This week’s Cyber Security Headlines – Week in Review, May 15-19, is hosted by Rich Stroffolino with our guest, Dave Hannigan, CISO, Nubank
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Supreme Court shields Twitter from liability and leaves Section 230 untouched
The Supreme Court handed Silicon Valley a massive victory on Thursday as it protected online platforms from two lawsuits that legal experts had warned could have upended the internet. The twin decisions preserve social media companies’ ability to avoid lawsuits stemming from terrorist-related content. In Twitter v. Taamneh, the Supreme Court ruled Twitter will not have to face accusations it aided and abetted terrorism when it hosted tweets created by the terror group ISIS. The court also dismissed Gonzalez v. Google, sidestepping an invitation to narrow a key federal liability shield for websites, known as Section 230 of the Communications Decency Act.
Montana governor bans TikTok
One month almost to the day, Montana Gov. Greg Gianforte signed a bill on Wednesday banning TikTok in the state. This, he said, is to “to protect Montanans’ personal and private data from the Chinese Communist Party,” officially making it the first state to ban the social media application. The bill, which will take effect in January, specifically names TikTok as its target, prohibiting the app from operating within state lines. The law also outlines potential fines of $10,000 per day for violators, including app stores found to host the social media application.
Tech giant ABB confirms ‘IT security incident’
The company confirmed on Friday that it is dealing with “an IT security incident” that is affecting some of its offices and systems around the world, but would not say if this involved ransomware. However, BleepingComputer reported on Thursday that the Black Basta ransomware group attacked the company on May 7. Multiple anonymous sources told the news outlet that the ransomware attack targeted the company’s Windows Active Directory and affected hundreds of devices. ABB is the developer of numerous SCADA and industrial control systems (ICS) for energy suppliers and manufacturing, raising concerns about whether data was stolen and what it contained.
(The Record and Bleeping Computer)
Lacroix Group shuts down three facilities after a targeted cyberattack
The French electronics manufacturer that designs and manufactures electronic equipment automotive, aerospace, industrial, and health sectors, shut down facilities in France, Germany, and Tunisia in response to a cyberattack. Currently, no ransomware gang has claimed responsibility for the attack, but it does come just one week after Swiss multinational company ABB, a leading electrification and automation technology provider, was the victim of a Black Basta ransomware attack.
Loved ones of the Buffalo shooting victims want social media platforms held responsible
A year after a racially-motivated mass shooting took 10 innocent lives at a Tops grocery store in Buffalo, New York, the victims’ loved ones have filed a lawsuit against Meta (Facebook’s parent company), Google, (YouTube’s parent company), Amazon, (Twitch’s parent company), Reddit, Snapchat, Discord and 4Chan. The shooter live streamed the attack on Twitch, which was taken down within two minutes, but was then uploaded to 4Chan and on Facebook, whose algorithm continued to recommend the video. The suit alleges the platforms facilitated the shooter’s white supremacist radicalization and claims their algorithms are designed to take advantage of teenagers by engaging them, “through increasingly extreme and psychologically discordant content.” Section 230 of the 1996 Communications Decency Act protects social media platforms from legal accountability over content posted by users. This could pose a challenge to the suit but Section 230 is currently facing legislative efforts and Supreme Court cases aiming to restrict companies’ immunity.
Thanks to today’s episode sponsor, Hunters
An inside look at RaaS
A new report from Group-IB details the inner workings of the ransomware-as-a-service operator Qilin. The firm infiltrated the group in March 2023. It found that group customizes attacks for each victim for maximum impact. This includes things like changing file extensions and targeting specific processes and services to terminate in an attack. Qilin pays affiliates 80-85% of ransom payments. It also provides affiliates with an admin panel to effectively oversee ongoing operations. The group generally equips affiliates to use phishing emails with malicious links to obtain initial access. Then it performs a classic double extortion attack. The report warns Qilin actively recruits affiliates and provides upgraded tools and techniques to quickly weaponize them.
New TLDs a vector for phishing
The Top Level Domains .Zip and .Mov have been around since 2014, but only became generally available to the public earlier this month. Bleeping Computer’s Lawrence Abrams notes that some platforms, including Twitter, automatically converted file names with .zip or .mov extensions into URLs, opening the door for malicious actors to squat on these now active URLs and send users to malicious sites. This means that references to files could become clickable links a user didn’t mean to share. This isn’t a theoretical exploit either. Silent Push Labs already discovered someone attempting to do this with the URL microsoft-office[.]zip. Others have registered domains for common ZIP archives. However in many of these cases the links point users to information on the risks in these domain names, or in some cases a classic Rick Roll.
Social engineering in Microsoft Teams
Security researchers at Proofpoint published new social engineering techniques used against Microsoft Teams. One involves attackers remaining browser tabs to spoofed Teams pages. Once on the faked tab, attackers impersonate a Teams page in an attempt to load malware. Another approach involves manipulating meeting invites with Teams API calls, replacing links with malicious ones. Another involves changing the underlying URL to messages for Teams, whereby the URL remains legitimate, but the link when clicked is malicious. None of these represent any flaw in Teams itself. Rather it speaks to the growing popularity, and threat surface, of the service. Proofpoint found that “60% of Microsoft 365 tenants suffered at least one successful account takeover incident in 2022.”
Discord suffers data breach
The popular VoIP and instant messaging social platform has disclosed a data breach that has resulted in unauthorized access to a third-party customer service agent’s support ticket queue, potentially exposing users’ email addresses, the contents of customer service messages, and any attachments sent to Discord support. In response to the incident, the company immediately deactivated the compromised account and analyzed the impacted machine to determine if it was infected with malware.
White House cyber strategy goes big on education
In a speech to the National Security Telecommunications Advisory Committee, acting national cyber director Kemba Walden said providing “foundational cyber skills” was a central part of the Biden’s administration cyber strategy. Walden marked this as one of four pillars to its upcoming implementation plan. This would include efforts to educate citizens on digital literacy, computational math and digital resilience. Other aspects include transforming cyber education, growing the available cyber workforce in the US, and specifically increasing federal staff.