WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Ticketmaster Hacked Competitor to Steal Data and Analytics, Fined Millions

From SecureWorld.  What’s that saying in business? “If you can’t beat ’em… hack ’em.” Newly released court documents show that some executives and employees at Ticketmaster did exactly that. What were they targeting? Access to a competitor’s proprietary data and analytics relating to concert ticket pre-sales. Ticketmaster employees emailed each other about the benefits of these intrusions, saying they could do the following against a ticketing competitor: “choke off CrowdSurge”; “Steal back one of CrowdSurge’s signature clients”; and “cut CrowdSurge off at the knees”. In an effort to defer prosecution against the company and its officers, Ticketmaster admitted to the details of what happened and agreed to pay $10 million in fines and face compliance oversight for three years… Read more

What is the difference between the NICE Framework and DoDD 8140/8570?

From Infosec Institute. For those looking into government work, or for those just plain interested in the different cybersecurity frameworks out there, have probably encountered two framework names almost daily — NICE Framework and DoDD 8140/8570. These frameworks are important, trusted cybersecurity frameworks that touch different parts of government work, but to only know this is barely even the tip of the iceberg.

This article will detail the NICE Framework and DoDD 8140/8570. We will explore what they are, their origins, the intended users or stakeholders and how these two frameworks differ. This article is intended to provide a high-level overview of both frameworks with emphasis on how these cybersecurity frameworks differ.

The NICE Framework and DoDD 8140’s differences are best viewed through the lens of the seven categories of the NICE Framework because of the different intended audiences. Let’s take a look at how these framework’s seven categories differ.

• Analysis: NICE focuses on the acts of cybercriminals and 8140 focuses more on foreign intelligence agencies and foreign actors.
• Collect & Operate: 8140 focuses on counterintelligence and NICE has a counter-criminal focus.
• Investigate: NICE focuses on locking cybercriminals up and 8140 focuses on building developed and detailed target packages for future use.
• Oversee & Govern: 8140 places more emphasis on certification because it is more “baked in” for other federal agencies.
• Securely Provision: The biggest difference here is that 8140 has built out the Secret Internet Protocol Router Network, otherwise known as SIPRNet. While other federal agencies have secure networks, the heightened need for a secure network on the battlefield has given this category more emphasis for DoDD 8140.

Full article…

27 New Cybersecurity Measures in Approved U.S. Defense Bill

From SecureWorld.  Congress recently voted to override President Trump’s veto of the 2021 National Defense Authorization Act. The bill includes dozens of cybersecurity provisions, as well as the restoration of the position of National Cyber Director at the White House. Twenty-seven of the security provisions come directly from Cyberspace Solarium Commission recommendations for improving U.S. cybersecurity posture… Read more

SolarWinds Sued by Investors Following Data Breach

From SecureWorld.  When an organization suffers a data breach, there are almost certainly two things that will follow. The first is incident response to properly manage the situation. And the second is a lawsuit from angered customers or investors who had their information stolen or lost money. This is exactly the kind of situation that is currently playing out with SolarWinds after its supply chain cyberattack and subsequent… Read more

Feds Add Context to SolarWinds Breach

From SecureWorld.  More aftermath updates as a result of the SolarWinds cyberattack. The FBI, CISA, ODNI, and NSA joined together to create a new task force, the Cyber Unified Coordination Group. The UCG formed to coordinate an investigation into the SolarWinds breach, and this week offered new context on the extent of the breach, the nation-state evidence, and a possible motive. The UCG confirms that of the 18,000… Read more

FBI: Stolen Credentials Fueling Swatting Attacks

From SecureWorld.  A swatting attack is essentially a prank call to emergency services for the purpose of drawing a response from law enforcement to a specific location. The FBI is now warning about a new twist and trend in swatting attacks. Perpetrators are increasingly using victims’ smart home devices, such as home video cameras and audio surveillance technology. In order to gain access to these devices, the attackers… Read more

New investment by US Air Force gives lift to autonomous flying cars

From TechRepublic.  Radar company Metawave lands a contract to advance the USAF’s new autonomous electric Vertical Take-Off and Landing aircraft, marking the next step in aerospace innovation.

Top 5 ways to protect MFA codes

From TechRepublic.  Using SMS for multi-factor authentication is helpful, but not always secure or reliable. What if you lose your phone? Tom Merritt lists five additional ways to receive MFA codes, without SMS.

AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

CISA/US-CERT  Original release date: January 8, 2021

Summary

This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. AA20-352A primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products as an initial access vector into networks of U.S. Government agencies, critical infrastructure entities, and private network organizations. As noted in AA20-352A, the Cybersecurity and Infrastructure Security Agency (CISA) has evidence of initial access vectors in addition to the compromised SolarWinds Orion products.