“Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween”
Halloween is right around the corner, and unfortunately for Ferrara, a Chicago-based candy manufacturer behind some of America’s most popular candies, was the victim of a ransomware attack that encrypted its systems. This hack was first spotted on October 9 when the hackers encrypted the company’s computer system, and a payment was demanded; fortunately, they satisfied most of their candy orders before the attack, and immediately secured all systems and began an investigation. At this point, no knows who is behind this hack, but BlackMatter (an RaaS group) has been named as a possible hacker. Ferrera is working with law enforcement and third-party specialists to restore impacted systems as quickly and securely as possible.
I came across this article that details how GitHub issued a ‘critical severity’ warning stating that any computer with the embedded npm package ‘should be considered fully compromised’.
The npm package in question is UA-Parser.js, a popular JavaScript library used to detect browser, OS, CPU, and device type/model from User-Agent data with companies like Microsoft, Amazon, Facebook, Apple and Oracle among its users.
I had never heard of GitHub issuing a critical severity warning like this, so I found this article particularly interesting, and this goes to show the importance of keeping up to date with the latest news and knowing what is out there.
I thought your article is very good and certainly has bearing on this week news article. And it is absolutely intriguing and has far-reaching consequences security network within an organization’s network security.
I thought this was interesting and tangentially related to this week’s topic of network security. Many IDS/IPS solutions are incorporating Artificial Intelligence (AI) into their analysis of events. It’s interesting to consider the implications of AI adoption from a cybersecurity perspective.
AI continues to grow in prevalence, yet security professionals are often unaware of the challenges adopting AI creates. AI products often have unfettered access to every data source within the organization. This raises concerns for confidentiality, integrity, and availability of the data. Information could be modified to shape AI outcomes or exposed via third party vulnerabilities. The author recommends that companies embrace Zero Trust, which includes implementing risk based access controls, assigning least permissioned access by default, and embedding resilience requirements into network architecture to avoid single points of failure. The adoption of AI technology provides many benefits, but failure to understand the risks could exacerbate inherent vulnerabilities within the technology.
This article talks about the trends of ransomware and its impact on cyber insurance.
In 2021, ransomware claim frequency dropped by 50% in q2 2021. The frequency of ransom payouts also decreased from 44% in q3 2020 to 12% in q2 2021.
The insurance market has been pressuring policy holders to implement better controls, as they often times exclude or restrict ransomware coverage if controls aren’t adequate. This has driven positive change in the market, as seen by the reduction in ransom payouts.
The article then goes on to discuss that these positive findings will reward companies with lower premiums, which I (as an insurance underwriter) disagree with. Cyber insurance is a relatively new offering, only about 20 years old. It has been chronically under priced in the decade preceding 2020. Between 2010 and 2020, the market saw rate decrease after decrease until the prices were ludicrously low. In q3 2019, a $50m revenue company could have easily gotten a $1m cyber insurance policy for $7,500. Meaning the insurance company would need to write that company for nearly 200 years (accounting for the expense ratio) in order to pay off a limit loss.
I should also note that the cyber insurance carriers they interviewed (corvus and cowbell) are relatively new companies that lack firsthand market insight from the decades preceding the ransomware pandemic.
Ultimately, I don’t think we will see a reduction in premium due to the reduction in ransomware payments. I do think the premium increases will slow down, but I think 2021 will allow insurance carriers to rethink the coverages and add ons they’re adding to current policies. If 2020 was the year or rate increases, 2021 will be the year of coverage reductions.
This Dark Reading article is a tactical piece on how to “lock down” or secure printers on a company network. Printers are low-hanging fruit for attackers as these devices are often easily accessible because they’re set up for remote connectivity. Printers “come with many applications, including Web servers – which, like any other application, can have default passwords and vulnerabilities – and hold a significant amount of sensitive information” (Zurier, 2021).
Furthermore a compromised printer can become an entry point for attackers to gain access to the larger network. Some of the security tips include: treating printers like IoT devices, enabling logs, segmenting printers from sensitive networks (VLANS), and regularly monitoring your printer’s IP address with tools like shodan to discover and remediate potential vulnerabilities.
Cyber Security specialist has spotted a sample of datasets on the hacker forums called RaidForums. The researcher has claimed that the data that was available include the full name, gender, email address, and a phone number which were associated to the users of LinkedIn. The LinkedIn has denied that they had any data breach. The researcher has found 700 million user information on that site. Which the 92% of the data was of the LinkedIn users. LinkedIn has claimed that the data was obtained through the data scraping. The information that would be available online on different websites. LinkedIn has stated that the user information was not exposed of the accounts that had a privacy setting enabled.
I’ve had the same experience. For the issue of LinkedIn data breach. I had filled out personal information related to LinkedIn and since then, I keep receiving all kinds of personal information related to me being leaked, and since I had only filled out my personal information on LinkedIn during that time, I think there is a great possibility that they are leaking our personal information data out.
Dan – like you I have seen my data show up in various places and wondered whether LinkedIn suffered a breach. However, when I looked at the data that was ‘leaked’ it was all data that is accessible via LinkedIn APIs and quite likely somebody with a higher subscription (a recruiter) just mined the LinkedIn APIs and built a data base on the back end of the data mining. So you are correct that they are ‘leaking our personal information out’, but I think we all gave them permission to do so… :-(.
The article describes the government’s announcement that its cyber attack agency will be based in Lancashire. It has been operating since April 2020, bringing MI6, cyber espionage agency GCHQ and military officials under unified command for the first time. The National Cyber Force (NCF) will be based in Samlesbury, where an aircraft manufacturing plant was opened for military technology company BAE Systems, which has been active in the development of military aircraft since 1922. A Conservative spokesman said it would be “home to thousands of cyber hackers and analysts” and would create hundreds of support jobs in business and legal affairs. Intelligence agency GCHQ opened a hub in Manchester in 2019, operating alongside its headquarters in Cheltenham and offices in Cornwall and Scarborough.
The University of Colorado had a data security compromise through a vulnerability in software provided by Atlassian. This breach compromised 30,000 former and current CU affiliates. Some of the data did contain PII, and the affected individuals will be notified by email, and they will be provided with monitoring tools.
SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
Nobelium, the Russia-based threat actor behind the supply chain attack on SolarWinds, is targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies.
Since May, Nobelium has attacked at least 140 cloud service providers and compromised 14 of them, according to Microsoft, which has been tracking the campaign.
Conti Ransom Gang Starts Selling Access to Victims
I found this article to be an interesting and informative read. There is a ransomware by the name of Conti that has a “user shaming blog”. This blog is typically used to post confidential files of victims who refused to negotiate a ransom payment, sometime the files are even sold. However the Conti ransomware team has changed their approach a bit. It is now offering to sell access to many of the organizations that it had hacked. This move has confused some experts who have speculated that it could potentially be a sign that the Conti group is closing down their operations and wants to sell off access to already in progress breaches. It also could be seen as a negotiation ploy for the breached companies who have not payed up yet.
Argentina has been victim to possibly the worst data breach in their history. A government database containing national ID card information for every citizen has been posted for sale on the dark web. The hacker has posted ID photos and PI of over 40 of the country’s celebrities including Lionel Messi as proof of the breach. The Argentinian government however does not think this is a breach from an outsider. It is to be believed this attack is coming internally from potentially 8 employees who have access to the database. This type of breach is very labor intensive and risky way of making money which could quickly be cut off if the government cuts access beyond the logins and VPN that was used in the breach.
Here is a link to an interesting article about 5g and honeynets (aka – honey pots). It is not necessarily breaking news, but I liked the link because it went one step deeper into how a honeypot works in terms of getting a botnet to reveal it’s patterns and actions.
The two graphics towards the bottom of the article showed the steps taken once a bot has entered the honeynet. Once those are captured then the identification/prevention/mitigation process can begin.
5G effectively turns every smartphone into a more powerful platform from which to launch co-ordinated attacks. The incremental bandwidth that 5G enables to each device allows bad people to do more with the mobile device than they could previously do in a 4G cellular network.
This article by Krebs On Security shows an interesting perspective on how a ransomware actor operates which I hope provides more information than the typical understanding that the target’s data is encrypted and they just have to pay the ransom to get it back, or pray that they have an effective backup system in place so that they don’t pay the ransom and are okay with losing maybe minimal data instead of many millions of dollars. In this analysis of the infamous Conti ransomware group, Brian Krebs informs how this particular group is now advancing the offensive strategy for ransomware groups. For those “clients” (the victims), as they are called by Conti, who refuse to pay the ransom are then added to a shaming-centered blog, where they actually list some confidential files obtained by breaching each respective organization, and they even list it for sale there now. This may sound similar to the aftermath of the Target case we analyzed, but with another layer of pressure now to try to get the victims to pay the ransom. It may seem somewhat confusing why they might post some evidence, but it is believed that they may be re-branding to another threat actor group, and they are looking for a capable buyer who can then sell the extracted confidential data. Regardless, it might be realistic that it could change the future ransomware landscape to come, raising pressure to organizations to pay. It is mentioned in the article that they may be slightly intimidated by advancing defensive measures in Europe with US cooperation to take down some of the top ransomware groups.
Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Craigslist’s email system was attacked by hackers to deliver malware by avoiding Microsoft Office security controls. The hackers sent out emails falsely informing Craigslist users on how to avoid having their accounts deleted, which was an attempt to bait users into giving the attackers personal information. Since Craigslist users are anonymously in pursuit of buying and selling products and services, the emails were sent mainly to users who had posted ads on the website, “informing” these users that the ad they posted was inappropriate. The email then threatened to ban the user from the platform unless they filled out a form which only could be accessed by the malicious link provided. Craigslist users were advised to be on the lookout for these kinds of attacks, and added that any emails that seem unusual should be viewed as potentially malicious.
The article I chose for this week is in reference to the cyber security workforce. According to the article, 700,000 jobs were filled in our field last year. However, there is still an astounding 2 millions cyber security roles that needs to be filled. Prior to reading this article and even starting Temple’s (ITACS) program.. I knew there were plenty of jobs, yet not enough professionals. As of now, there are about 4.2 million people working in the field worldwide, and the article proclaims that number needs to grow 65% (which is about 2.7 million more jobs that need to be filled).
The majority of the professionals working in cyber security are Caucasian men. About 25% of the professionals are women. A lot of the cyber security workforce are highly educated, with 86% having a bachelor’s degree or higher. Two-thirds of that group either has a math or an engineering degree, and their average salary is about $91,000. Organizations are struggling to fill these roles, and the talent the scout are readily receiving multiple job offers.
Finally, the article discusses how there is a disconnect in the profession’s hiring process. “Businesses continue to have unrealistic expectations when hiring cybersecurity professionals, often looking for far more experienced candidates than a given position requires.” (Robert Lemos) Organizations need to be aware of the gap that needs to be filled in hiring these professionals. Moreover, the writer believes that they should be focused on workforce diversification when doing so.
In this blog it went over 10 different ways to avoid phishing scams. I believe all the tips mentioned in this article can be applied easily for the day to day person as phishing scams and social engineering is perhaps the most common way of breaching through security. My favorite recommendations mentioned in this blog is to never click on an unknown link, rotate passwords, and use free anti phishing add ons. With these 3 steps I believe it would prevent most phishing scams as the add on can be used as an extra layer of defense to let the user know that it is not a trustworthy source. With not clicking any links it eliminates the chances of giving away your password or downloading any ransomware. And lastly having a different password to everything or having a variation of a few will go a long way as most users use the same password for everything.
The article I read this week, “Calls to Beef Up Cybersecurity Follow Missouri Information Breach” by Lily Bohlke of the Missorui News Service , and it is exactly how it sounds. Governor Mike Parson of Missouri is getting heat to get the state’s Cybersecurity Commission going after a flaw in the Department of Elementary and Secondary Education’s website put thousands of educator’s PI at risk. Due to this, State Representative Ashley Aune described that Missouri needs to get the program going, which will help identify vulnerabilities and recommend solutions. She believes the commission needs to be filled in order to advise the Governor on what needs to be done. In the breach, over 100,000 social security numbers were potentially exposed, which is why Aune believes that cybersecurity must be addressed now. She also added that it is beneficial to Missourians because it is cheaper to prevent a breach than attempting to resolve one after it happens.
