s licenses and other state IDs are stored on iPhones and the Apple Watch. They will be followed by Connecticut, Iowa, Kentucky, Maryland, Oklahoma and Utah. Apple said it has introduced new security features that mean users do not need to unlock or physically handover their phones to police or security officials. The company stated: “Only after authorizing with Face ID or Touch ID is the requested identity information released from their device, which ensures that just the required information is shared and only the person who added the driver’s license or state ID to the device can present it. Users do not need to unlock, show or hand over their device to present their ID.”

(InfoSecurity Magazine)

ProtonMail shares user IP address with law enforcement

The privacy-focused email provider received a “legally binding order from the Swiss Federal Department of Justice”  it was “obligated to comply with,” leading the organization to handover the IP address and information related to the type of device used by the account. The account was related to the anti-gentrification activists Youth for Climate, and led to arrests in France. On it’s site, ProtonMail claims “[b]y default, we do not keep any IP logs which can be linked to your anonymous email account.” Under Swiss law, ProtonMail must hand over data when users of its service engage in activity deemed illegal in Switzerland. ProtonMail CEO Andy Yen said the company had no choice but to comply, although he said handing over data is not done by default, only if legally forced. 

(Hacker News)

IoT attacks double in six months

This data comes from a new report from Kaspersky, analyzing its telemetry from honeypots. The company detected 1.5 billion IoT attacks in the last six months, up from 639 million in the previous period. Part of this increase comes from the increased number of IoT devices available, from smartwatches to smart home accessories. The major security concern is that threat actors could target corporate resources through the increased number of people working at home, where network security is generally more lax. The most common use for compromised IoT devices includes stealing personal or corporate data, mining cryptocurrencies, and taking part in DDoS attacks. 

(ThreatPost)

Thanks to our episode sponsor, Semperis

One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com.

Study looks at criteria for ransomware targeting 

The rise of ransomware has become the cyber security story of the decade, not breaking any news here. The basic methods threat actors use to infiltrate networks are generally understood. But the cybersecurity intelligence company KELA tried to look into how victims are selected by ransomware organizations. They examined 48 forum posts from July from parties looking to purchase access to a network. 40% of these are want ads created by those working for ransomware organizations. Overall the US, Canada, Australia, and Europe were the most popular locations. Target companies have an average revenue of $100 million, although often groups will target companies in the US with far less revenue. 47% of organizations refused to target healthcare and education industries, while 37% banned targeting government sectors. 

(Bleeping Computer)

Ransomware gang threatens to leak data if victim contacts FBI, police

In an announcement published on Ragnar Locker’s darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack, or who contact data recovery experts to attempt decryption or to conduct the negotiation process. This announcement puts additional strain on victims, considering that governments worldwide have strongly advised against paying ransoms, but have suggested turning to law enforcement instead.

(Threatpost)

Stress and burnout affecting majority of cybersecurity professionals

According to CIISec’s 2020/21 State of the Profession report, 51% of cybersecurity professionals are kept up at night by job stress and work challenges. More than two-thirds (69%) believe that risks to their organization’s data have increased due to staff working from home. 80% of respondents said that staff have become more anxious or stressed during the pandemic, which is concerning due to numerous studies demonstrating that people are more vulnerable to being duped by cyber-criminals while feeling stressed or burnt out. The study also showed 65% of respondents feel that the pandemic made security reviews, audits, and overseeing processes more difficult, while two-thirds (66%) agreed that the forced cancellation of education events and training has widened the skills gap in the sector. Some encouraging results from the survey show 59% of cybersecurity pros think the industry has improved at defending systems and data and 62% said the sector had improved its response to security incidents and breaches.

(Infosecurity Magazine)