Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.
Crypto-miner and malware found hidden inside npm libraries
Facebook sues Ukrainian who scraped the data of 178 million users
Facebook alleges that Alexander Alexandrovich Solonchenko of Kirovograd, Ukraine abused a feature of Facebook Messenger called Contact Importer, which allows users to synchronize their phone address books to find friends. Between January 2018 and September 2019, Solonchenko allegedly used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers. As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later offered for sale on RaidForums.
BlackMatter ransomware victims quietly helped using secret decryptor
Soon after the BlackMatter ransomware operation launched, Emsisoft discovered a flaw allowing them to create a decryptor recover victim’s files. Emsisoft immediately alerted law enforcement, ransomware negotiations firms, incident response firms, CERTS worldwide, and trusted partners with information about the decryptor, choosing to keep things quiet so as to not alert the ransomware gangs to the flaws. As victims started refusing to pay, BlackMatter grew increasingly suspicious and angry with ransomware negotiators, to the point of sending death threats.
Microsoft report on Nobelium
Microsoft announced the Nobelium threat group, previously behind the SolarWinds supply chain attack, has breached at least 14 managed service and cloud providers since May 2021. Overall Microsoft said 609 customers were notified of 22,868 attacks between July and October, although Nobelium saw a low single digit success rate. To put the scale of this activity into context, Microsoft said this is more than all of the notifications about attacks from state-affiliated groups it sent to customers in the three years prior to July 2021. While the organization is constantly changing tactics and attack vectors, it’s overall mission appears to be gaining long-term access to the systems of targets of interest and establish espionage and exfiltration channels.
Healthcare organizations struggle with breaches
A new report from the Ponemon Institute and SecureLink found that in the last 12 months, 44% of healthcare organizations surveyed have experienced a data breach caused by a third-party. Part of the problem comes from the fact that these organizations are not equipped to properly monitor third-parties, with only 41% saying they had a comprehensive inventory of third parties with access to critical systems, and only 44% having visibility into levels of access from internal and external users. (VentureBeat)
Thanks to our episode sponsor, Banyan Security
Iranian gas stations out of service after cyberattack
The National Iranian Oil Products Distribution Company (NIOPDC), who operate a network of more than 3,500 gas stations across Iran, saw gas station operations come to a halt Tuesday due to a cyberattack, leaving Iranians waiting in gas station lines for hours. As news of the incident spread, a string of hacks on electronic road billboards displayed messages demanding an explanation or asking for fuel. One message reading “cyberattack 64411”, appears to make reference to a cyberattack in July that disrupted Iran’s train service. The BBC reports that Iran’s Supreme Council of Cyberspace believes the incident is state-sponsored, although it’s too early to say which country is responsible.
Researcher cracked 70% of sampled WiFi networks
CyberArk security researcher Ido Hoorvitch has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv. The researcher roamed the city armed with a $50 network card and a freeware sniffing setup comprised of WireShark on UbuntuWiFi to gather hashes and then exploited a flaw that allows the retrieval of the PMKID hash. Using a standard laptop and a dictionary attack using the Rockyou dictionary file, the researcher cracked 3,359 passwords many of which were set to the user’s cell phone numbers or used a weak passwords comprised of only lower-case characters. The research highlights that many home networks are easy to hijack and to better protect them, home users should set passwords at least ten characters long with a mix of lower case and upper case letters, symbols and digits. Further, it is recommended that users also disable both roaming and WPS, if they are supported by their router.
Half of home workers buy potentially insecure technology
Incidents of shadow IT have snowballed during the pandemic as remote workers bought devices without vetting from the IT department, a new report from HP has warned. Based on a global survey of 1100 IT decision-makers and a separate poll of more than 8400 home workers in the US, the UK, Mexico, Germany, Australia, Canada, and Japan, 45% said they’d bought IT equipment such as printers or PCs to support home working over the past year. However, 68% said security wasn’t as big a consideration as other factors like price or functionality when purchasing, and 43% didn’t have their new laptop or PC checked or installed by IT. The report also says 70% of home workers who had clicked on malicious phishing emails said they didn’t report it to IT.
Nearly all US execs have experienced a cybersecurity threat, but some say there’s still no plan
On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US). The research — including insight from those in CEO, CISO, and other leadership roles — suggests that 98% of US executives have come across at least one cybersecurity event over the past year. The research suggests that the common consequences experienced by today’s firms after an incident include disruption, a drop in share value, intellectual property theft, damage to reputation that prompts a loss in customer trust, and a change in leadership roles. Of interest in the report is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of “well-meaning” employees who may inadvertently create avenues for attackers to exploit.