The news I found this week was right on the topic what we’ve covered on this week’s reading questions and interesting enough to be shared. The author, Paul, explains how DDoS attacks became an everyday thing regardless of your business portion. The only thing attackers need is for you to connect to the Internet.
The numbers are even more interesting when it comes to the attacks, according to the news, there is a 12% increase in potential DDoS weapons (12.5 million). During COVID, DDoS attacks reached its highest point due to lockdown and a rapid shift to online activities. With increased online education, healthcare and consumer shopping, targets increased for attackers.
Then, news shifts to recent top-five DDoS attacks. I personally found the AWS DDoS attack the most interesting. As the news mentioned, luckily the attack was not severe as it could have been. It is crazy to think that if the company wasn’t able to manage the gigantic DDoS attack in February 2020, it could cause customers to lose revenue and suffer brand damage a lot.
The article basically talks about phishing attacks that have contributed exponentially, by targeting every sector of society. Despite the simplicity of the schema implemented, they have been successful in a majority of their strategies. However, the research from RSA’s October Online Fraud Report 2012 indicates that a large increase in phishing attacks, up 19% over the second half of 2011. The total loss for various organizations comes to $2.1 billion over the last 18 months. RSA determines that there have been nearly 33,000 phishing attacks each month worldwide this year; countries such as Canada have registered an increase of 400 percent in the number of attack. These figures indicated that the amplitude of the malicious phenomena and related damage, Hence, RSA portrays that the phishing attacks are exploiting new channels, such as social media and mobile platforms, due to their large use by on-line users.
This article discusses the threat landscape organizations are deploying a largely remote workspace as a result of Covid-19. Spear phishing is an attack method that is increasingly being used in order to gain remote unauthorized access into target networks. The article notes, “While the goal of a spear-phishing attack is similar to any phishing attack – to gain access to internal networks, steal credentials or information, and/or infect devices with malware – what makes it so effective is the reliance on human error, psychology and specificity”. The author suggests monitoring the social media pages of high ranking employees, ensuring no sensitive organizational data is leaked, in order to deter spear phishing in your organization,
I came across this article since previous topics had me thinking about how organizations fail to invest much more thought out processes towards security. The article talks about Google’s Project Zero team, which is essentially a team dedicated to finding zero-day exploits. They detail why it is sometimes very easy to find different lines of code that are exploitable; and even give an example as that some of the time an exploit is found and this particular line of code may be patched. However, the response is only to check this specific line of code – only for another suspicious line of code to fall unnoticed right underneath the exploited one. They also mention that Internet Explorer is one of the easiest browsers to exploit (and this remains to be very unsurprising to me).
The article also states something I was very interested from Apple. Apple effectively compartmentalized many of their applications within iPhone such as iMessage and effectively isolated the app in memory. In fact, apple has done this with many of their applications and iOS as whole to prevent hackers from brute forcing their way through; or making it much more difficult to grant access to.
Personally, I think we see much better success when companies design software with security in mind rather than apply security after development. One of my favorite things I was taught by my mentor is that he was in a situation with a software developer where they asked:
“Well, do I apply security first or do I fix the software first?”
to which he responded with:
“if you asked that question – you already failed.”
This stuck with me for the past few years because I’ve continuously seen groups try to skip on security, only to later play cat and mouse by patching band aids to a house with a foundation built on a volcano.
I found this article very interested as it’s related to our situation we are all facing: COVID 19 vaccination proof. This article talks about 22% of Brits who have received phishing emails asking them to download their ‘proof of vaccination’ in the past six months, according to new research by Tessian. The analysis found that most of these scam messages received in the UK impersonated the National Health Service (NHS), the public body that manages official vaccination pass documentation in the country.
VoIP Provider Voipfone UK Knocked Out by DDoS Attack AGAIN UPDATE
Customers of Voipfone‘s UK broadband ISP and Voice-over-Internet-Protocol (VoIP) service have signaled their frustration after the provider was knocked out yet again by a major Distributed Denial of Service (DDoS) assault against their servers, which has been periodically impacting both them and Voip Unlimited since last month.
DDoS attacks typically work by overloading a target server or end-user with masses of data requests from multiple internet-connected devices (often malware hijacked computers / botnets etc.), which can cause the intended target to crash or suffer significant performance problems until the bad traffic stops or can be mitigated (easier said than done with large-scale assaults).
When Scammers Go Phishing, They Hope to Reel in You and Your Business Data.
During the week, I came across this article in The Los Angeles Business Journal dated Tuesday, October 26, 2021. I believe this article is relevant to the discussion of the week as it clearly articulates the under-listed concerns specific to a phishing attack:
1. Definition of a phishing attack.
2. Avoiding the hook (a Phishing attack).
3. Profitability of phishing to crooks.
4. How phishing works.
5. What happens when victims get hooked by a phishing attack.
6. Awareness of phishing.
“The 8 Latest Malicious Email Threats And Trends That Can Create A Business Crisis”
Written by Edward Segal in Forbes
The article I chose to summarize this week talked above how phishing email threats have evolved from July 2020 to July 2021, and how all industries of business should change due to the effects of phishing attempts.
Cybercriminals who utilize phishing emails are getting smarter and smarter over time. The article emphasizes this by citing how these criminals send emails at the most opportune times, such as at the end of the day when they expect employees will be tired. More phishing emails are also sent during the most opportune times of the year, such as Black Friday, when cyber criminals think it will be easy to take advantage of people looking for “too-good-to-be-true” deals. Ironically enough, the article also cited that retail and manufacturing employees are targeted more frequently than other industries.
Other common tactics are name spoofing and brand impersonation. Name spoofing is when cyber criminals change their name/email to a name the person they are sending the phishing email to would recognize. Brand impersonation is when phishers change the domain of the email address to common domains that a user may be expecting to see in their inbox every so often – most commonly Microsoft, ADP, Amazon, Zoom, and more.
