Interested in learning more about cybersecurity and the cloud? I got you covered every week on the Security in Color podcast. Click here to listen to this episode or read the transcript below! Now available on all podcast platforms: Apple Podcasts, Spotify, Google Podcasts, Breaker, and many more.
The short version
This week on Security in Color I discuss:
- US imposed sanctions on firms who negotiate ransomware
- Voter Election Application Phishing Scams
- US Schools new target of cyber attacks
- IoS 14 Conspiracy theories
Hey Hey Happy Tuesday!
Welcome back to another week of cybersecurity news. If you are new here welcome to the tribe, if you are a returning supporter, what's good! Last Thursday was not only the beginning of October but also the beginning of National Cybersecurity Awareness Month. If you have no clue what I am talking about, stop reading (just for a sec!) and click here to read our latest post where I give you all the details about this initiative.
I have also been tinkering with the website to improve it and added a new feature - a one-stop-shop calendar that will feature various cybersecurity and technology related events happening around the world. Some will be virtual, some in person once the pandemic is cleared. Either way, be sure to check it out and you can even do a one-click action to add the event to your own calendar. A note about the calendar, while it will add it to your own calendar you do need to still sign up for the individual events via their meetup or registration link. I just wanted to make it easier for people to find events instead of having to search multiple meetups or scour social media. That's it for updates. On to the news!
This week's Cybersecurity News
US Imposed Sanctions for Insurance Firms, Financial Institutions Who Facilitate Ransomware Payments
Security and insurance firms, as well as financial institutions, have all been put on notice by the U.S. Department of Treasury regarding paying ransomware bribes. In a recent announcement, the US Department of Treasury stated that companies that facilitate a ransomware payment on behalf of a victim may now face sanctions for encouraging crime and possibly leading to future ransomware payment demands. It is a big move that has many in the security community weighing in on the complexities that ransomware places on victims. And the sanctions facilitators can be anyone - from security firms, digital forensics firms, cyber-insurance firms and financial institutions. The Department of Treasury already has a list of cyber criminal gangs that are known to facilitate cyber attacks, such as the developers of the ransomware CryptoLocker or Evil Corp, and expects US companies to comply with not negotiating with these cyber gangs. This latest update to the policy expands their power to say anyone who deals with ransomware negotiations can and will be under fire. Here's a quote from the policy explaining their reasoning for expanding the policy and imposing sanctions:
“Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber-actors to engage in future attacks. In addition, paying a ransom to cyber-actors does not guarantee that the victim will regain access to its stolen data.”
To say that ransomware, a form of malware that we talk about often here on the podcast, has been on the rise lately would be an understatement. According to a report by Cybersecurity Ventures, ransomware is predicted to target a business every 11 seconds. That is a lot of targeting and the success rate of said attacks are also rising, forcing small to mid business firms to grapple with a new security issue they never had to deal with before - either pay up or face the possible consequences of their data being leaked or lost forever. And these small and medium businesses are very well known to not have proper secure best practices enabled, for whatever reason that may be, which continue to increase their risk and make this type of attack successful and lucrative. But now, the US has taken a definitive stance on this issue, imposing financial consequences for those victims who do pay. You may remember a couple of years ago, Uber secretly paid a ransomware when they were attacked and that cause a huge stir. The decision to pay ransomware isn't and shouldn't be taken lightly and is definitely not encouraged because the Treasury Department is right - the more victims pay the more emboldened attackers feel to continue using this tactic on others. Lack of knowledge of the sanctions’ existence is not an excuse, anymore according to the Treasury and people can and will be held civilly liable.
Voter Registration Application Phishing Scam to Watch Out For
Not one to not take advantage of political chaos, cybercriminal are deploying new tactics that you should be VERY mindful of if you live here in the United States. A new email phishing campaign is now luring victims into believing that their voter registration data needs extra information when in fact it is a ploy to steal personal data.
Pretending to come from the U.S Election Assistance Commission, independent agency of the United States government that serves as a national resource of information regarding election administration, the email has a subject line that reads “voter registration application details couldn't be confirmed". From there, the body of the email explains how a victims voter registration application that was submitted was under review by your county clerk and that the clerk could not confirm some details. Users are then directed to confirm said details by, you guessed it, clicking a URL link that leads to a fake web page used to steal a variety of personal data. Based on the research by security researchers at KnowBe4 there is also a lack of capitalization, as well as proper spelling and grammar that can tip you off that this is a suspicious email, should this campaign ever swing your way.
