This week’s Cyber Security Headlines – Week in Review, Feb 28-Mar 4, is hosted by Rich Stroffolino with our guest, Ody Lupescu, CISO, Ethos Life
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Ukraine recruits volunteer IT army to hack list of Russian entities
The list is composed of 31 targets including Russian critical infrastructure, government agencies, banks, and hosting providers. Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov called for this action to fight against Russia on the cyber front. A Telegram channel was used to coordinate the efforts and plan the cyber-attacks that will be conducted by the IT Army. It includes a message that reads, “For all IT specialists from other countries, we encourage you to use any vectors of cyber and DDoS attacks on these resources.” The targets include Gazprom, Lukoil, and a number of mineral and industrial domains, as well as branches of the Russian government.
Tech giants continue to unite to take action in response to Russia’s invasion of Ukraine. Apple announced that it is pausing all product sales in Russia, ceasing all exports to the country and limiting its use of Apple Pay and other services. Additionally, predominant Russian media channels, RT News and Sputnik News, are no longer available for download from the App Store outside Russia. Meta, TikTok, and Google’s YouTube have similarly limited access to the Russian media outlets, with Meta confirming Tuesday that it is taking the added step of suppressing the algorothmic spread of Russian state-linked Facebook and Instagram content. Finally, Google announced on Tuesday that it is increasing security measures to help protect Ukrainian civilians and websites, including SOS alerts, automated detection and blocking of suspicious activity, government-backed attack warnings in Gmail, increased authentication challenges, and the expansion of its Advanced Protection and Project Shield programs.
(ZDNet and TechCrunch and POLITICO and The Record)
Microsoft providing threat intelligence to Ukraine
In a blog post, Microsoft President Brad Smith said the company has provided direct “threat intelligence and defensive suggestions” to Ukrainian government agencies. Smith did not attribute attacks to specific actors, saying this action was part of Microsoft’s primary responsibility to “help defend governments and countries from cyberattacks.” As part of this information exchange, Microsoft informed the Ukrainian government of a new malware hitting the country on February 24th, ahead of initial Russia missile strikes. Smith further noted recent cyberattacks against the country are narrowly targeted, in contrast to the broad NotPetya ransomware attack in 2017.
(CNBC)
Chipmaker giant Nvidia hit by ransomware attack – Nvidia hacks back
The impacted some of its systems for ten days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with the incident. The incident also impacted the company’s developer tools and email systems, but business and commercial activities were not affected. Bleeping Computer reported that an insider described the security breach as having “completely compromised them.” The Lapsus$ ransomware gang is claiming responsibility for this attack, the group announced to have stolen one TB of data from Nvidia’s network.
According to a several sources, Nvidia performed a “hack back,” taking over and ransoming the groups machines, at least encrypting their hard drives. The groups claims they were able to generate backups contained the breached Nvidia data. This apparently was possible because the attackers had to enroll in Nvidia’s MDM to access its VPN, providing a connection to let Nvidia access a virtual machine used by LAPSU$.
(Security Affairs and Digital Trends)
Fujitsu confirms end date for mainframe and Unix systems
Fujitsu has confirmed the end of the road for its mainframes and Unix server systems. It will cease to sell both by the end of this decade. Customers are by then expected to have migrated to the cloud. The tech giant’s plans were revealed in a notice posted to the Japanese IT giant’s website on February 14th, but was not widely publicized. Support services for both portfolios will continue for five years afterwards, meaning these will end in 2034 for Unix servers and 2035 for mainframes.
There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week.
False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io.
Half of employees use unauthorized file services at work
KnowBe4 Research has issued a new report entitled “Shadow IT Is Real”, which analyzes results of a global survey which focused on use of unauthorized cloud services and downloading content through unauthorized file sharing networks in the workplace. Alarmingly, the report found that one in two employees use unauthorized file services in order to get their job done. The report also revealed that Asia and Oceania are regions with the highest rates of using unauthorized practices while Africa was found to be the best performing region. Finance and tech sectors fared much better compared to lagging industries which included construction, manufacturing, educational and government-based organizations. Kai Roer, chief research officer, KnowBe4, notes, “To combat shadow IT, organizations should focus on strengthening their security culture and increasing employees’ level of security awareness.”
TeaBot trojan brews up new features
Security researchers at Cleafy note that the Android remote access trojan TeaBot was recently upgraded with new features. As of March 1st, TeaBot can now target over 400 applications, signaling a move to more advanced tactics. TeaBot initially focused on “smishing” attacks, attempting to trick people into clicking on malicious links in SMS messages. Researchers also found that TeaBot managed to infiltrate the Google Play Store through the use of malicious dropper apps. Once installed, TeaBot operates like other banking trojans, using accessibility features to overlay login pages, log passwords, and intercept 2FA codes.
(ZDNet)
Eight-character passwords can be cracked in less than 60 minutes
In a new research paper published yesterday, Hive Systems states that any password with less than seven characters can be brute-forced “instantly.” Its findings show how more accessible and affordable cloud computing services make it simpler to crack passwords than two years ago, when the company showed that a relatively strong eight-character password was crackable in eight hours. They further state that password managers are the best bet for protecting passwords, with a 12-character password created by a password manager could take some 3,000 years to brute-force crack.