Security Weekly News Episode 27 - 2020-04-21
Fullaudio - None
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweeklyLike us on Facebook: https://www.facebook.com/secweekly
Doug White's Content:
Jason Wood's Content:
News - Starbleed, Hacking Dropbox, & FGPA Chip Flaws
Doug White's Content:
- COVID-19 affects web traffic and attack trends.
- Hackers continue to exploit patched Pulse Secure VPN Flaws.
- Starbleed. Flaw in FPGA chips exposes safety-critical devices to attacks.
- Xilinx Design advisory for FPGA chips.
- COVID-19's impact on Tor.
- Stimulus Payments are Popular Leverage for cyberattacks.
- Zoom's security woes were no secret to business partners like Dropbox.
- Hacking Dropbox Live in the heart of Singapore at H1-65.
- Silicon Valley is racing to build the next version of the Internet.
Jason Wood's Content:
Attackers Are Not Letting This Crisis Go To Waste
I suspect most of us have heard some variation of the phrase, “never let a crisis go to waste”. As I looked through the news for something interesting to bring to the podcast, there was story after story about security incidents, active phishing campaigns, and other scams that are currently occurring. In this time of crisis, there are some great stories out there about people watching out for each other and helping people in need. You’d kind of hope that the bad guys would give everyone around the world a small break and slow down a bit. Maybe they’d be stuck in quarantine like the rest of us. As nice of a dream as that is, the reality is quite different. If anything, attackers have stepped up their activity and are targeting any and all points of weakness they can find.
I will admit that some of my perspective is due to my work on CrowdStrike’s OverWatch team. I work with the results of threat hunters looking to find malicious activity and there is a lot of it. So when I read the news and see what is being reported, you get a little frustrated with people and organizations that take advantage of other people’s distress. As Doug has already pointed out, attackers are targeting people’s worries over receiving their stimulus payments from the government and are either deploying malware or just trying to scam people out of the money. Some of the stories I found talked about ransomware attacks that are on going, energy companies being targeted with spyware, and various data breaches.
One of the concerns I have is that more people are working from home, feeling isolated, and frustrated. They may be and most likely are doing their work on systems that aren’t using the same protections they would have while at the office. Organizations are putting systems online without reasonable protections because they want people to be able to reach them. (Read that as no, you shouldn’t put RDP and SMB on the internet. It’s bad.) This then results in increase in successful attacks. So while we are socially and financially vulnerable, the attackers are looking to cash in.
Here are some of the news items that I found from the last few days.
- Hacker leaks 23 million usernames and passwords from Webkinz children's game
- Hackers steal $25 million worth of cryptocurrency from Lendf.me platform
- COVID-19 Phishing Update: Bad Actors Use Stimulus Payment Delays to Capture Banking Credentials
- Maze Ransomware Attack Hits Cognizant
- Oil and Gas Firms Targeted With Agent Tesla Spyware
- Nintendo accounts are getting hacked and used to buy Fortnite currency
- COVID-19 Phishing Lures Explode – Google Blocks 18M in 7 Days
And there are many more. As security professionals, we need to stay on point and be very active in monitoring for suspicious activity. We may get pressure to relax or disable some security controls in favor of ease of access. “After all,” someone might say, “how likely is someone to find our server out of the millions of others on the internet.” The answer is that it is very likely and the attacker will take advantage over it without any remorse over whether it will tank a company.
People are wired to respond to stories. Spend some time looking for news stories that relate to what your organization in some way. Gather them up and include them with status reports on how things are going. I’m not advocating that we scream about the sky falling and that we try to scare the crap out of people. There’s enough of that going on. Instead, phrase it in terms of your awareness of these trends and that you are continuing to monitor for indications of this type of activity. And then make sure you are actually doing that monitoring. You can send out stories about the phishing emails targeting people’s stimulus checks with a brief reminder that employees need to be vigilant. Offer to answer questions. By raising people’s awareness and being a source of assistance, you may find that you are able to help your organization avoid some really bad decisions. And be aware ourselves. The bad guys aren’t about to let us catch a break.