Most importantly (in my opinion), this article discusses how spear phishing is becoming more prominent due to the greater amount of loot that can be taken by cyber criminals and the increased chance of success when it comes to initially breaching a system. I actually changed my opinion on discussion question #3 this week due to the points this article brought up about how the phishing industry has changed over just the past year.
A quote that I think is important to mention, because it is true and hard to find a solution to, is:
“Businesses need a more advanced approach to email security to stop the threats that are getting through—the attacks that are causing the most damage—because it’s not enough to rely on your people 100% of the time.”
Josh Yavor, the CISO for Tessian (email security company), said the quote above about how even though it is individual employees responsibility to be on the lookout for phishing emails, it is getting harder for even the most trained employees to successfully detect and stay away from every single one, due to the increasing sophistication of spear phishing.
“The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of U.S. companies.”
The FBI has issued a quick alert warning that the Ranzy Locker ransomware operation has compromised at least 30 U.S. companies this year. The group has been active since at least 2020, with threat actors attacking organizations in various industries. “As of July 2021, unknown cybercriminals using Ranzy Locker ransomware have compromised more than 30 U.S. businesses. Victims include the construction sector of critical manufacturing, the academic sector of government facilities, the information technology sector, and the transportation sector.” Read the flash alert.
“Malicious Firefox Add-ons Block Browser From Downloading Security Updates”
In this article, 2 suspicious Firefox add-ons was installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. Users who downloaded the malicious extensions, have been notified to remove them. Additionally, blocking the extensions to prevent the installation by other users, Mozilla said it is pausing on approvals for new add-ons.
According to this article, A group of Cybercriminals were hacking operations and repeatedly targeting the healthcare industry with ransomware attacks. Hackers were shutting down the system and preventing access to patient records. They were also transmitting imaging and other functions that heighten risk to patients. They attacked the healthcare network and demanded money until a ransom was paid.
FIN12 is known as a group of criminals, which targets hospitals and clinics. Over 20% of ransomware attacks were identified as FIN12 and the 70% of their targets were based in the United States. The FIN12’s attacks outside North America doubled in the first half year 2021, supparsing 2019 and 2020 collectivity.
They found in the same report that 61% are not confident about their abilities to mitigate the risks of ransomware attacks during the COVID 19 outbreak.
The FBI and Department of Homeland security say that there is a credible threat posed by a ransomware gang aiming to make a quick buck as Covid 19 deaths spiked and the ransomware attacks increased in 2021.
New real-world cybersecurity training range opens in South Florida
In Fort Lauderdale, Florida, Cyberoperations Enhanced Network and Training Simulators (CyberCents) has opened a cybersecurity training range. This training range is located in a facility at the Alan B. Levan Center at Nova Southeastern University, featuring training exercises on a military grade platform; this includes software and stress training to prepare cybersecurity professionals using lifelike experiences and experimentation. In addition, the state-of-the-art facility provides a platform for individuals to complete research/development, and complete certifications. The CyberCents training range is committing to training everyone in the cybersecurity industry—from professionals to new hires. Networking opportunities and panel dsicussions will also be hosted here. This incredible facility is all thanks to a public private partnership between Broward County, FL and Nova Southeastern University. The overall aim of this initiative is to increase the number of educated cybersecurity professionals in a world of growing threats and an intense global cyber platform. I think this is incredible since in a previous in the news article I wrote, a Pentagon director resigned due to the federal government’s lack in cybersecurity initiatives. Being a new member of this industry, I am encouraged by this opporuntiy presented by the CyberCents facility, and would like to go one day.
With blockchain picking up traction since bitcoin has arise there have been a wide amount of various crypto currencies emerging. While they all might seem the same there are specific uses for these crypto coins. In this article it explains the unique NFT(Non-Fungible token) which to summarize it in general it is practically a digital certification verifying the proper rights and or ownership of anything digital. It can be a drawing, gif, music, etc. and is set to revolutionize the art industry through the means of blockchain technology by creating scarcity in the market. Applicable usage has become very popular with celebrities like Logan Paul, Linkin Park, Wayne Gretzky, Marvel, etc. and I believe this can be a game changer for collectors, buyers, traders, and gamers.
Christopher Clayton says
“Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween”
Halloween is right around the corner, and unfortunately for Ferrara, a Chicago-based candy manufacturer behind some of America’s most popular candies, was the victim of a ransomware attack that encrypted its systems. This hack was first spotted on October 9 when the hackers encrypted the company’s computer system, and a payment was demanded; fortunately, they satisfied most of their candy orders before the attack, and immediately secured all systems and began an investigation. At this point, no knows who is behind this hack, but BlackMatter (an RaaS group) has been named as a possible hacker. Ferrera is working with law enforcement and third-party specialists to restore impacted systems as quickly and securely as possible.
https://threatpost.com/ransomware- candy-corn-halloween/175630/
Andrew Nguyen says
I came across this article that details how GitHub issued a ‘critical severity’ warning stating that any computer with the embedded npm package ‘should be considered fully compromised’.
The npm package in question is UA-Parser.js, a popular JavaScript library used to detect browser, OS, CPU, and device type/model from User-Agent data with companies like Microsoft, Amazon, Facebook, Apple and Oracle among its users.
I had never heard of GitHub issuing a critical severity warning like this, so I found this article particularly interesting, and this goes to show the importance of keeping up to date with the latest news and knowing what is out there.
https://www.securityweek.com/critical-severity-warning-malware-embedded-popular-javascript-library
kofi bonsu says
I thought your article is very good and certainly has bearing on this week news article. And it is absolutely intriguing and has far-reaching consequences security network within an organization’s network security.
Matthew Bryan says
I thought this was interesting and tangentially related to this week’s topic of network security. Many IDS/IPS solutions are incorporating Artificial Intelligence (AI) into their analysis of events. It’s interesting to consider the implications of AI adoption from a cybersecurity perspective.
