Articles

Articles

Published on Wednesday, January 20, 2021

Cyber Watch: Monthly Alerts & Updates in Cybersecurity (January 2021)

A new year and a new start for all. From the lens of cybersecurity, that means new trends to look out for and lessons applied from what was learned in 2020 (especially related to pandemic conditions). As we move into the first month of the new year, there is a lot to reflect on. In this month's edition of our CyberWatch post, we explore what the hacks and breaches of 2020 were, read about threats to intelligence by the Chinese government, attacks and vulnerabilities taking advantage of Microsoft 365, and read about malware and DDoS attacks occurring in the last couple of months of 2020. In our ransomware section, we explore the future of ransomware attacks and dive deeper into Egregor and Ryuk ransomware profiles. As always, we welcome your thoughts on the important topic of cybersecurity and encourage you to share this information with your colleagues. Read on to delve deeper into this month's CyberWatch topics.
 

Phishing Scam Uses "Return to Work" Emails – Fraudsters are using a new sophisticated phishing attack that appears to be a legitimate work email prompting the employee to provide information about returning to work post-COVID. The email contains a link that brings the employee to a landing page that will prompt for approval of a remote work policy, and once clicked, the information that the attacker wants is stolen. To read more about this attack, click on the following link. GovInfoSecurity

2020 Hacks and Breaches – 2020 was a year full of change both good and bad. Unfortunately, in 2020 we saw a lot of cyberattacks and breaches. From the IRS tax refund issues of January, the US Small Business Administration PII data leak of April, the Barnes & Noble data breach in October, and many more, the year certainly emphasized the severity of these attacks and the importance of shoring up defenses. ZDNet has compiled by month the biggest hacks and data breaches of the year. Click the following link to learn more. ZDNet

Advanced Persistent Threat (APT) Attacks on US Think Tanks – "Advanced persistent threat (APT) actors are regularly directing their attacks on such organizations and individuals associated with them who can have an important role in shaping U.S. policy and international affairs, according to the two federal agencies." The goal of these attacks is to gain access to sensitive information. Click the following link to read more about what is happening and the ramifications of think tank attacks. BLEEPING COMPUTER

Automated Penetration Testing – You may be familiar with the term penetration testing. The gist of it being that a test is done (typically in IT) to see if system, network, server, etc. controls can be cracked resulting in a breach. The following article by DARKReading provides a look into automated penetration testing and explores the pros and cons. Click the following link to read more. DARK READING

US Senators Warn Against Increasing Chinese Cyberthreat – Senator Mark Warner and Senator Marco Rubio of the U.S. Senate Intelligence Committee have issued a warning about security threats the Chinese government poses. Examples of hacking that has occurred related to healthcare facilities, intellectual property theft, and four members of China's People's Liberation Army were arrested for their part in the 2017 Equifax data breach. Click the link to read more about actions taken against China and the hacking that has been linked to China. GovInfoSecurity

Spoofed Emails from Microsoft Office 365 – There are approximately 200 million Microsoft Office 365 users worldwide. There is a spear-phishing attack targeting these users and coming from Microsoft.com. The email message coming to these users leveraging scare tactics to get the receiver to click on a malicious link. Click the following link to learn more about this attack and how to safeguard against it. IRONSCALES

The Hidden Costs of Cybercrime - McAfee – "This is our fourth report on the cost of cybercrime. Our reports surveyed publicly available information on national losses, and, in a few cases, we used data from not-for-attribution interviews with cybersecurity officials. Our 2018 report found that cybercrime costs the global economy more than $600 billion. Our new estimate suggests a more than 50% increase in two years." Click the following link to read the full report. McAfee

Attackers Understand Microsoft 365 – Attackers are taking advantage of their understanding of Microsoft 365. Just what are they doing? Attackers are using tactics such as brute force and password stuffing (using many passwords until one works), OAuth consent grants (tricking users into granting malicious access), and eDiscovery (accessing documents across the Microsoft suite). Want to learn more? Click on the following link to access the full article. DARK Reading

Is it Physical Security or Cybersecurity? – The lines between physical security and cybersecurity continue to blur as more physical devices such as cameras, cars, and smart speakers further connect to the internet (i.e., the internet of things, IoT). The importance of understanding the threats of having such devices and balancing out the need for physical and cyber controls has become that much more important. Click the following link to read more. DARK Reading

