This week’s Cyber Security Headlines – Week in Review, February 22-26, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Naomi Buckwalter (@ineedmorecyber), director of information security and IT, Beam Technologies
Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.” (https://www.crowdcast.io/e/cyber-security-headlines)
Microsoft and FireEye push for breach reporting rules
The companies pushed for a new breach reporting requirement to the US Senate Intelligence Committee in written testimony regarding the SolarWinds supply chain attack. Microsoft President Brad Smith said, “We need to replace this silence with a clear, consistent obligation for private sector organizations to disclose when they’re impacted by confirmed significant incidents.” FireEye CEO Kevin Mandia reiterated the sentiment with more specific language, saying, “The U.S. government should consider a federal disclosure program for not only sharing threat indicators but for also providing notification of a breach or incident.” While many US states have laws requiring notification to victims of a data breach, no federal law is currently on the books.
(The Hill)
US Federal Reserve hit with massive IT outage
The outage impacted the ability to make wire transfers, ACH transactions, and almost every other electronic service they process. The Fed’s FedMail electronic messaging system used to transmit information to other organizations remained operational. The Federal Reserve characterized the outage as an “operational error.” Access to FedCash and Central bank services was restored after roughly two hours on February 24th, although many Fed services remain down as of this recording.
Silver Sparrow malware found on 30,000 Macs has security pros stumped
Researchers have yet to observe delivery of any payload from a new malware dubbed Silver Sparrow, leaving its purpose unknown. This suggests that it may spring into action once a condition is met. Silver Sparrow comes with a mechanism to completely remove itself, a capability typically reserved for high-stealth operations, and it runs natively on the new M1 chip. It also uses the macOS Installer JavaScript API to execute commands, which makes it difficult to analyze. Found in found in 153 countries with concentrations in the US, UK, Canada, France, and Germany, researchers are watching carefully for further developments.
SolarWinds hackers stole source code for Microsoft Azure, Exchange, Intune
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there’s no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. It said cases involved downloading component source code related to small subsets of Azure, Intune and Exchange components, and that the entire attack is a “moment of reckoning,” furthering the need to proactively embrace a zero-trust mentality.
Thanks to our episode sponsor, PlexTrac
Organizations feel the impact of the Accellion exploit
The number of organizations impacted by a vulnerability in Accellion’s File Transfer Appliance software continues to grow. We previously reported that the law firm Jones Day was dealing with an extortion attempt linked to an Accellion breach. Now the Washington State Auditor’s Office reports personal data on one million applications for unemployment might have been accessed. The Reserve Bank of New Zealand and the Singapore telco Singtel also report related data leaks. Accellion says less than 50 customers were impacted, that it notified all customers using the software weeks ahead of public disclosure, and will replace its FTA software by April 30, with plans to migrate customers to its newer Kiteworks solution.
Most firms now fear nation state attack
This from a study sponsored by the Cybersecurity Tech Accord and compiled from interviews with over 500 director-level or above executives from businesses in Asia-Pacific, Europe and the United States and conducted before the SolarWinds campaign even came to light. Eighty percent of respondents expressed this concern, with a majority claiming these worries have increased over the past five years., A majority of respondents also stated they want their respective governments to play a bigger role in meeting these challenges: 60% said their country only offers a medium or low-level of protection.
Pres. Biden orders security review of supply chain security
The president’s executive order has a few goals: to address shortages of critical imported components such as batteries and pharmaceuticals, to wean the country off semiconductors manufactured overseas, and to review the security of the information and communications sector. After signing the order, Biden said that “we need to make sure these supply chains are secure and reliable.” It’s an issue for both and national security, he said. The SolarWinds hack is one example of cyber-espionage targeting important supply chains, and the attempted hack of the vaccination supply chain is another. (CyberScoop)
The bitcoin blockchain is helping keep a botnet from being taken down
Recently, a botnet that researchers have been following for about two years began using a new way to prevent command-and-control server takedowns: by camouflaging one of its IP addresses in the bitcoin blockchain. By having a server the botnet can fall back on, the operators prevent the infected systems from being orphaned. Storing the address in the blockchain ensures it can never be changed, deleted, or blocked, as is sometimes the case when hackers use more traditional backup methods, said Chad Seaman, a researcher at Akamai.
Experts find a way to learn what you’re typing during video calls
Research undertaken at the University of Texas at San Antonio and the University of Oklahoma, suggests that video feeds as well as YouTube and Twitch videos can be used to infer what a person is typing through a three part analysis. From a pool of detected keystrokes, words are inferred by making use of the number of keystrokes detected for a word as well as the magnitude and direction of left and right arm displacement that occurs between consecutive keystrokes of the word, combined with predictive analytics. Currently, the findings showed that hunt-and-peck typers and those wearing sleeveless clothes were more susceptible to word inference attacks, as were users of Logitech webcams.