This week’s Cyber Security Headlines – Week in Review, April 17-21, is hosted by Rich Stroffolino with our guest, Shawn Bowen, CISO, World Fuel Services
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
3CX supply chain attack was the result of a previous supply chain attack
According to Mandiant in a report released yesterday, this is the first known case of one supply chain attack leading to a second supply chain attack. The attack in question targeted the video conferencing and online communications platform 3CX and occurred when an employee downloaded a compromised version of the financial trading software X_Trader. The attackers then used access granted by the malicious X_Trader software to lace 3CX’s desktop application with malware. Researchers fear that it might amount to the next SolarWinds-style supply chain attack, with untold numbers of downstream customers at risk of compromise.
Microsoft warns of Remcos RAT campaign targeting tax accountants
Just ahead of U.S. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February and aim at tax preparation organizations, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax. Crooks use lures masquerading as tax documentation sent by a client. The message contains a link that points to a legitimate file hosting site where the cybercriminals have uploaded Windows shortcut (.LNK) files.
Southwest’s operations resume after a ‘technical issue’
The Federal Aviation Administration (FAA) was asked by Southwest Airlines to pause its operations, including flight departures, due to a “technical issue” early Tuesday morning. The airline says the data connection issues were caused by a vendor-supplied firewall failure. Support staff quickly resolved the issue and operations were restored within about 40 minutes. FlightAware indicates that nearly 2,500 Southwest flights were delayed.
(TechCrunch and The Verge)
Surveillance on the rise, morale on the decline for IT workers
A new study released by 1E found that most companies expect to use some sort of employee productivity surveillance in the near future. 79% of respondents that hadn’t implemented such a system said they expected to use one within the next three years. This comes as 73% of IT managers report not being comfortable instructing staff to use those systems, with over a quarter saying these tools increased turnover and made hiring harder. Most IT works, 72% say they would help coworkers find workarounds to these tools. The report found that when organizations deploy workplace surveillance, 26% of IT workers report a decrease in morale, with 30% seeing an increase in employee anxiety.
Chinese threat actors use red team tool in attack
The Google Threat Analysis Group reports the China-affiliated threat group used its Google Command and Control red teaming tool in an attack on a Taiwanese media organization. APT41 orchestrated the attacks, sending phishing emails with links to password-protected Google Drive files. The group used the tool to send commands from Google Sheets that exfiltrates data to Drive. The group previously used the tool in a July 2022 attack against an Italian organization. Google said it increasingly sees China-based attackers using open source red team tools, like Cobalt Strike, in attacks. It also found malicious actors increasingly using tool written in Go due to its cross-platform compatibility.
Thanks to our episode sponsor, Pentera
Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness.
To learn more, visit Pentera.io
Microsoft warns of Remcos RAT campaign targeting tax accountants
Just ahead of U.S. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February and aim at tax preparation organizations, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax. Crooks use lures masquerading as tax documentation sent by a client. The message contains a link that points to a legitimate file hosting site where the cybercriminals have uploaded Windows shortcut (.LNK) files.
The security considerations of low code
Security Week’s Kevin Townsend looked at why understanding the security considerations of low code and no-code solutions remains critical. Often security analysts don’t have coding skills, but would benefit from automating time-consuming workflows. These automation solutions can help quickly deploy security workflows, potentially avoiding months of development. The can help replace paper forms with apps, or automatically remediate simple alerts. The downside is that these tools require a lot of access to an organization, leading to a huge attack surface if they are compromised. If these automation solutions are used by one-person IT shops, they might not be prepared for the risk. In larger shops, these tools easily create sprawling shadow IT that can be hard to centralize.
NCSC warns of “new class” of Russian adversaries
This warning from the UK’s National Cyber Security Centre highlights new risks seen over the last 18 months from Russian state-aligned actors, operating as hacktivists. These groups run ideologically motivated attacks, rather than ones focused on financial gain. These groups generally run DDoS attacks aiming to cause service disruptions, seen targeting things like airports and government-run websites. Given the ideological bent of the attackers, the NCSC warns they could escalate tactics to cause more damage.