Quick Links
Welcome to our monthly news roundup blog! Our mission at FRSecure is to fix the broken information security, and sharing knowledge plays a pivotal role in that. With this in mind, we’ve gathered articles from publications across the information security industry and organized them here by category to give you a centralized summary of all the latest news.
Happy reading, and don’t forget to share this month’s roundup with your contacts!
July 2022 Information Security News Roundup #infosec Share on X
Threats and Vulnerabilities
Phishers Use Custom Phishing Kit to Hijack MFA-Protected Enterprise Microsoft Accounts
https://www.helpnetsecurity.com/2022/08/03/hijack-microsoft-accounts/
An ongoing large-scale phishing campaign is targeting owners of business email accounts at companies in the fintech, lending, insurance, energy, and manufacturing sectors in the US, UK, New Zealand, and Australia.
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices
https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html
Details have been shared about a security vulnerability in Dahua’s Open Network Video Interface Forum (ONVIF) standard implementation when exploited, can lead to seizing control of IP cameras.
New Facebook Malware Targets Business Accounts
https://www.csoonline.com/article/3668002/new-facebook-malware-targets-business-accounts.html
Helsinki-based cybersecurity vendor WithSecure says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts.
US Govt. Warns Americans of Escalating SMS Phishing Attacks
The FCC warned Americans of an increasing wave of SMS phishing attacks attempting to steal their personal information and money. Some independent reports estimate billions of robotexts each month – for example, RoboKiller estimates consumers received over 12 billion robotexts in June.
FBI Warns of Residential Proxies Used in Credential Stuffing Attacks
The FBI warns of a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks without being tracked, flagged, or blocked. Because people commonly use the same password at every site, cybercriminals have ample opportunity to take over accounts without cracking passwords or phishing any other information.
More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem
https://www.darkreading.com/threat-intelligence/cross-platform-ransomware-spikes-problem
The ability to impact a variety of client operating systems within a single victim’s environment started gaining steam in 2021, according to an advisory from Kaspersky. Ransomware gangs have moved towards this advancement within their tools by utilizing programming languages like Rust and Go.
Exploiting Stolen Session Cookies to Bypass MFA
https://www.helpnetsecurity.com/2022/08/19/exploiting-stolen-session-cookies-bypass-mfa/
Active adversaries are increasingly focusing solely on exploiting stolen session cookies to bypass MFA and gain access to corporate resources, according to Sophos. In some cases, the cookie theft itself is a highly targeted attack, with adversaries scraping cookie data from compromised systems within a network and using legitimate executables to disguise the malicious activity.
Ransomware Running Rampant Across Academic Institutions
https://www.kcrg.com/2022/07/28/crcsd-planning-opening-first-day-regardless-security-breach/
As schools start resuming classes, many are falling victim to ransomware attacks, locking their systems down, with little ability to get their files back. In some instances, schools have been making the decision to carry on with classes, despite dealing with a cyber incident less than 2 months ago.
Ransomware, Email Compromise are Top Security Threats, but Deepfakes Increase
While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from VMWare and Palo Alto’s Unit 42.
Stories
Universities are at Risk of Email-Based Impersonation Attacks
https://www.helpnetsecurity.com/2022/08/04/universities-email-based-impersonation-attacks/
Proofpoint released new research which found that the top universities in the United States, the United Kingdom, and Australia are lagging on basic cybersecurity measures, subjecting students, staff, and stakeholders to higher risks of email-based impersonation attacks.
70% of Cyberattacks Are Ransomware and Business Email Compromise
https://tech.co/news/70-of-cyberattacks-target-business-email-accounts?web_view=true
70% of the top reported cyberattacks in the past 12 months were either ransomware or business email compromise (BEC), according to a recent Palo Alto Networks report. Of those reported, software vulnerabilities accounted for nearly half of every breach, highlighting a need for better patch management strategies, password managers, and cybersecurity training.
Verizon: Mobile Attacks Up Double Digits From 2021
https://www.techrepublic.com/article/verizon-mobile-attacks-up-double-digits-from-2021/
With the proliferation of mobile devices and hybrid work environments where employees often use their personal devices for work-related activities, almost half (45%) of respondents of the Verizon Mobile Security Index 2022 said their organizations were subject to a security incident involving a mobile device that led to data loss, downtime, or other consequences—a 22% increase over 2021’s numbers.
A Third of Organizations Experience a Ransomware Attack Once a Week
https://www.helpnetsecurity.com/2022/08/04/organizations-experience-ransomware-attack/
According to new research published by Menlo Security conducted among over 500 IT/Security decision-makers in the US and UK, a third of organizations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day.