AI continues to grow in prevalence, yet security professionals are often unaware of the challenges adopting AI creates. AI products often have unfettered access to every data source within the organization. This raises concerns for confidentiality, integrity, and availability of the data. Information could be modified to shape AI outcomes or exposed via third party vulnerabilities. The author recommends that companies embrace Zero Trust, which includes implementing risk based access controls, assigning least permissioned access by default, and embedding resilience requirements into network architecture to avoid single points of failure. The adoption of AI technology provides many benefits, but failure to understand the risks could exacerbate inherent vulnerabilities within the technology.
Article: Cybersecurity blind spot: AI’s inherent vulnerabilities
Author: Matthew Carroll
Published: Oct 21, 2021
Link: https://gcn.com/articles/2021/10/21/cybersecurity-blind-spot.aspx
Madalyn Stiverson says
https://www.csoonline.com/article/3638108/decline-in-ransomware-claims-could-spark-change-for-cyber-insurance.html
This article talks about the trends of ransomware and its impact on cyber insurance.
In 2021, ransomware claim frequency dropped by 50% in q2 2021. The frequency of ransom payouts also decreased from 44% in q3 2020 to 12% in q2 2021.
The insurance market has been pressuring policy holders to implement better controls, as they often times exclude or restrict ransomware coverage if controls aren’t adequate. This has driven positive change in the market, as seen by the reduction in ransom payouts.
The article then goes on to discuss that these positive findings will reward companies with lower premiums, which I (as an insurance underwriter) disagree with. Cyber insurance is a relatively new offering, only about 20 years old. It has been chronically under priced in the decade preceding 2020. Between 2010 and 2020, the market saw rate decrease after decrease until the prices were ludicrously low. In q3 2019, a $50m revenue company could have easily gotten a $1m cyber insurance policy for $7,500. Meaning the insurance company would need to write that company for nearly 200 years (accounting for the expense ratio) in order to pay off a limit loss.
I should also note that the cyber insurance carriers they interviewed (corvus and cowbell) are relatively new companies that lack firsthand market insight from the decades preceding the ransomware pandemic.
Ultimately, I don’t think we will see a reduction in premium due to the reduction in ransomware payments. I do think the premium increases will slow down, but I think 2021 will allow insurance carriers to rethink the coverages and add ons they’re adding to current policies. If 2020 was the year or rate increases, 2021 will be the year of coverage reductions.
Kelly Sharadin says
This Dark Reading article is a tactical piece on how to “lock down” or secure printers on a company network. Printers are low-hanging fruit for attackers as these devices are often easily accessible because they’re set up for remote connectivity. Printers “come with many applications, including Web servers – which, like any other application, can have default passwords and vulnerabilities – and hold a significant amount of sensitive information” (Zurier, 2021).
Furthermore a compromised printer can become an entry point for attackers to gain access to the larger network. Some of the security tips include: treating printers like IoT devices, enabling logs, segmenting printers from sensitive networks (VLANS), and regularly monitoring your printer’s IP address with tools like shodan to discover and remediate potential vulnerabilities.
https://www.darkreading.com/edge-slideshows/7-ways-to-lock-down-enterprise-printers-
Vraj Patel says
Cyber Security specialist has spotted a sample of datasets on the hacker forums called RaidForums. The researcher has claimed that the data that was available include the full name, gender, email address, and a phone number which were associated to the users of LinkedIn. The LinkedIn has denied that they had any data breach. The researcher has found 700 million user information on that site. Which the 92% of the data was of the LinkedIn users. LinkedIn has claimed that the data was obtained through the data scraping. The information that would be available online on different websites. LinkedIn has stated that the user information was not exposed of the accounts that had a privacy setting enabled.
Reference:
https://www.itpro.co.uk/business-strategy/data-controller/360053/linkedin-data-breach-denial
Dan Xu says
I’ve had the same experience. For the issue of LinkedIn data breach. I had filled out personal information related to LinkedIn and since then, I keep receiving all kinds of personal information related to me being leaked, and since I had only filled out my personal information on LinkedIn during that time, I think there is a great possibility that they are leaking our personal information data out.
Richard Hertz says
Dan – like you I have seen my data show up in various places and wondered whether LinkedIn suffered a breach. However, when I looked at the data that was ‘leaked’ it was all data that is accessible via LinkedIn APIs and quite likely somebody with a higher subscription (a recruiter) just mined the LinkedIn APIs and built a data base on the back end of the data mining. So you are correct that they are ‘leaking our personal information out’, but I think we all gave them permission to do so… :-(.
Dan Xu says
“National Cyber Force to be based in Samlesbury”
The article describes the government’s announcement that its cyber attack agency will be based in Lancashire. It has been operating since April 2020, bringing MI6, cyber espionage agency GCHQ and military officials under unified command for the first time. The National Cyber Force (NCF) will be based in Samlesbury, where an aircraft manufacturing plant was opened for military technology company BAE Systems, which has been active in the development of military aircraft since 1922. A Conservative spokesman said it would be “home to thousands of cyber hackers and analysts” and would create hundreds of support jobs in business and legal affairs. Intelligence agency GCHQ opened a hub in Manchester in 2019, operating alongside its headquarters in Cheltenham and offices in Cornwall and Scarborough.
Reference: https://www.bbc.com/news/uk-england-lancashire-58779337
Dhaval Patel says
The University of Colorado had a data security compromise through a vulnerability in software provided by Atlassian. This breach compromised 30,000 former and current CU affiliates. Some of the data did contain PII, and the affected individuals will be notified by email, and they will be provided with monitoring tools.
https://www.colorado.edu/today/2021/10/25/data-security-compromise-included-files-accessed-cyber-attacker
Jason Burwell says
SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
Nobelium, the Russia-based threat actor behind the supply chain attack on SolarWinds, is targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies.
