This week’s Cyber Security Headlines – Week in Review, May 9-13, is hosted by Rich Stroffolino with our guest, Rich Lindberg, CISO, JAMS
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
NIST releases updated guidance for defending against supply-chain attacks
Titled the “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” the guidance from the National Institute of Standards and Technology details the risks at all levels of the organizations, it provides information about major security controls and practices that organizations should adopt to identify, assess, and respond to these threats. The document includes warnings such as the need for diligence towards devices that may have been designed in one country with its components manufactured across multiple countries worldwide, resulting in a dramatic enlargement of the surface of attacks for organizations.
US State Department offering $10 million reward for information about Conti members
In addition to this reward which is for any information that leads to the identification or location of people connected to the notorious Conti ransomware gang, an additional $5 million reward is also being offered for any information that leads to the arrest or conviction of a Conti member. In a statement on Friday, State Department spokesman Ned Price said the group has been behind hundreds of ransomware attacks over the last two years. Specifically, as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” Price said.
College closes permanently due to ransomware
Lincoln College informed the Illinois Department of Higher Education and Higher Learning Commission that it will close its doors as of May 13th. This is believed to be the first US college to shutter operations as a result of a ransomware attack. In December, the college was hit by a ransomware attack, “hindered access to all institutional data” and took down all systems around recruitment, retention, and fundraising. Lincoln College restored access in March 2022, but combined with falling enrollment due to the COVID-19 pandemic, could not find a viable way forward with operations.
(Engadget)
Microsoft launches service to fill the cyber skills gap
Microsoft announced three new managed security services under its new Microsoft Security Experts suite. The company says these are designed for organizations of any size impacted by the ongoing cybersecurity skills shortage. Microsoft Defender Experts for XDR will enter into preview this fall, effectively offering a managed version of Microsoft 365 Defender. Security Services for Enterprise officially launched in full, offering security consulting services from the company. And a preview of Microsoft Defender Experts for Hunting launched, which looks for threats across a customer’s endpoints and cloud applications.
(Protocol)
Thanks to our episode sponsor, Datadog
Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
Security assessments significantly impacting vendors
A new study by Whistic highlights the business impacts of performing vendor security assessments. The report found that, with the rise in data breaches caused by third-party vendor vulnerabilities, the number of vendors assessed annually increased by 20% from the prior year. And while vendors invest significant time and resources into undergoing SOC2 and ISO27001 assessments, 77% of companies indicate it is Very Likely or Likely that they will still ask for additional security documentation. Unfortunately, these assessments are not standardized with 82% of companies using fully or partially customized security questionnaires to evaluate their vendors. On average vendors are spending over 80 hours per month responding to security assessments with 79% percent of them saying these assessments add a week to the sales cycle, or more if their customers need clarification on any of their responses.
(Whistic)
Malware goes regional as attackers change tactics
The new Cloud and Threat Report from Netskope reveals that most malware attacks now originate from the same region as the victim, representing a marked tactical shift by threat actors. Netskope attributes this to attackers attempting to avoid geofencing filters and other prevention measures. Additional report findings saw Trojans accounting for 77 percent of all malware downloads, with attackers using social-engineering techniques to get malicious payloads past their victims. Nearly half (47%) of malware downloads originate from cloud apps. On a positive note, attacks involving malicious Microsoft Office documents are on the decline.
A look at ransomware trends of 2022
SecureList put out a list of ransomware trends to be on the lookout for in the rest of the year. One that we’ve seen on this show before is threat actors trying to develop cross-platform ransomware to be as adaptive as possible. We’ve seen this with ransomware being written in Rust and Golang to make it easier to port to other platforms, as well as harder to analyze. Another trend is the industrialization of ransomware, with affiliate models for ransomware increasingly the norm. As we’ve seen in the Conti leaks, in many ways, these ransomware operations run on typical software development practices. The Conti leaks are also illustrative of the third trend, ransomware gangs taking sides in geopolitical conflicts. We saw the pro-Russian stance of Conti leading directly to leaked data by pro-Ukranian members.
Google will use mobile devices to thwart phishing attacks
Google this week announced anti-phishing efforts that will make it possible to use Android and iOS devices in the same way as physical security keys such as Google’s Titan Security Key. Google is bundling the Titan capability into mobile devices, where Android and iOS devices use Bluetooth to verify they are in physical proximity to the device the user is trying to log into. Google is also expanding the types of Google Prompt challenges that users may experience if their login attempts look potentially fraudulent, including challenging users to connect their mobile devices to the same Wi-Fi network as the device they are attempting to log into.
Texas man gets 5 years for stealing 38,000 PayPal account credentials
Marcos Ponce, 37, of Austin, also was ordered to pay $1.4 million in restitution, according to a Justice Department press release. Court documents in the case show that from at least November 2015 until November 2018, Ponce and his co-conspirators established buyer accounts on an illegal online marketplace which sold stolen payment account credentials along with complementary personal identification information. Prosecutors contend that Ponce and his co-conspirators developed social engineering techniques so they could dupe third parties into accepting money transfers from the compromised PayPal accounts before transferring the money into accounts they controlled.