Volume of attacks on IoT/OT devices increasing
A new study commissioned by Microsoft shows that 44 percent of more than 600 respondents interviewed said their organization experienced a cyber incident that involved an IoT or OT device in the past two years. Thirty-nine percent said such a device was the target of the attack and 35% said the device was leveraged to conduct a broader attack — this includes lateral movement, detection evasion and persistence. Less than one-third said their organization has a complete inventory of devices, and 42% don’t have the ability to detect vulnerabilities affecting IoT and OT devices. 61% have low or average confidence when it comes to identifying compromised systems, and nearly half still mainly rely on manual processes to identify and correlate impacted devices. Roughly half of respondents said their OT network is connected to the corporate IT network, and 56% admitted that their OT network is directly connected to the internet.
Cloudflare and others form incident response cyber insurance
Cloudflare, Mandiant, Secureworks, and Crowdstrike are creating a “rapid referral” partnership for under-attack companies in response to insurance premiums that have increased upwards of 50 per cent. Disguised as a “cyber risk partnership program,” the service combines incident response, insurance and mitigation. The partnership includes three US-based insurance brokers, and seems to be aimed at organizations that see security attack insurance as an expensive luxury.
IT execs half as likely to face the axe after breaches, shortages to blame?
Senior IT and cybersecurity professionals are nearly half as likely to be fired following a data breach today versus three years ago, according to new data from Kaspersky. Its newly published report, IT Security Economics 2021 revealed that just 7% of organizations laid off senior IT staff following a security breach in 2021 versus 12% in 2018. The figure for senior security staff was 8% this year versus 14% three years ago. The findings may indicate that skills shortages are biting across the globe, a concept supported by a study from ISC2 that revealed 2.7 million security professionals are still needed worldwide, meaning the workforce is still 65% below what it needs to be.
Cox discloses data breach after hacker impersonates support agent
Telecommunication company Cox Communications has disclosed a data breach after a hacker allegedly used social engineering to be able to impersonate a support agent and gain access to customers’ personal information. While Cox does not state that financial information or passwords were accessed, they are advising affected customers to monitor their financial accounts and to change passwords on other accounts using the same one as the Cox customer account.
Thanks to our episode sponsor, Tines
Over a dozen malicious NPM packages caught hijacking Discord servers
At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens and environment variables from users’ computers as well as gain full control over a victim’s system. As prior research has established, collaboration and communication tools like Discord and Slack have become handy mechanisms for cybercriminals, with Discord servers integrated into the attack chains for remotely controlling the infected machines and even to exfiltrate data from the victims.
Microsoft, Google OAuth flaws can be abused in phishing attacks
Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false image of legitimacy to victims. The relevant campaigns were detected by Proofpoint, and target Outlook Web Access, PayPal, Microsoft 365, and Google Workspace. OAuth 2.0 is a widely adopted authorization protocol that allows a web or desktop application access to resources controlled by the end-user, such as their email, contacts, profile information, or social accounts.
Another story of death by hospital ransomware
Prosecutors in Cologne were gearing up to pursue as yet unidentified hackers, whose ransomware attack on a hospital in Düsseldorf forced the redirection of a patient arriving by ambulance suffering from an aortic aneurysm. The redirection delayed the patient’s treatment by an hour, leading to her death. The case was to tried on the grounds of negligent homicide, meaning the killing of another person through negligence or without malice, but after a two month investigation it was determined that there were insufficient grounds to pursue the matter any further. This case is similar to one we reported on Cyber Security Headlines back in October, in which an infant in Atlanta died due to complications seemingly directly related to hospital ransomware.
(Wired)
AWS as the internet’s biggest single point of failure
An opinion piece in Vice describes how this week’s AWS outage has shown the world just how much the internet relies on it, and why that’s a bad thing. Written by Motherboard senior staff writer Lorenzo Franceschi-Bicchierai, the article points out that even though lasting just a few hours the world has seen just how much it now depends on Amazon’s infrastructure. Quoting Steven Bellovin, a computer science professor at Columbia University, “If an attacker could gain control of AWS infrastructure, they could do very great damage.” They highlight that access isn’t the only concern, but the way in which AWS manages security for its customers sites means that features such as MFA and SMS verification systems to disappear, as happened recently at Parler. The full editorial is available at vice.com.
(Vice)