Since May, Nobelium has attacked at least 140 cloud service providers and compromised 14 of them, according to Microsoft, which has been tracking the campaign.
https://www.darkreading.com/attacks-breaches/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat
Ryan Trapp says
Conti Ransom Gang Starts Selling Access to Victims
I found this article to be an interesting and informative read. There is a ransomware by the name of Conti that has a “user shaming blog”. This blog is typically used to post confidential files of victims who refused to negotiate a ransom payment, sometime the files are even sold. However the Conti ransomware team has changed their approach a bit. It is now offering to sell access to many of the organizations that it had hacked. This move has confused some experts who have speculated that it could potentially be a sign that the Conti group is closing down their operations and wants to sell off access to already in progress breaches. It also could be seen as a negotiation ploy for the breached companies who have not payed up yet.
https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/#more-57318
Corey Arana says
Argentina has been victim to possibly the worst data breach in their history. A government database containing national ID card information for every citizen has been posted for sale on the dark web. The hacker has posted ID photos and PI of over 40 of the country’s celebrities including Lionel Messi as proof of the breach. The Argentinian government however does not think this is a breach from an outsider. It is to be believed this attack is coming internally from potentially 8 employees who have access to the database. This type of breach is very labor intensive and risky way of making money which could quickly be cut off if the government cuts access beyond the logins and VPN that was used in the breach.
Richard Hertz says
Here is a link to an interesting article about 5g and honeynets (aka – honey pots). It is not necessarily breaking news, but I liked the link because it went one step deeper into how a honeypot works in terms of getting a botnet to reveal it’s patterns and actions.
The two graphics towards the bottom of the article showed the steps taken once a bot has entered the honeynet. Once those are captured then the identification/prevention/mitigation process can begin.
5G effectively turns every smartphone into a more powerful platform from which to launch co-ordinated attacks. The incremental bandwidth that 5G enables to each device allows bad people to do more with the mobile device than they could previously do in a 4G cellular network.
https://www.computer.org/publications/tech-news/research/botnet-cyberthreat-5g-solution
Antonio Cozza says
This article by Krebs On Security shows an interesting perspective on how a ransomware actor operates which I hope provides more information than the typical understanding that the target’s data is encrypted and they just have to pay the ransom to get it back, or pray that they have an effective backup system in place so that they don’t pay the ransom and are okay with losing maybe minimal data instead of many millions of dollars. In this analysis of the infamous Conti ransomware group, Brian Krebs informs how this particular group is now advancing the offensive strategy for ransomware groups. For those “clients” (the victims), as they are called by Conti, who refuse to pay the ransom are then added to a shaming-centered blog, where they actually list some confidential files obtained by breaching each respective organization, and they even list it for sale there now. This may sound similar to the aftermath of the Target case we analyzed, but with another layer of pressure now to try to get the victims to pay the ransom. It may seem somewhat confusing why they might post some evidence, but it is believed that they may be re-branding to another threat actor group, and they are looking for a capable buyer who can then sell the extracted confidential data. Regardless, it might be realistic that it could change the future ransomware landscape to come, raising pressure to organizations to pay. It is mentioned in the article that they may be slightly intimidated by advancing defensive measures in Europe with US cooperation to take down some of the top ransomware groups.
https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/#more-57318
Michael Galdo says
Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Craigslist’s email system was attacked by hackers to deliver malware by avoiding Microsoft Office security controls. The hackers sent out emails falsely informing Craigslist users on how to avoid having their accounts deleted, which was an attempt to bait users into giving the attackers personal information. Since Craigslist users are anonymously in pursuit of buying and selling products and services, the emails were sent mainly to users who had posted ads on the website, “informing” these users that the ad they posted was inappropriate. The email then threatened to ban the user from the platform unless they filled out a form which only could be accessed by the malicious link provided. Craigslist users were advised to be on the lookout for these kinds of attacks, and added that any emails that seem unusual should be viewed as potentially malicious.
https://threatpost.com/attackers-hijack-craigslist-email-malware/175754/
Joshua Moses says
The article I chose for this week is in reference to the cyber security workforce. According to the article, 700,000 jobs were filled in our field last year. However, there is still an astounding 2 millions cyber security roles that needs to be filled. Prior to reading this article and even starting Temple’s (ITACS) program.. I knew there were plenty of jobs, yet not enough professionals. As of now, there are about 4.2 million people working in the field worldwide, and the article proclaims that number needs to grow 65% (which is about 2.7 million more jobs that need to be filled).
The majority of the professionals working in cyber security are Caucasian men. About 25% of the professionals are women. A lot of the cyber security workforce are highly educated, with 86% having a bachelor’s degree or higher. Two-thirds of that group either has a math or an engineering degree, and their average salary is about $91,000. Organizations are struggling to fill these roles, and the talent the scout are readily receiving multiple job offers.
Finally, the article discusses how there is a disconnect in the profession’s hiring process. “Businesses continue to have unrealistic expectations when hiring cybersecurity professionals, often looking for far more experienced candidates than a given position requires.” (Robert Lemos) Organizations need to be aware of the gap that needs to be filled in hiring these professionals. Moreover, the writer believes that they should be focused on workforce diversification when doing so.
https://www.darkreading.com/careers-and-people/cybersecurity-talent-gap-narrows-as-workforce-grows
Wilmer Monsalve says
In this blog it went over 10 different ways to avoid phishing scams. I believe all the tips mentioned in this article can be applied easily for the day to day person as phishing scams and social engineering is perhaps the most common way of breaching through security. My favorite recommendations mentioned in this blog is to never click on an unknown link, rotate passwords, and use free anti phishing add ons. With these 3 steps I believe it would prevent most phishing scams as the add on can be used as an extra layer of defense to let the user know that it is not a trustworthy source. With not clicking any links it eliminates the chances of giving away your password or downloading any ransomware. And lastly having a different password to everything or having a variation of a few will go a long way as most users use the same password for everything.
https://www.lepide.com/blog/10-ways-to-prevent-phishing-attacks/
Alexander William Knoll says
The article I read this week, “Calls to Beef Up Cybersecurity Follow Missouri Information Breach” by Lily Bohlke of the Missorui News Service , and it is exactly how it sounds. Governor Mike Parson of Missouri is getting heat to get the state’s Cybersecurity Commission going after a flaw in the Department of Elementary and Secondary Education’s website put thousands of educator’s PI at risk. Due to this, State Representative Ashley Aune described that Missouri needs to get the program going, which will help identify vulnerabilities and recommend solutions. She believes the commission needs to be filled in order to advise the Governor on what needs to be done. In the breach, over 100,000 social security numbers were potentially exposed, which is why Aune believes that cybersecurity must be addressed now. She also added that it is beneficial to Missourians because it is cheaper to prevent a breach than attempting to resolve one after it happens.
