This week’s Cyber Security Headlines – Week in Review, Mar 21-25, is hosted by Rich Stroffolino with our guest, John Prokap, CISO, Success Academy Charter Schools
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Developer sabotages own npm module prompting open-source supply chain security questions
The developer of a popular JavaScript component hosted on the npm repository decided to protest Russia’s invasion of Ukraine by adding code to their own component that would add or delete files on people’s computers in a way they didn’t expect. The component, called node-ipc, is a dependency for a variety of other projects. Some people have started referring to such acts of self-sabotage by developers as protestware. Experts believe that while developers certainly have the right to modify their own software, such acts risk damaging trust in the open-source ecosystem, which has faced increased supply-chain security challenges in recent years.
Cloud-based email threats surge 50% in 2021
This corresponds with a drop in ransomware and business email compromise (BEC) detections as attacks become more targeted, according to Trend Micro in a recent report. The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed. The report also mentions that misconfigured cloud systems were also a critical risk factor in 2021, with AWS Key Management Service (AWS KMS) and Amazon Elastic Container Service (Amazon ECS) having some of the highest misconfiguration rates
Hubspot hack impacts crypto companies
The marketing and sales platform Hubspot informed clients that a “bad actor” compromised an employee account, leading to a data breach that “focused on customers in the cryptocurrency industry.” Circle, BlockFi, Pantera Capital, and NYDIG were among the crypto firms impacted by the breach. Pantera said that it used Hubspot as a CRM platform, with hackers able to access customer names, phone numbers, and regulatory classifications. It said that internal systems were not impacted and no social security numbers were accessed. Hubspot did not say how much data was stolen, only saying “data was exported from fewer than 30 HubSpot portals.” It’s likely this data will be used in attempted phishing schemes.
(Decrypt)
Ransomware attack on Okta leads to data breach
Lapsus$ group claims to have hacked the network of cloud-based security software provider, Okta. Lapsus$ posted screenshots on Telegram confirming that it successfully stole sensitive data and was able to gain super-user access to Okta’s entire corporate network. The media is speculating that the data breach could have put all of Okta’s roughly 15,000 customers at extreme risk, affecting companies such as Peloton, Cloudflare, Grubhub, T-Mobile, FCC, and Sonos. A spokesperson from Okta noted that, so far, there is no firm evidence to substantiate the media’s speculation.
Thanks to our episode sponsor, Varonis
UK police arrest 7 people in connection with Lapsus$
Ranging in age between 16 and 21, the hackers were arrested and then released by City of London Police, following an investigation which is still ongoing. Bloomberg had reported that a teenager based in Oxford was suspected of being the group’s mastermind. Bloomberg was able to track him down after his personal information was leaked online by rival hackers. According to Brian Krebs, the teenager purchased Doxbin last year, a site where people can share or find personal information on others, before leaking the entire Doxbin data set to Telegram. The Doxbin community retaliated by doxxing him.
Russia laying groundwork for cyberattacks on US infrastructure
On Monday, the White House warned that the latest intelligence indicates that the Russian government is exploring “options for potential cyberattacks” on critical US infrastructure, in retaliation for sanctions resulting from Russia’s invasion of Ukraine. The White House has contacted companies that could be impacted and has also released a fact sheet for organizations to use to harden their cyber-defenses, including employee awareness and education, implementing multi-factor authentication (MFA), staying current with patching, backing up and encrypting data, performing red-team exercises, and updating security tools.
Ain’t no sunshine for Russia’s weather data access
The European Organization for the Exploitation of Meteorological Satellites called a special council of member states this week, and agreed to suspend licenses of Russian users, cutting off access to Western weather data. The council also suspended a bilateral cooperation agreement with Russia’s meteorological agency. The concern here is that this data could be used to coordinate biological or chemical weapons attacks against Ukraine. Upon the invasion of Ukraine in February, Russia was already cut off from data from EU satellites. This action suspends sharing of meteorological observations.
CEA sees future in waferscale quantum computing chips
Paris-based quantum computing startup C12 Quantum Electronics is working on the multi-qubit chips in conjunction with CEA, the government-backed French research institution. Qubits, short for quantum bits, are the fundamental yet extremely delicate building blocks of quantum computers. Not many regular chip companies have even tried to make a wafer-size chip due to the multidimensional complexities involved. C12 said this new work is building from a “breakthrough in manufacturing quantum chips on 200mm silicon wafers.” 200 millimeters equals roughly 7.8 inches in diameter. This breakthrough is being hailed leap forward toward the goal of commercializing quantum computing and manufacturing chips at scale.