While this is an example of a classic and simple phishing and social engineering attack, at a time where political tensions are high and misinformation is often this is a prime time for a campaign like this to be successful and dupe unsuspecting users out of their personal information. While thus far this campaign has only been seen in Arizona and surrounding states, it's important to note that Arizona is being considered a potentially important swing state in the upcoming elections. And this can lead people to panic if they think their voter information is incorrect and lead them to be more susceptible to enter their information in the wrong place. As always, please be careful and double check your emails before clicking any links or entering your personal information on any website. If possible, try to call your voter registration county directly to verify the email or that your information is valid in their system.
IOS 12 Widget Keylogging Conspiracy Started on Facebook
There has been a conspiracy theory floating around on Facebook and other social media platforms that claim that the new iOS 14 widgets for phone are actually key-loggers designed to track every single thing you type on your iPhone. Let me be the one to tell you that this is false.
The viral post on Facebook was screen-shotted and shared over 7,000 times as of about a week ago, and in today's viral culture I am sure that number has tripled by now. The entire conspiracy started because an iPhone user, on Facebook, claimed that they noticed their keyboard would lag and wouldn’t show the characters as they were being typed in, as well as other issues like app crashes and generally laggy performance. The post further goes on to say that the security code autofill feature is evidence that the iPhone is tracking what they type and that the widgets are responsible for compromised passwords. The miscommunication happening here is that the new Apple iOS 14 update added a feature that will notify users if their password has been a part of a data breach. If you are an iPhone user then you know that iPhones have a built in iOS password manager to help users keep track of their various accounts. Similar to other password managers, like 1password, Apple enhanced their password manager to notify them that this particular password saved in their iPhone has been found in a public data breach. This does not mean that the breach was due to a iPhone widget being used.
I won't get into the nitty gritty of the technical details but due to the nature of iPhone widgets, it isn't feasible for widgets to have access like the user is claiming. The home screen widgets are limited and have protections in place to where developers can only create widgets that very briefly display the data of the widget you picked and then that widget is killed entirely, so no data is continuously being gathered. The reason for this is because if widgets were allowed to run continuously without restrictions, there would not only be privacy implications but also a dramatic impact on battery life and performance. So all in all, if you see a conspiracy about iPhone widgets floating around please fact check before jumping to conclusions.
US Schools are a New Target for Cybercriminals
Last month an education and technology consultant did a pretty interesting, but scary, tally that sheds light on the way cyber attacks are affecting U.S. school systems. Doug Levin embarked on a solo project that tracks publicly disclosed reports of phishing, ransomware and other unsavory digital attacks on U.S. schools and districts and has been doing so for almost 4 years. Since the project has began, he has officially counted over 1000 cyber attacks on the national education school system. Now while this statistic seems pretty low, since he crossed the 1000 threshold about a week ago (Late September), he has added at least 29 more reports. The largest increase to this tally has occurred since COVID began, as schools have been an increasing target for cybercriminals since having to turn to digital tools to support students.
Schools openings are a prime time for cyber criminals to target and extort money because schools cannot afford to delay school openings when people are trying to get situated with their classes. Now this tally has just been for school systems that have students in grades K-12 but if we add in universities that tally is sure to double or triple. The biggest types of attacks schools are seeing are denial of service attacks in which cyber criminals try to overload a system so that the system crashes or is unavailable for valid users to use. School county's, like Miami-Dade in Florida and Clark County School District -which is the fifth largest US school district, have been victims of this type of attack and the latter school district had the sensitive information of its students and staff released to the public by a hacker after the district refused to pay their ransomware demand.
Historically, school districts have not been the main target of cybersecurity incidents but attackers are now seeing the benefit in attempting to lock up the system of a districts who can either afford to pay or can't afford to lost data. Unfortunately, Covid has probably sidelined any efforts in progress school districts were making towards cybersecurity as funds were needed to help support the success of students as they go digital. Hopefully the creator of this tally is able to partner with cybersecurity vendors who can use the information to help better arm schools who struggle to keep up.
That's it for this week's news. The link to the podcast version of this news reel is below. See you next time!
More Information
To support the platform and get exclusive content, join our Patreon community here: https://www.patreon.com/securityincolor
Join our cyber mailing list: https://bit.ly/sicsubscribe
Follow us on social media (@securityincolor, @domyboo)