Alexander William Knoll says
https://www.kmaland.com/news/calls-to-beef-up-cybersecurity-follow-missouri-information-breach/article_6f586f80-3363-11ec-ae87-27a8f735d4b5.html
Miray Bolukbasi says
The news I found this week was right on the topic what we’ve covered on this week’s reading questions and interesting enough to be shared. The author, Paul, explains how DDoS attacks became an everyday thing regardless of your business portion. The only thing attackers need is for you to connect to the Internet.
The numbers are even more interesting when it comes to the attacks, according to the news, there is a 12% increase in potential DDoS weapons (12.5 million). During COVID, DDoS attacks reached its highest point due to lockdown and a rapid shift to online activities. With increased online education, healthcare and consumer shopping, targets increased for attackers.
Then, news shifts to recent top-five DDoS attacks. I personally found the AWS DDoS attack the most interesting. As the news mentioned, luckily the attack was not severe as it could have been. It is crazy to think that if the company wasn’t able to manage the gigantic DDoS attack in February 2020, it could cause customers to lose revenue and suffer brand damage a lot.
https://www.a10networks.com/blog/5-most-famous-ddos-attacks/
kofi bonsu says
The article basically talks about phishing attacks that have contributed exponentially, by targeting every sector of society. Despite the simplicity of the schema implemented, they have been successful in a majority of their strategies. However, the research from RSA’s October Online Fraud Report 2012 indicates that a large increase in phishing attacks, up 19% over the second half of 2011. The total loss for various organizations comes to $2.1 billion over the last 18 months. RSA determines that there have been nearly 33,000 phishing attacks each month worldwide this year; countries such as Canada have registered an increase of 400 percent in the number of attack. These figures indicated that the amplitude of the malicious phenomena and related damage, Hence, RSA portrays that the phishing attacks are exploiting new channels, such as social media and mobile platforms, due to their large use by on-line users.
https://resources.infosecinstitute.com/topic/phishing-dangerous-cyber-threat/
Bryan Garrahan says
https://www.securitymagazine.com/articles/96277-human-error-psychology-and-specificity-the-power-of-spear-phishing
This article discusses the threat landscape organizations are deploying a largely remote workspace as a result of Covid-19. Spear phishing is an attack method that is increasingly being used in order to gain remote unauthorized access into target networks. The article notes, “While the goal of a spear-phishing attack is similar to any phishing attack – to gain access to internal networks, steal credentials or information, and/or infect devices with malware – what makes it so effective is the reliance on human error, psychology and specificity”. The author suggests monitoring the social media pages of high ranking employees, ensuring no sensitive organizational data is leaked, in order to deter spear phishing in your organization,
Michael Duffy says
I came across this article since previous topics had me thinking about how organizations fail to invest much more thought out processes towards security. The article talks about Google’s Project Zero team, which is essentially a team dedicated to finding zero-day exploits. They detail why it is sometimes very easy to find different lines of code that are exploitable; and even give an example as that some of the time an exploit is found and this particular line of code may be patched. However, the response is only to check this specific line of code – only for another suspicious line of code to fall unnoticed right underneath the exploited one. They also mention that Internet Explorer is one of the easiest browsers to exploit (and this remains to be very unsurprising to me).
The article also states something I was very interested from Apple. Apple effectively compartmentalized many of their applications within iPhone such as iMessage and effectively isolated the app in memory. In fact, apple has done this with many of their applications and iOS as whole to prevent hackers from brute forcing their way through; or making it much more difficult to grant access to.
Personally, I think we see much better success when companies design software with security in mind rather than apply security after development. One of my favorite things I was taught by my mentor is that he was in a situation with a software developer where they asked:
“Well, do I apply security first or do I fix the software first?”
to which he responded with:
“if you asked that question – you already failed.”
This stuck with me for the past few years because I’ve continuously seen groups try to skip on security, only to later play cat and mouse by patching band aids to a house with a foundation built on a volcano.
https://www.technologyreview.com/2021/02/03/1017242/google-project-zero-day-flaw-security/
Ornella Rhyne says
I found this article very interested as it’s related to our situation we are all facing: COVID 19 vaccination proof. This article talks about 22% of Brits who have received phishing emails asking them to download their ‘proof of vaccination’ in the past six months, according to new research by Tessian. The analysis found that most of these scam messages received in the UK impersonated the National Health Service (NHS), the public body that manages official vaccination pass documentation in the country.
https://www.infosecurity-magazine.com/news/brits-proof-vaccination-phishing/
Bernard Antwi says
VoIP Provider Voipfone UK Knocked Out by DDoS Attack AGAIN UPDATE
Customers of Voipfone‘s UK broadband ISP and Voice-over-Internet-Protocol (VoIP) service have signaled their frustration after the provider was knocked out yet again by a major Distributed Denial of Service (DDoS) assault against their servers, which has been periodically impacting both them and Voip Unlimited since last month.
DDoS attacks typically work by overloading a target server or end-user with masses of data requests from multiple internet-connected devices (often malware hijacked computers / botnets etc.), which can cause the intended target to crash or suffer significant performance problems until the bad traffic stops or can be mitigated (easier said than done with large-scale assaults).
https://www.ispreview.co.uk/index.php/2021/10/voip-provider-voipfone-uk-knocked-out-by-ddos-attack-again.html?web_view=true
Olayinka Lucas says
When Scammers Go Phishing, They Hope to Reel in You and Your Business Data.
During the week, I came across this article in The Los Angeles Business Journal dated Tuesday, October 26, 2021. I believe this article is relevant to the discussion of the week as it clearly articulates the under-listed concerns specific to a phishing attack:
1. Definition of a phishing attack.
2. Avoiding the hook (a Phishing attack).
3. Profitability of phishing to crooks.
4. How phishing works.
5. What happens when victims get hooked by a phishing attack.
6. Awareness of phishing.
Reference:
https://labusinessjournal.com/news/2021/sep/29/when-scammers-go-phishing-they-hope-reel-you-and/
Michael Jordan says
“The 8 Latest Malicious Email Threats And Trends That Can Create A Business Crisis”
Written by Edward Segal in Forbes
The article I chose to summarize this week talked above how phishing email threats have evolved from July 2020 to July 2021, and how all industries of business should change due to the effects of phishing attempts.
