This week’s Cyber Security Headlines – Week in Review, June 14-18, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Peter Liebert
(@LiebertPeter), CISO, Cerner Government Services
Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.
U.S. suffers over 7 ransomware attacks an hour
According to Recorded Future, the US suffered 65,000 ransomware attacks last year, with cybercriminals especially targeting key parts of the country’s infrastructure. Reasons for the increase include companies’ overall neglect of their IT systems, pandemic-related security issues like work from home, the growing popularity and anonymity of cryptocurrencies, and companies’ general willingness to pay out of fear of interruption of their business.
(NPR)
Biden gives Putin a no-hacking list
During a meeting between the two leaders in Geneva, US President Joe Biden said he gave his Russian counterpart a list of 16 critical infrastructure sectors that should not be subject to malicious cyber activity. It’s not clear if these sectors are the same as CISA’s recently published 16 critical infrastructure sectors, which includes communications, dams, energy, emergency services, and financial services. Biden also reiterated that Russia had a responsibility to curb malicious cyber activity in the country. The two also agreed to create a task force of cyber security experts to each “work on specific understandings about what’s off limits.”
RockYou2021 means 8.4 billion passwords leaked online
In what seems to be the largest password collection of all time, a hacker forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords. Threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts. Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.
Chip shortage could lead to counterfeit chip crisis
The ongoing chip shortage is nothing new, impacting everything from consumer electronics to the automotive industry. Now Independent Distributors of Electronics Association founder Steve Calabria warns that spikes in demand and continued slow supply could lead to a surge in counterfeit low quality chips that could impact reliability of equipment for years to come. These could come in the form of knock-off chips, cheaply designed from scratch to use as drop-in replacements, or previously used chips removed from boards and cleaned to look new. Either could potentially pass initial tests in production, only to fail at increased rates under load. Industry experts predict that this rise in counterfeits is likely already happening as OEMs increasingly have difficulty sourcing components.
Thanks to our episode sponsor, Keyavi
Irish bill gives police power to compel passwords
Irish Justice Minister Heather Humphreys published a bill which would give Irish police the power to compel people to provide passwords when executing a search warrant, with fines of up to €30,000 and up to five-years in jail for noncompliance. The bill would also require police to make a written record when doing a stop and search, which will include location, age, gender and ethnicity information to better document trends of who the procedure is being used on. The bill also expands authority to hold people under investigation for multiple offenses up to 48 hours, and is framed as a way to clean up Irish police law to make it clear, transparent and accessible.
(BBC)
“Face of Anonymous” suspect deported from Mexico to face US hacking charges
Media in the San Francisco area are reporting the arrest of Christopher Doyon, 56, who allegedly skipped bail on hacking charges almost a decade ago and was known in the media on TV and through his own book, as the face of the hacking group Anonymous. After living in Toronto for some years, Doyon apparently moved to Mexico. Anonymous is known for high-profile hacks such as the takedown of PayPal in 2010 after it suspended donations to Julian Assange and Wikileaks; government website takedowns during the so-called “Arab Spring” of 2011, and much more.
Windows 11 leaked
Windows 11 ISO image was leaked yesterday on a Chinese-speaking forum and has quickly spread throughout the Internet as users rush to install the new leaked operating system. Links for the Windows 11 ISO are now emerging on various file sharing sites, making it difficult to contain the leak. If the leaked material is legitimate, first reviews mention more rounded corners and a Start menu that hovers in the middle of the desktop. Bleeping Computer points out that the leaked build may have been tampered with to include malicious programs or viruses and that care should be taken to install and play with it on a virtual machine or other secured device.
Researchers reverse engineer deepfakes
AI researchers from Facebook and the Michigan State University created a method to effectively reverse engineer AI-generated imagery, often called deepfakes when applied to existing footage of someone’s face. This can determine the characteristics of the machine learning model that created it. Previous research has been able to identify specific known AI models used to generate images, but this new research can identify characteristics of previously unknown models. Since deepfake software is easily customized, this can potentially help Facebook and other social networks identify AI imagery across networks coming from the same source. The reverse engineering is still in the research phase and not production ready.