Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.
French president pushes for Israeli inquiry into NSO spyware concerns
Emmanuel Macron has reportedly spoken to the Israeli prime minister, Naftali Bennett, to ensure that the Israeli government is properly investigating allegations that the French president could have been targeted with Israeli-made spyware by Morocco’s security services. In a phone call, Macron expressed concern that his phone and those of most of his cabinet could have been infected with the Pegasus hacking software developed by the Israeli surveillance firm NSO Group, which enables operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones from infected devices. NSO has said Macron was not a “target” of any of its customers, meaning the company denies he was selected for surveillance using Pegasus.
Kaseya gets universal decryptor to help REvil ransomware victims/demands NDA
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. The company said in a statement that it had obtained the tool from a third-party and have no reports of any problem or issues associated with it. It’s still not clear if Kaseya paid any ransom, but it is worth noting that REvil affiliates had initially demanded $70 million — which was subsequently lowered to $50 million, after which REvil itself disappeared.
Programming languages used to obscure malware
A new report by the BlackBerry Research and Intelligence Team found that threat actors are increasingly using Go, Rust, Nim and DLang to create new malware tools or rewrite existing ones. While Rust and Go are increasingly popular languages overall, the researchers found they were still effective at hindering analysis. While most malware monitored is still written in C, the report found APT28 and APT29 increasingly using Go for malware, which have used malware rewritten in the language since 2018. The initial stager for Cobalt Strike malware was also seen written in Go and Nim. The report found that using more obscure languages can make reverse engineer malware slower, prevent signature-based scanning, and better target multiple platforms.
Google launches new Bug Hunters vulnerability rewards platform
Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. Since launching its first VRP more than ten years ago, the company has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. In all, Google says that the researchers have been rewarded $29,357,516 since January 2010. This new site brings Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues. It has also launched a new Bug Hunter University, which would allow bug hunters to brush up on their skills or start a hunting learning streak.
Thanks to our episode sponsor,
Microsoft Teams now automatically blocks phishing attempts
Safe Links is a feature in Defender for Office that provides URL scanning and “time-of-click verification” of URLs and links in email messages, groups, and other locations. Safe Links can help protect enterprise organizations from malicious links sent by threat actors behind phishing attempts and other attacks. The newly Safe Links protection is now generally available to all Teams users, and it works for links in conversations, group chats, and Teams channels. However since there is no Safe Links policy enabled by default, admins will have to create one or more policies to get the protection of Safe Links in Microsoft Teams.
US has new cyber security rules for pipelines
The federal government has launched new regulations requiring owners of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.” This was the second time since May that the Department of Homeland Security (DHS) issued a cyber security directive aimed at US pipeline operators. It comes in the wake of the Colonial Pipeline hack that disrupted fuel supplies across the southeastern US for days. The security directive requires critical pipelines to take defensive measures to protect themselves from ransomware attacks and other known threats to IT systems. Pipeline owners must also have a cyber security contingency and recovery plan in place.(ITPro.co.uk)
The cost of enterprise data breaches hits record high
According to IBM Security’s “Cost of a Data Breach” report, the average data breach costs an enterprise $4.24 million dollars, up 10% from last year. The report found that “drastic operational shifts” as a result of the pandemic increased the difficulty of containing security events, resulting in higher costs. This came as 60% of organizations ramped up cloud initiatives without a corresponding increase in security controls. Compromised credentials was the most common vector, and Personally identifiable information was stolen roughly 50% of the time a network was compromised. Reaction time also suffered, with organizations taking 287 days to detect and contain a data breach on average, a 7 day increase from the year before.
Biden: Severe cyberattacks could escalate to ‘real shooting war’
President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a “real shooting war” with another major world power. He named Russia and China as the USA’s partners and “possibly mortal competitors down the road,” stating further, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence.”