Ransomware: 1.5 million People Got Their Files Back Without Paying the Gangs. Here’s how:
No More Ransom project now offers free tools for decrypting 165 families of ransomware as the fight against extortion groups continues.
No More Ransom Project website:
https://www.nomoreransom.org/en/index.html
Data Breach Costs Record $4.3M With Firms Passing Buck to Customers
https://www.zdnet.com/article/data-breach-costs-record-4-3m-with-firms-passing-buck-to-customers/
The average cost of a data security breach has hit another record-high of $4.35 million per incident, growing 12.7% over the past two years across industries internationally. And some businesses are passing the buck to customers, even as the cost of products and services has climbed amidst inflation and supply chain constraints.
French Hospital Hit by $10M Ransomware Attack, Sends Patients Elsewhere
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
Twilio Hackers Hit Over 130 Orgs in Massive Okta Phishing Attack
Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, and Klaviyo, compromised over 130 organizations in the same phishing campaign. This phishing campaign utilized a phishing kit codenamed ‘0ktapus’ to steal 9,931 login credentials.
Group-IB tracked the admin account, known as “X”, behind the phishing attacks and says this account had a location of North Carolina, United States, associated with it.
School Districts Share ‘Lesson Plan’ for Boosting Cybersecurity
https://www.govtech.com/security/school-districts-share-lesson-plan-for-boosting-cybersecurity
K-12 school districts’ collections of student data, an array of digital systems, and limited defense budgets are just some of the factors that make them tempting targets for cyber attackers, but active threat monitoring, security awareness training, vetted cloud vendors, and other strategies can help reduce the dangers.
For Cyber Insurance, Some Technology Leads to Higher Premiums
With increasing demand and dangerous third-party risks, cyber insurance carriers are taking a much harder look at enterprises’ security postures, to the point where they’re limiting or denying coverage based on the presence of certain technologies.
Third Parties and Partners are Leading to Increased Cyber Risk
https://mytechdecisions.com/it-infrastructure/third-parties-partners-leading-increased-cyber-risk/
According to a new report from Proofpoint, 81% of organizations are highly concerned about risks surrounding their supplies and partners, with nearly half citing data loss as a primary risk.
Malicious Browser Extensions Targeted Almost 7 Million People
According to a report by Kaspersky, almost seven million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links.
New Cross-Industry Group Launches Open Cybersecurity Framework
AWS and Splunk are leading an industry effort of 18 systems and security vendors to standardize how different monitoring systems share security alerts. The goal is to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze security data faster via a service called the Open Cybersecurity Schema Framework (OCSF).
Federal Workers are Advertising Their Security Clearances on LinkedIn. Agencies say Those are ‘Top Secret’ for a Reason
U.S. federal and U.K government workers and military personnel are using LinkedIn to publicize the fact that they can access top-secret government information, a move that experts say can “elevate targeting risk” from adversaries.
This Company Didn’t Spot the Flaw in Their Network, But Three Ransomware Gangs Did
An automotive supplier fell victim to three prominent forms of ransomware, LockBit, Hive, and BlackCat, with each cybercriminal gang encrypting files and leaving their own ransom demand for a decryption key with little time between incidents. The initial RDP connection was said to have been open since at least December of 2021 but wasn’t exploited April and May of 2022.
Cisco Admits Hack on IT Network, Links Attacker to LAPSUS$ Threat Group
Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022. On August 10, the firm stated that an employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
Opinion
Apathy Is Your Company’s Biggest Cybersecurity Vulnerability — Here’s How to Combat It
Human error continues to be the leading cause of a security breach. Nearly 60% of organizations experienced data loss due to an employee’s mistake on email in the last year, while one in four employees fell for a phishing attack.
The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware
https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html
Information exfiltration is rapidly becoming more prevalent. Earlier this year, incidents at Nvidia, Microsoft, and several other companies have highlighted how big of a problem it’s become – and how, for some organizations, it may be a threat that’s even bigger than ransomware.
Informational
Three Common Mistakes That May Sabotage Your Security Training
https://thehackernews.com/2022/08/three-common-mistakes-that-may-sabotage.html
Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques.
Busting the Myths of Hardware-Based Security
When it comes to cybersecurity, everyone likes to talk about software and the dangers that it poses. However, people often overlook hardware-based security and its vital importance in establishing a secure workspace.
Poor Training and Communications Hindering Cybersecurity Efforts
https://www.infosecurity-magazine.com/news/training-comms-cybersecurity/
Three in four companies in the UK and US have experienced a security incident in the last year, said a report from email security company Tessian, titled How Security Cultures Impact Employee Behavior. Poor cybersecurity awareness programs and internal communications are primarily to blame.
