This week’s Cyber Security Headlines – Week in Review, Feb 7-11, is hosted by Rich Stroffolino with our guest, Dave Stirling, CISO, Zions Bancorporation
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com.
US House passes bill to boost chip manufacturing and R&D
On Friday the US House of Representatives passed a bill that will to equip America to boost semiconductor production and lift its economy to better compete with China. The law bill, called America Competes Act of 2022, includes $52bn in funding to help semiconductor companies build new factories, and to fund research and development. The draft legislation also earmarks $45bn in funding to boost the supply chain and alleviate problems related to chip shortages, which have hit key sectors, such as consumer electronics and automotive. The next step is reconciliation with the US Senate’s version of the bill, the US Innovation and Competition Act, which passed in last June.
One in seven ransomware extortion attempts leak key operational tech records
Once, ransomware was used en masse to infect systems and extort blackmail payments from the general public, normally in cryptocurrency such as Bitcoin (BTC), but now, operators are targeting high-value targets for larger payoffs. In what some cybersecurity experts call “big game hunting,” ransomware groups go for large enterprise firms, utilities, hospitals, and key supply chain players. Research performed independently by Mandiant and Cisco Secure show how thieves will patiently penetrate networks in order to steal employee credentials, asset tags, third-party vendor agreements and legal documents, project files, product diagrams, process documents, spreadsheets, visualizations, and in one case, the proprietary source code of a satellite vehicle tracker’s GPS platform. Access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber-physical attacks.
(ZDNet)
Stolen crypto used to fund North Korean missile program
A UN report found that North Korean cyberattacks stole over $50 million worth of digital assets between 2020 and mid-2021, providing an important revenue source for the regime’s nuclear and ballistic missile program. These attacks targeted three crypto exchanges across North America, Asia, and Europe. This actually dwarfs a figure published by the security company Chainalysis in January, which estimated that North Korea netted as much as $400 million in digital assets in 2021. This isn’t a new strategy for North Korea either, with a 2019 UN report finding the state had amassed at least $2 billion for its weapons’ programs using cyberattacks over the years.
(BBC)
Microsoft disables protocol used by malware
The Redmond company announced it temporarily disabled the ms-appinstaller protocol for the MSIX packaging format, saying it was being abused by Emotet and other malware. Microsoft patched. The ms-appinstaller protocol allows for installing apps by clicking on a link without downloading a full package. Threat actors have been actively exploiting a glass in the AppX installer to send malicious links in phishing messages. Disabling the protocol means apps cannot be directly installed from a web server. Microsoft plans to reintrocuce the protocol as a Group Policy that IT admins could opt into in order to control its usage within organizations.
Thanks to our episode sponsor, Datadog
In this Datadog Security Monitoring product brief, you’ll learn how to:
Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/
DOJ arrests New York couple, seizing $3.6 billion in bitcoin
The Justice Department has seized a record total $3.6 billion in cryptocurrency tied to the 2016 hack of Bitfinex virtual currency exchange, which resulted in the transfer of 120,000 bitcoin to the attackers digital wallet. Federal agents arrested Ilya “Dutch” Lichtenstein and his wife, Heather Morgan, in Manhattan in connection with the crime. Investigators were able to trace the stolen funds through thousands of transactions to over a dozen accounts linked to Lichtenstein, Morgan or their businesses. From there, the couple converted the bitcoin to cash using bitcoin ATMs and by purchasing gold, NFTs, and Walmart gift cards.
(NPR)
Google sees 50% drop in compromises after 2SV enrollment
Back in May 2021, Google announced plans to auto-enroll users into two-step verification (2SV) in order to secure accounts from compromised credential attacks. On Tuesday, Guemmy Kim, Google’s Director for Account Security and Safety, indicated that Google has successfully auto-enabled 2SV for over 150 million people, and have required another 2 million YouTube creators to enable it. Kim noted that they have seen a 50% decrease in account compromise for 2SV enrollees compared with those who have yet to enroll.
Puma employee data stolen as a result of Kronos attack
December’s ransomware attack against Kronos systems has affected employees at Puma, one of the largest sportswear brands, and one of Kronos’ biggest clients. Hackers broke into Kronos Private Cloud and stole the data before encrypting it despite it being secured through firewalls, multi-factor authentication, and encrypted data transmissions. In a filing with the Maine Attorney General, Kronos said personal data of 6,632 individuals, including affected Puma employees, was stolen during the attack. Kronos is offering free credit monitoring and identity insurance services to victims of the breach.
Federal use of cell siphoning tech on the rise
According to documents seen by The Intercept, fourteen of the fifteen US Cabinet departments acquired products from the Israeli surveillance company Cellebrite in recent years, as well as several other federal agencies. This includes the Departments of Agriculture and Education, HUD, and the CDC. In SEC filings, Cellebrite claims to have over 2,800 government customers in North America. The company’s flagship product is the Universal Forensic Extraction Device, a phone, desktop, and cloud hacking kit. Most federal agencies did not comment on how they use Cellebrite’s products, with the Department of Education and Department of Energy saying it was used to determine if a government-issued device were compromised.
Donation site for Ottawa truckers’ “Freedom Convoy” protest exposed donors’ data
The donation site used by truckers in Ottawa who are currently protesting against national vaccine mandates has fixed a security lapse that exposed passports and driver licenses of donors. The Boston, Massachusetts-based donation service GiveSendGo became the primary donation service for the so-called “Freedom Convoy” last week after GoFundMe froze millions of dollars in donations, citing police reports of violence and harassment in the city that violated its terms of use. TechCrunch was tipped off to the data lapse after a person working in the security space found an exposed Amazon-hosted S3 bucket containing over 50 gigabytes of files, including passports and driver licenses that were collected during the donation process.