This week’s Cyber Security Headlines – Week in Review, Feb 14-18, is hosted by Rich Stroffolino with our guest, Mike Hanley, CSO, GitHub
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Linux malware attacks are on the rise, and businesses aren’t ready for it
Following up on a strategy we brought you mid-January, Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity – and many organizations are leaving themselves open to attacks. Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there’s also a lack of focus on managing and detecting threats against them. This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments.
(ZDNet)
FTC warns VoIP providers about robocalls
The US Federal Trade Commission warned VoIP providers that it will take legal action against them if they do not hand over information related to its investigation on robocalls. The agency issued FTC Civil Investigative Demands to many VoIP operators, which require a response in full. The FTC recently issued these demands to VoIP providers XCast Labs and Deltracon Inc as part of an investigation into robocalls to numbers on the DNC registry. FTC data shows that between January and September 2021, it received 3,395,386 complaints about robocalls. The FTC has stepped up action on robocalls in recent years, eliminating the need to issue warnings to robocallers before issuing fines, and increasing the maximum fines for intentionally unlawful calls to $10,000.
SEC outlines new cybersecurity rules for investment firms
A new proposal released by the U.S. Securities and Exchange Commission sets out cybersecurity rules for investment funds. Under the proposal, funds and registered investment advisors would have to create written policies for handling cybersecurity incidents, as well as be required to report significant incidents to investors and regulators within 48 hours. Data breaches would qualify as a significant incident under the SEC proposal. These incidents would also have to be listed on investor materials for two years.
(WSJ)
Super Bowl ad shines a light on QR code risks
This year’s Super Bowl commercial blitz included an ad from Coinbase which featured a colorful QR code ricocheting against the sides of the frame. Those who scanned it were redirected to a promotional website offering $15 worth of free Bitcoin (if they were a new customer) and a chance to enter a three million dollar giveaway. The ad was so popular that Coinbase’s website crashed as a result of incurring more than 20 million hits over the course of one minute. Coinbase’s app also rocketed from 186th to the second most downloaded app in the App Store. While deemed a success by Coinbase, security experts are warning the public to be on the lookout for threat actors who may repost the popular commercial on social media with an updated and malicious version of the QR code.
Thanks to our episode sponsor, PlexTrac
Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
Three-fifths of cyber-attacks in 2021 were malware-free
According to CrowdStrike’s 2022 Global Threat Report, ransomware-related data leaks surged by 82% in 2021, but 62% of these attacks involved no malware at all. Instead, threat actors used legitimate credentials to access networks and then “living off the land” techniques to achieve lateral movement once inside. Such tactics help them bypass detection by legacy tools, but not current network monitoring and other behavior-based security. The report also noted that industrial, engineering, and manufacturing sectors were most frequently hit and that ransomware-related demands increased to an average of $6.1m per incident, up 36% from 2020.
Unskilled hacker targeted aviation industry for years
According to a new report by Proofpoint, a threat actor dubbed TA2541 has been active since 2017, believed to be operating out of Nigeria and targeting aviation, aerospace, transportation, manufacturing, and defense industries. For most of this time, the threat actor’s tactics involve sending malicious Microsoft Word documents to deliver off-the-shelf remote access trojans, with campaigns sending out hundreds of thousands of emails, mainly in English. Recently it transitioned to using cloud hosted payloads in emails. The threat actor seems focused on collecting information, although its unclear what is its ultimate goal. TA2541 doesn’t customize emails for different organizations and roles, and isn’t particularly stealthy, yet still has been operating for over five years.
FBI sees increase in use of virtual meeting platforms for BEC scams
No longer restricted to email, the FBI has stated, in a security alert published yesterday, that the recent shift to online working caused by the ongoing COVID-19 pandemic has also had an impact on how some recent BEC attacks are also taking place. Three scenarios they identify are: 1.) compromising the email of a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or “deep fake” audio, and then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.2.) Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business’s day-to-day operations; And 3.) Compromising the email of a CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer