A quick Saturday digest of cybersecurity news articles from other sources.
Microsoft: SolarWinds Attack Took More Than 1,000 Engineers to Create
You may have missed this extremely interesting bit of data that ZDNet just published. “Microsoft reckons that the huge attack on security vendors and more took the combined power of at least 1,000 engineers to create.
“The months-long hacking campaign that affected US government agencies and cybersecurity vendors was “the largest and most sophisticated attack the world has ever seen,” Microsoft president Brad Smith has said, and involved a vast number of developers.
“The attack, disclosed by security firm FireEye and Microsoft in December, may have impacted as many as 18,000 organizations as a result of the Sunburst (or Solorigate) malware planted inside SolarWinds’s Orion network management software.
“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Smith told CBSNews’ 60 Minutes
“Kevin Mandia, CEO of FireEye, also discussed how the attackers set off an alarm but only after the attackers had successfully enrolled a second smartphone connected to a FireEye employee’s account for its two-factor authentication system. Employees need that two-factor code to remotely sign into the company’s VPN. “Just like everybody working from home, we have two-factor authentication,” said Mandia.
“A code pops up on our phone. We have to type in that code. And then we can log in. A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name. So our security employee called that person up and we asked, “Hey, did you actually register a second device on our network?” And our employee said, “No. It wasn’t, it wasn’t me.”
Here is the link to the full ZDNet article:
Cybersecurity researcher Alex Birsan, and his paper Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies, which came out last week, will tell you how his “attack” worked. Loosely speaking, the corporate vulnerabilities that Birsan uncovered have the same cause as many malware-by-software-update stories we’ve written about before – a problem perhaps best described as a dependency disaster situation, although Birsan more graciously refers to it as dependency confusion.
Top 9 cybercrime tactics, techniques and trends in 2020: A recap
What were the top cybercrime techniques and trends of 2020? As per the seventh annual Internet Organized Cyber Threat Assessment (IOCTA) report from Europol’s European Cybercrime Center, ransomware attacks were the top cyber threat for law enforcement agencies. Additionally, adversaries used techniques like business email compromise and cryptocurrency abuse to exploit their targets.
Here’s a recap of the top cybercrime techniques and trends that surfaced last year. More…
Hermit Kingdom Strikes: Vast Hacking Operations Revealed in DOJ Charges
It may be the most complete picture we’ve ever had of North Korean hacking campaigns. It shows the nation-state’s sweeping efforts to steal $1.3 billion from the world—and to avenge its name after any perceived slight. And the targets in this case are widespread: banks, ATMs, cryptocurrency exchanges, online casinos, movie studios such as Sony Pictures, and theater chains such as AMC. The list goes on. In court documents unsealed this week, the United States Department of Justice revealed its hand to show new evidence. This included wanted posters of suspects, explained attack vectors of North Korea backed hackers, and tied the efforts to some recognizable threat actor names: Lazarus Group and APT38. A number of attack targets and motives are… Read more
Companies want regulations on facial recognition software
Microsoft and Amazon have banned sales of their facial recognition software to police until Congress passes guidelines for its use, and IBM discontinued its program completely. Civil rights groups say the algorithms reinforce bias based on gender and race.
Kaspersky: Goofing off a little at work may help security teams stay focused
The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours.
Egregor ransomware criminals allegedly busted in Ukraine
More good news in the cybercrime law-and-order world, this time a bust of ransomware crooks.
AA21-055A: Exploitation of Accellion File Transfer Appliance
Original release date: February 24, 2021
This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States. These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA). This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States.
Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers. In one incident, an attack on an SLTT organization potentially included the breach of confidential organizational data. In some instances observed, the attacker has subsequently extorted money from victim organizations to prevent public release of information exfiltrated from the Accellion appliance.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com