Hackers Steal Crypto Assets by Defeating 2FA with Rogue Browser Extension
- Multiple attacker groups are using a malicious browser extension, called Rilide, that’s aimed at stealing cryptocurrency assets from multiple websites and online wallets. The extension works by injecting rogue code into websites locally in the browser to defeat two-factor authentication and delete automated alerts from mailboxes.
- Once loaded by the browser, the Rilide extension masquerades as an extension for Google Drive. However, in the background it monitors the active tabs for a list of targeted websites which includes several popular cryptocurrency exchanges and email providers such as Gmail and Yahoo. Among other functions, the malware can take screenshots of open tabs as well.
- Although this 2FA hijacking technique is used in this case to support the theft of assets from cryptocurrency exchanges, it can easily be adapted for other malicious activities.
- Link to Trustwave SpiderLabs’ Full Report: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies/
‘BEC 3.0’ Is Here with Tax-Season QuickBooks Cyberattacks
- Cybercriminals continue to target victims with clever phishing attacks, this time from QuickBooks online accounts, aimed at harvesting credentials. The emails use a level of legitimacy and social engineering indicative of a new wave in BEC efforts, dubbed BEC 3.0.
- Threat actors are now signing up for free accounts for legitimate services (such as PayPal and Google) and then targeting victims from within those services, using email addresses from domains that won’t be flagged by typical scanning tools.
- Mitigation tactics discussed in the article include advanced employee education, encouraging employees to look up suspicious contact information, and requiring independent validation from a second employee when suspicious emails are received.
- Link to Check Point – Avanan’s Full Report: https://www.avanan.com/blog/phishing-from-quickbooks
All Dutch Government Networks to use RPKI to Prevent BGP Hijacking
- The Dutch government will upgrade the security of its internet routing by adopting the Resource Public Key Infrastructure (RPKI) standard before the end of 2024.
- Networks that implement RPKI can be confident that internet traffic is routed only through authorized paths, thus eliminating the risks of man-in-the-middle or other similar attacks.
- The adoption of RPKI is high in the Netherlands; however, global adoption continues to lag behind.
Almost Half of Former Employees Say Their Passwords Still Work
- In a March PasswordManager.com survey of 1,000 U.S. workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company, suggesting that employees are not being properly offboarded.
- When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. Though the majority of the respondents, 56%, said they were accessing the accounts for personal use, and a concerning 10% said they were trying to disrupt company activities.
- Security teams should be terminating access to all employee accounts, such as email, cloud applications, and internal tools, and rotating credentials for shared accounts after employees leave.
- Link to PasswordManager’s Full Report: https://www.passwordmanager.com/47-of-workers-admit-to-hacking-accounts-with-former-employers-passwords/
Let’s Pump the Brakes on the Rush to Incorporate AI into Cybersecurity
- Artificial intelligence can enhance the best, and the worst, of human behavior. It can provide us with actionable information or base its findings on inaccurate conclusions based on assumptions it gathers from incorrect conclusions.
- In cybersecurity, it often takes several resources and researchers to come to a conclusion regarding the risk of a security vulnerability. If an AI does not know about the latest threats or vulnerabilities, its contribution to security is flawed and could leave the user exposed.
- The first determination of a security problem may not be the correct one for many technology or security-related decisions.
IT and Security Pros Pressured to Keep Quiet About Data Breaches
- According to Bitdefender, who surveyed 400 IT and security professionals globally, more than 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential.
- Given the prevalence of data breaches and the overwhelming pressure to keep them quiet, IT/security professionals face a grim situation. 55% of respondents agree they are worried about their company facing legal action due to a breach being handled incorrectly.
- Nearly all respondents, globally, stated that using a managed security provider, such as a managed detection and response (MDR) service, is a critical element of their security programs with 99% of respondents stating they are currently using a managed security provider.
- Link to Bitdefender’s Full Report: https://www.bitdefender.com/blog/businessinsights/bitdefender-2023-cybersecurity-assessment/
New Rule Could Impose CMMC-Like Cyber Requirements for Civilian Agency Contractors
- A new Federal Acquisition Regulation (FAR) rule is being developed that would require any federal civilian contractors that handle the government’s sensitive data to meet basic cybersecurity standards much like those that are set to be imposed on defense contractors under the Cybersecurity Maturity Model Certification (CMMC) program.
- According to Stacy Bostjanick, the head of CMMC at the Department of Defense, the DoD are working with the Federal CISO Council to develop a consistent ruleset across the Federal Government.
- Although members of the FAR Council didn’t comment on Bostjanick’s statements, the article references a rule proposed jointly by the DoD, GSA and NASA that would apply the National Archives and Records Administration’s controlled unclassified information (CUI) program requirements.
- The specific language of the proposed rule states that “This rule will apply to the CUI program requirements in Federal contracts in a uniform manner to protect CUI. This rule is one element of a larger strategy to improve the Government’s efforts to identify, deter, protect against, detect and respond to increasing sophisticated threat actions targeting Federal contractors.”
- Link to the proposal from the DoD, GSA, and NASA: https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202210&RIN=9000-AN56
Cyberthreats Take a Toll on IT Teams’ Work on Other Projects
- 93% of organizations find the execution of some essential security operation tasks, such as threat hunting, challenging, according to Sophos who surveyed 3,000 IT and cybersecurity leaders.
- Additionally, 75% of those surveyed stated that they struggle identifying the root cause of incidents and 71% of those surveyed also reported challenges with timely remediation.
- Last, 64% wish the IT team could spend more time on strategic issues and less time on firefighting, and 55% said that the time spent on cyberthreats has impacted the IT team’s work on other projects, suggesting that being reactive to threats limits the ability of teams to address core business priorities.
- Link to Sophos’ Full Report: https://www.sophos.com/en-us/press/press-releases/2023/04/organizations-find-executing-essential-security-operation-tasks-challenging