Cybercriminals who utilize phishing emails are getting smarter and smarter over time. The article emphasizes this by citing how these criminals send emails at the most opportune times, such as at the end of the day when they expect employees will be tired. More phishing emails are also sent during the most opportune times of the year, such as Black Friday, when cyber criminals think it will be easy to take advantage of people looking for “too-good-to-be-true” deals. Ironically enough, the article also cited that retail and manufacturing employees are targeted more frequently than other industries.
Other common tactics are name spoofing and brand impersonation. Name spoofing is when cyber criminals change their name/email to a name the person they are sending the phishing email to would recognize. Brand impersonation is when phishers change the domain of the email address to common domains that a user may be expecting to see in their inbox every so often – most commonly Microsoft, ADP, Amazon, Zoom, and more.
Most importantly (in my opinion), this article discusses how spear phishing is becoming more prominent due to the greater amount of loot that can be taken by cyber criminals and the increased chance of success when it comes to initially breaching a system. I actually changed my opinion on discussion question #3 this week due to the points this article brought up about how the phishing industry has changed over just the past year.
A quote that I think is important to mention, because it is true and hard to find a solution to, is:
“Businesses need a more advanced approach to email security to stop the threats that are getting through—the attacks that are causing the most damage—because it’s not enough to rely on your people 100% of the time.”
Josh Yavor, the CISO for Tessian (email security company), said the quote above about how even though it is individual employees responsibility to be on the lookout for phishing emails, it is getting harder for even the most trained employees to successfully detect and stay away from every single one, due to the increasing sophistication of spear phishing.
https://www.forbes.com/sites/edwardsegal/2021/09/27/the-8-latest-malicious-email-threats-and-trends-that-can-create-a-business-crisis/?sh=611dd5a5c90b
zijian ou says
“The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of U.S. companies.”
The FBI has issued a quick alert warning that the Ranzy Locker ransomware operation has compromised at least 30 U.S. companies this year. The group has been active since at least 2020, with threat actors attacking organizations in various industries. “As of July 2021, unknown cybercriminals using Ranzy Locker ransomware have compromised more than 30 U.S. businesses. Victims include the construction sector of critical manufacturing, the academic sector of government facilities, the information technology sector, and the transportation sector.” Read the flash alert.
zijian ou says
https://securityaffairs.co/wordpress/123801/cyber-crime/ranzy-locker-ransomware.html?web_view=true
Victoria Zak says
“Malicious Firefox Add-ons Block Browser From Downloading Security Updates”
In this article, 2 suspicious Firefox add-ons was installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. Users who downloaded the malicious extensions, have been notified to remove them. Additionally, blocking the extensions to prevent the installation by other users, Mozilla said it is pausing on approvals for new add-ons.
Reference:
https://thehackernews.com/2021/10/malicious-firefox-add-ons-block-browser.html?m=1
Mohammed Syed says
According to this article, A group of Cybercriminals were hacking operations and repeatedly targeting the healthcare industry with ransomware attacks. Hackers were shutting down the system and preventing access to patient records. They were also transmitting imaging and other functions that heighten risk to patients. They attacked the healthcare network and demanded money until a ransom was paid.
FIN12 is known as a group of criminals, which targets hospitals and clinics. Over 20% of ransomware attacks were identified as FIN12 and the 70% of their targets were based in the United States. The FIN12’s attacks outside North America doubled in the first half year 2021, supparsing 2019 and 2020 collectivity.
They found in the same report that 61% are not confident about their abilities to mitigate the risks of ransomware attacks during the COVID 19 outbreak.
The FBI and Department of Homeland security say that there is a credible threat posed by a ransomware gang aiming to make a quick buck as Covid 19 deaths spiked and the ransomware attacks increased in 2021.
https://www.cbsnews.com/news/cyberattacks-ransomware-hacking-hospitals-target-foreign-groups/
“Foreign hacking group targets hospital clinics with ransomware attacks says new report”
Lauren Deinhardt says
New real-world cybersecurity training range opens in South Florida
In Fort Lauderdale, Florida, Cyberoperations Enhanced Network and Training Simulators (CyberCents) has opened a cybersecurity training range. This training range is located in a facility at the Alan B. Levan Center at Nova Southeastern University, featuring training exercises on a military grade platform; this includes software and stress training to prepare cybersecurity professionals using lifelike experiences and experimentation. In addition, the state-of-the-art facility provides a platform for individuals to complete research/development, and complete certifications. The CyberCents training range is committing to training everyone in the cybersecurity industry—from professionals to new hires. Networking opportunities and panel dsicussions will also be hosted here. This incredible facility is all thanks to a public private partnership between Broward County, FL and Nova Southeastern University. The overall aim of this initiative is to increase the number of educated cybersecurity professionals in a world of growing threats and an intense global cyber platform. I think this is incredible since in a previous in the news article I wrote, a Pentagon director resigned due to the federal government’s lack in cybersecurity initiatives. Being a new member of this industry, I am encouraged by this opporuntiy presented by the CyberCents facility, and would like to go one day.
https://venturebeat.com/2021/10/27/new-real-world-cybersecurity-training-range-opens-in-south-florida/
Wilmer Monsalve says
With blockchain picking up traction since bitcoin has arise there have been a wide amount of various crypto currencies emerging. While they all might seem the same there are specific uses for these crypto coins. In this article it explains the unique NFT(Non-Fungible token) which to summarize it in general it is practically a digital certification verifying the proper rights and or ownership of anything digital. It can be a drawing, gif, music, etc. and is set to revolutionize the art industry through the means of blockchain technology by creating scarcity in the market. Applicable usage has become very popular with celebrities like Logan Paul, Linkin Park, Wayne Gretzky, Marvel, etc. and I believe this can be a game changer for collectors, buyers, traders, and gamers.
https://www.theverge.com/22310188/nft-explainer-what-is-blockchain-crypto-art-faq