FBI and CISA Cybersecurity Strategies Best Practices – "A recent joint advisory co-authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) provides valuable advice on how to build and maintain a strong cybersecurity posture in the face of advanced hacker attacks." The document can be accessed here. Click the following link to read more about the best practices. Bitefender

SolarWinds SUPERNOVA Malware Advisory – In December of last year SolarWinds (a software security company) was attacked by the SuperNova malware. SuperNova is placed on a company server and is designed to mimic part of the company's product. Click the following link to read more and learn how SolarWinds is addressing the threat. BLEEPING COMPUTER

Building a Better Cyber Intelligence Team – Given the pervasive and widespread issue of cyber threats, the need to have an effective cyber intelligence team has grown exponentially.  The following article from SecurityWeek explores this topic stating that a common misconception is to have technology and vendors solve this problem for you. It further states that the real need is to build a strong team with extensive knowledge of analytics and tactics, have a fully defined strategy, and business (not just technical knowledge), to effectively combat these cyber threats. Read more about how this can be done by clicking on the following link. SECURITY WEEK

DDoS Attacks Spiked and Were More Complex in 2020 – "The large-scale shift to remote work and the increased reliance on online services as the result of the global pandemic this year gave threat actors new opportunities to use distributed denial-of-service (DDoS) attacks to harass and extort organizations." According to DARKReading, the pandemic resulted in increased attacks, extortion, multi-vector strategies, bigger attacks, and more impacted industries than ever before. Click the following link to read more. DARK READING


Ransomware Updates

IoT Chip Maker Ransomware Attack – Advantech (an industrial automation and industrial IoT chip maker) was attacked by Conti ransomware in November of last year. The attack stole confidential low-value documents. Conti was demanding 750 Bitcoins (roughly 13 million dollars at that time). Conti ransomware has been around since December of 2019. It shares the same code as Ryuk ransomware and spreads throughout networks and systems infecting them until gaining access to domain admin credentials, which is how it steals data. Click the following link to read more about this attack and the Conti ransomware. BLEEPING COMPUTER

Future of Ransomware Attacks – "Data gathered by Intel 471 points to a pattern in numerous ransomware attacks that have occurred in the past 18 months: Criminals in underground forums will advertise access to various breached organizations, and quickly turn to sell access to the highest bidder or strike a deal with a ransomware affiliate to share in any profits pulled from a successful payment. These partnerships have resulted in a flourishing submarket, where access to corporate networks is sold for six-figure sums directly or via a partnership and cut of paid ransoms." Click the following link to read more. INTEL471

K12 Inc. Pays Ryuk Ransomware – The online education company K12 paid out for a Ryuk ransomware attack in November of last year. The attack caused the company to lock down systems to prevent the spread of Ryuk through all its systems. The attack did not end up impacting the company's learning management system (LMS), but the attack did result in other data theft including some student information.  K12 paid the ransom to avoid a data leak. Click the following link to read more. BLEEPING COMPUTER

Staffing Agency Randstad NV Breached by Egregor Ransomware – The Randstad staffing agency had its network breached by the Egregor ransomware in December of last year. "This leaked data is a 32.7MB archive containing 184 files, including accounting spreadsheets, financial reports, legal documents, and other miscellaneous business documents." At the time of the article, Randstad was still investigating the situation to learn more about exactly what data was stolen. Click the link to read more. BLEEPING COMPUTER

Ransomware Cold Calling Ransom Demands – "Some gangs, for example, have reportedly taken to cold-calling victims to inform them that their systems have been hit by ransomware and request a ransom to resolve the situation. Of course, this is just the latest in a long list of shakedown tactics, which includes not just using crypto-locking malware but, lately, also leaking data to increase the psychological pressure on victims to pay." Click the following link to read more. HEALTHCAREINFOSECURITY

Egregor Ransomware Threat Profile – "Egregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now." The tactics that Egregor implores can vary but one key aspect is that Egregor attacks may result in a threat to leak stolen data. Click the following link to read more about Egregor. Malwarebytes LABS

 

.....

AUTHOR: Mark J. Dixon, AAP, APRP, NCP
Director, Payments Innovation

As the Director of Payments Innovation for NEACH, Mark focuses on exploring innovative solutions and technologies that will help position members for success, both now and in the future. Connect with Mark to read more of his blogs, articles, and posts.

 

 

Rate this article:
No rating
Comments (0)Number of views (2739)

Author: Meagan Norlund

Categories: Articles

Tags: CyberWatch

Print

Theme picker