Cyber Watch: Monthly Alerts & Updates in Cybersecurity (February 2021)

As our Cyber Watch post continues to grow and evolve, you will note that over the last few months, we have been working to provide not only updates on what is happening in the industry but also discuss access to tools that are being created to help combat the malicious nature of cybersecurity threats.

In this month's post, we bring to you updates on hacks that trended in 2020, federal task forces being created to combat cybersecurity threats, and updates on various attacks/trends that are occurring (including one related to the increase in the value of Bitcoin). We have chosen these specific articles because they relate to what is happening in the financial landscape and may impact your customer base. Our goal with this post is to provide you access to information that can be used to help your organization plan and combat cyber threats.

In our ransomware section, you will find some interesting updates such as ransomware resources and information from the Cybersecurity and Infrastructure Security Agency (CISA), insight into the tactics behind ransomware gangs, and even an update about how the well-known ransomware, Emotet, is being taken down.

We encourage you to read through these updates and further explore the links to find additional information related to each topic. As always, please feel free to share this information with other colleagues, and we welcome your feedback and comments on this month's Cyber Watch post.

2020 Hacks You Should Read About – 2020 came with a lot of challenges. There was a lot of adaption and innovation that will hopefully forever positively change the industry. This innovation was not limited to only positive changes, though. DarkReading explores some of the coolest hacks of 2020, including the Tesla fail, a failed penetration test, smart bulbs, and more. Click the following link to read more. DARKReading

10,000 American Express Accounts Made Public – Credit card numbers and personally identifiable information (PII) have been posted by a threat actor for approximately 10,000 American Express accounts. American Express is monitoring this situation, and to date, it appears the information is only being used for marketing scams. It is recommended that any Amex cardholder be on alert for any email or text scams.  BleepingComputer

Cyber Unified Coordination Group (UCG) Task Force– "On behalf of President Trump, the National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts." Click the following link to learn more. Cybersecurity & Infrastructure Security Agency

Bureau of Cyberspace Security and Emerging Technologies (CSET) – A new bureau inside of the US Department of State has been created to address cybersecurity-related foreign policy. "The CSET bureau will lead US government diplomatic efforts on a wide range of international cyberspace security and emerging technology policy issues that affect US foreign policy and national security, including securing cyberspace and critical technologies, reducing the likelihood of cyber conflict, and prevailing in strategic cyber competition." Click the following link to read more about the back story of the CSET bureau and the work it will be doing.  ZDNet

DarkMarket Taken Down – "DarkMarket, the world's largest illegal marketplace on the dark web, has been taken offline in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS). Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved." Click the following link to read the full details.  EUROPOL

Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services– "The Cybersecurity and Infrastructure Security Agency (CISA) is aware of several recent successful cyberattacks against various organizations' cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims' cloud services configuration. The information in this report is derived exclusively from several CISA incident response engagements and provides the tactics, techniques, and procedures; indicators of compromise (IOCs) that CISA observed as part of these engagements; and recommended mitigations for an organization to strengthen their cloud environment configuration to protect against, detect, and respond to potential attacks." Click the following link to read the full report. The Cybersecurity and Infrastructure Security Agency (CISA)

Lawsuits Related to Cybersecurity Against Car Manufacturers  – As the complexity of automobiles increases to include advanced computing, internet connections, and AI-backed intelligence, the legal landscape is responding to these changes by creating frameworks of governance. The result is the potential for lawsuits against car manufacturers that fail to properly protect the at-risk technology and data it has access to. Click the following link to read more. The National Law Review

What you Need to Know About Insider Attacks – While external threats are an obvious issue for companies related to data protection, insiders also pose significant risks. "An insider attack, or insider threat, is an instance in which someone with legitimate credentials into your business's networks and assets use their privileged access to cause harm to the company. The Cybersecurity and Infrastructure Security Agency defines insider threats as data breaches that can include sabotage, theft, espionage, fraud, and competitive advantage ... often carried out through abusing access rights, theft of materials, and mishandling physical devices. Under that definition, an insider threat can happen for many reasons through a range of methods." Read on to learn how pawns, goofs, collaborators, and lone wolves contribute to these attacks, the various entry points of attack, and how to safeguard against them. business.com

Microsoft Leaked Credentials Monitor – Microsoft Edge has some interesting new security tools to help users generate strong passwords, save them for future use, and notify you if the credentials have been breached online. Click the following link to learn more. BleepingComputer

DDoS Attacks Rising in Relation to Increase in Bitcoin Prices – As the price of Bitcoin rises, cybercriminals are looking to capitalize on it by using distributed denial of service (DDoS) attacks against companies to get them to payout. Click the following link to read more. ZDNet

Cybersecurity Best Practices and Technology – In the wake of the SolarWinds attack last month, the industry has learned more about how attackers operate and the tools they use. HelpNetSecurity has posted an article in which it explores best practices and technology, setting security priorities, and overall management of ransomware attacks. Click the link to learn more. HELPNETSECURITY

Ransomware Updates

Emotet Malware Disrupted – "Europol, the FBI, the UK's National Crime Agency and others coordinated action which has resulted in investigators taking control of the infrastructure controlling Emotet in one of the most significant disruptions of cyber-criminal operations in recent years." Click the following link to read more about Emotet and how it was taken down. ZDNet

Ransomware Guidance and Resources – Ransomware continues to be a huge threat to all businesses as the complexity in the flavors of ransomware and types of attacks occurring continues to expand. The Cybersecurity & Infrastructure Security Agency (CISA) have created a ransomware guide and resources page to help educate everyone on the risk and provides tools to support combatting them. The page has a ransomware guide, FAQs, training sessions, alerts, and more. Click the following link to explore these resources. We also recommend you bookmark this site for future reference. Cybersecurity & Infrastructure Security Agency (CISA)

Decrypter Tool for Victims of Ransomware – The cybersecurity firm Bitdefender has released a new free tool to help victims of Darkside ransomware attacks. The Darkside group partners with other cybercrime groups to launch attacks against companies. If the companies fail to pay their demands, Darkside operators will leak proprietary documents they have stolen as punishment. Click the following link to read more about the Bitdefender tool and Darkside. ZDNet

Ryuk Gang $150 Million in Ransomware Attacks – Ryuk Ransomware attacks have resulted in a whopping $150 million from Bitcoin transactions. Ryuk is suspected of getting its ill-gotten gains from a "well-known broker" that makes the payments on behalf of Ryuk victims. Want to learn more about Ryuk ransoms? Click the following link to read a full article on the topic. ZDNet

Lakes Region Healthcare Ransomware Attack – "Lake Region Healthcare in Fergus Falls, Minnesota is investigating a ransomware attack that was first detected on December 22, 2020. The attack impacted several of the healthcare provider's systems and caused some disruption to normal operations at its locations in Fergus Falls, Battle Lake, Ashby, and Barnesville. Emergency procedures had been developed before the attack, which was immediately implemented, and care continued to be provided to patients while the attack was investigated and remediated." Click the following link to read on. HIPPA Journal

Ransomware Pretending to be Legitimate Penetration Test – As if ransomware attacks were not scary enough, there have been instances of ransomware gains (such as the recently defunct Maze) pretending to be legitimate information security companies. There have even been reports of these companies publishing attack information, including data links. Click the following link to read more about what is happening with these masquerades. TechTarget