Project Hyphae

Information Security News 10-31-2022

Share This Post

Phishing Attacks Increase by Over 31% in Third Quarter

Article Link:

  • Security company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million emails. Many of these emails pose as well-known brands.
  • As attacks become more sophisticated, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.
  • The article highlights that holistic and multi-layered training helps to limit the efficacy of phishing attempts. Building a cyber-conscious culture is considered the most effective in addressing the dynamic nature of phishing threats.
  • Vade’s Full Report:

How the “pizza123” Password Could Take Down an Organization

Article Link:

  • Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, “pizza123.” The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers.
  • After decades of investment in sculpting the organization’s brand image, a business can watch its reputation flounder in the face of an obscene push notification, like what occurred for FastCompany.
  • People often build passwords using the first word that comes to mind and a brief series of numbers, like pizza123. Passphrases, typically strings of words totaling 20 characters or more, make very high bit-strength passwords that are very easy for users to remember while limiting the chance of being brute-forced or guessed by malicious actors.

New Open-Source Tool Scans Public AWS S3 Buckets for Secrets

Article Link:

  • A new open-source “S3crets Scanner” tool allows researchers and red-teamers to search for “secrets” mistakenly stored in publicly exposed or company’s Amazon AWS S3 storage buckets, cloud storage containers commonly used by companies to store software, services, and data.
  • If these secrets are improperly exposed and accessed by threat actors, they could allow them far greater access to other services or even the company’s corporate network.
  • The scanner looks for S3 buckets with several settings that are configured as “False.” The scanner also has a tool that looks for personally identifiable information (PII) and other potentially sensitive data.
  • When used periodically to scan an organization’s assets, the scanner can help firms minimize the chances of data leaks or network breaches resulting from the exposure of secrets.

FBI Warning: This Ransomware Group is Targeting Poorly Protected VPN Servers

Article Link:

  • The FBI, CISA, and Department of Health and Human Services have issued a joint warning about Daixin Team—a ransomware group targeting the healthcare and public health sector since June 2022.
  • Recently, Daixin has been targeting unsecure VPNs to gain initial access to victim networks. From there, the attackers move laterally via RDP and SSH and exploit vulnerabilities in VMWare vCenter.
  • The advisory recommends that organizations prioritize patching VPN servers, remote-access software, virtual-machine software, and CISA’s known-exploited vulnerabilities. It also recommends locking down RDP and turning off SSH, Telnet, Winbox, and HTTP for wide-area networks, and securing them with strong passwords, MFA, and encryption when possible.

Chrome Extensions With 1 Million Installs Hijack Targets’ Browsers

Article Link:

  • Researchers at Guardio Labs have discovered a new malvertizing campaign pushing at least 30 variants of Google Chrome and Microsoft Edge extensions with 1 million installs that hijack searches and insert affiliate links into webpages.
  • Because all these extensions offer color customization options and arrive on the victim’s machine with no malicious code to evade detection, the analysts named the campaign “Dormant Colors.” The extensions will redirect search queries to return results from sites affiliated with the extension’s developer, thus generating income from ad impressions and the sale of search data.
  • Researchers warn that using the same stealthy malicious code side-loading technique, the operators of Dormant Colors could achieve potentially nastier things than hijacking affiliations, such as credential theft. At this time, this escalation has not been identified as occurring.

Services You Should Expect From Your Cyber Insurance Provider

Article Link:

  • The cyber insurance market is still trying to work out what it is actually offering. Denials are common, litigation is increasing, and clients are taking a good look at their budgets and wondering if cyber insurance actually even worth it.
  • To make that determination, it’s a good idea to take a look at what exactly your insurer is offering, aside from limited coverage in the event of an attack. For example, are they providing expert advice, penetration testing, or tabletop exercises that expose your vulnerabilities? If they aren’t, what should you do about it? How can you take advantage of all of these benefits?
  • In both human partnerships and cyber insurance, there is a fine line between being possessive and being attentive. Some insurers do the bare minimum when a crisis arises while others are more demanding, requiring extensive audits before providing coverage.
  • Insurance policyholders should conduct due diligence and validate that the insurer’s resources are good and beneficial, and then consider taking advantage of resources that insurers may provide.

Ransomware Remains a Top Cyber Risk for Businesses, but New Threats Emerging

Article Link:

  • Ransomware remains a top cyber risk for organizations globally while business email compromise incidents are on the rise. At the same time, the war in Ukraine and wider geopolitical tensions are a major concern as hostilities could spill over into cyberspace, causing targeted attacks against companies, infrastructure, or supply chains, according to a new report from Allianz.
  • Around the world, the frequency of ransomware attacks remains high, as do related claims costs. Although frequency reduced by 23% globally during the first half of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018, and 2019. Likewise, ransomware is forecasted to cause $30B in damages to organizations globally by 2023.
  • The report notes several key trends. These include double and triple ransomware extortion becoming the norm, scams becoming more sophisticated, a heightened threat of blatant cyber war, malicious actors zeroing in on supply chains, and third-party liability.
  • Allianz Full Report:

8 Hallmarks of a Proactive Security Strategy

Article Link:

  • CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs are seeking to take more proactive steps to balance out reactive ones.
  • According to a variety of industry experts, a proactive strategy can do much more to ensure organizational resiliency than having only or mostly the ability to rapidly respond once an attack or breach has been detected.
  • Among the eight hallmarks noted in the article, several of the most vital include CISOs understanding what they have and what they’re protecting, hunting threats (including impersonators and vulnerabilities), planning for the future (such as responses to cutting-edge technology or brand-new compliance requirements), and practicing their response to potential incidents.

Reach out to our incident response team for help

More To Explore

Information Security News 2-26-2024

United Health Confirms Optum Hack Behind US Healthcare Billing Outage Article Link: Privacy Beats Ransomware as Top Insurance Concern for Some Article Link:

Information Security News 2-19-2024

U.S. Internet Leaked Years of Internal, Customer Emails Article Link: Prudential Files Voluntary Breach Notice With SEC Article Link: U.S. State Government Network

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.