Wolf in Sheep’s Clothing: How Malware Tricks Users and Antivirus
One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files. To achieve this deception, malware authors are using a variety of tricks like masquerading malware executables as legitimate applications, signing the apps with valid certificates, or compromising trustworthy sites to use them as distribution points.
Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns
Leadership at the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that ransomware hackers are not exclusively targeting large critical infrastructure organizations and businesses, but smaller entities as well.
Hackers Scan for Vulnerabilities Within 15 Minutes of Disclosure
System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new Unit 42 report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
DNS Data Indicates Increased Malicious Domain Activity, Phishing Toolkit Reuse
New research from cybersecurity vendor Akamai has revealed that 12.3% of monitored devices communicated with domains associated with malware or ransomware at least once during the second quarter of 2022. This represented a 3% increase compared to Q1 2022, the firm stated, with reused phishing toolkits playing a key role in malicious domain-related activity.
Ransomware: Most Attacks Exploit These Common Cybersecurity Mistakes – So Fix Them Now, Warns Microsoft
Microsoft’s Cyber Signals report analyzed anonymized data of real threat activity and found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices.
Microsoft Sysmon Can Now Block Malicious EXEs From Being Created
Microsoft has released Sysmon 14 with a new ‘FileBlockExecutable’ option that lets you block the creation of malicious executables, such as EXE, DLL, and SYS files, for better protection against malware.
Incident Response in the Cloud Can Be Simple if You are Prepared
https://www.helpnetsecurity.com/2022/08/17/incident-response-cloud/
If your business has moved toward off-premise computing, there’s a bonus to the flexibility and scalability services that AWS and Microsoft 365 can provide. Incident response in the cloud is far simpler than on-premise incident response; however, all of the IR tools reside in the platform that your organization has chosen.
Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage
https://www.darkreading.com/risk/cyber-insurance-fail-businesses-lack-ransomware-coverage
Organizations lack sufficient levels of cyber-insurance coverage to protect themselves in case of a ransomware attack, with just 14% of businesses with 1,400 or fewer employees boasting coverage limits above $600,000. According to a study by BlackBerry and Corvus Insurance, 59% of responding IT decision-makers hope that the government would cover the damages of future cyber incidents.
How Older Security Vulnerabilities Continue to Pose a Threat
https://www.techrepublic.com/article/vintage-security-vulnerabilities-still-threaten-businesses/
Rezilion examined the Known Exploited Vulnerabilities Catalog maintained by CISA. Among the 790 security flaws on the list, more than 400 date back from before 2020.
Resources
Best Practices for Recovering a Microsoft Network After an Incident
Incident response to events, such as ransomware, could cause you or someone in your firm to be less than secure in how they handle the transfer and recovery of servers and key operations.
Protect Domain-Joined Computer Passwords With Windows’ Local Administrator Password Solution
https://www.techrepublic.com/article/protect-passwords-local-administrator-solution/
The Local Administrator Password Solution (LAPS) is a tool Microsoft has offered since 2015. LAPS generates unique, strong passwords for the local admin account on every computer in your domain using your policy for password complexity, stores them in your Active Directory, and automatically replaces them with new passwords, again using your password age policy. The default is 14-character passwords that change every 30 days, but these settings can be changed.
CISA Released Cybersecurity Toolkit to Protect Elections
https://www.cisa.gov/cybersecurity-toolkit-protect-elections
CISA released a one-stop catalog of free services and tools available for state and local election officials to improve the cybersecurity and resilience of their infrastructure.
Top Five Best Backup Practices
https://www.techrepublic.com/article/top-backup-practices/
The article notes the 3-2-1 rule (three total copies of data stored on at least two different media with at least one copy stored offsite), automatic backups, cloud saving, disconnected storage, and autosave settings.
How to Protect Your Industrial Facilities from USB-Based Malware
https://www.techrepublic.com/article/protect-against-usb-based-malware/
In Honeywell’s 2022 Industrial Cybersecurity USB Threat Report, it was noted that USB storage drives can be used to carry files into or out of industrial facilities. These drives are enlisted to infect systems with malware or to compromise sensitive information.
Creating a Technology Risk and Cyber Risk Appetite Framework
Risk-based management measures risk against an organization’s risk appetite to determine where further technology and cyber controls are needed. The goal is to reduce the remaining technology and cyber risks to a point the business can tolerate.
Ransomware Safeguards for Small- to Medium-Sized Businesses
The Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The guide includes recommendations of defensive actions for small- and medium-sized businesses (SMBs) to protect against and respond to ransomware and other common cyberattacks.
Link to IST’s Blueprint for Ransomware Defense:
https://securityandtechnology.org/ransomwaretaskforce/blueprint-for-ransomware-defense/
