If you keep up with cybersecurity news, you’ll know it’s been a busy month. We’ve seen headlines around social engineering attacks, the CCPA, coronavirus vaccine data, critical patches, and banned social media applications.
We’ve rounded up some of the top stories from July, including must-know information and links to various supporting resources.
After pharmaceutical companies and research centers in Great Britain were hacked, four agencies in the US, UK and Canada issued a joint warning, saying that Cozy Bear – a group that “almost certainly operate as a part of Russian intelligence services” – was responsible and that they were targeting organizations trying to develop a coronavirus vaccine.
While the UK’s National Cyber Security Centre (NCSC) hasn’t revealed which organizations were targeted or whether any information had been stolen, they have made it clear that vaccine research wasn’t compromised.
In their warning, the US, UK, and Canadian agencies said that hackers not only exploited software flaws to gain access to computer systems, but they also used malware, and tricked employees into handing over login credentials with phishing and spear phishing attacks.
Check out our guide: Coronavirus and Cybersecurity: How to Stay Safe From Phishing Attacks.
On July 15, the official accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates and other celebrities and politicians were hacked in an apparent Bitcoin scam.
According to Twitter, it was a coordinated social engineering attack involving an Insider that targeted employees who had access to internal systems and tools. This access was then used to take control of various accounts. And, in an update from the social media giant on Wednesday, July 22, it was announced that cybercriminals didn’t just tweet from hacked accounts, they also accessed the direct messages of around 36 people, including a Dutch politician.
The Federal Bureau of Investigation (FBI) is now involved and other lawmakers (on both sides of the political spectrum) are asking Twitter for transparency into what happened and how it can be prevented in the future.
After going dark five months ago, 2019’s most active malware – Emotet botnet – is back.
The latest campaign (the first attack was spotted on July 17) is firing off spam emails, trying to infect users in the US and the UK with its malware. According to one researcher, the campaign is “ongoing” and reached 250,000 messages in just one day.
Here’s how it works: malicious Word attachments or URLs are contained within emails and, if clicked by targets, Emotet will be downloaded and installed. This initial foothold is then used to deploy other malware. What do you do if you’re infected? Isolate the infected system and take the entire network offline.
We often say that data is valuable currency but, after a report was released in early July, we can see just how much our personal information is worth.
The report, From Exposure to Takeover, found that 100,000 data breaches over a two-year period have yielded a 300% increase in stolen credentials. That means that, today, there are fifteen billion usernames and passwords for sale on the dark web. These compromised credentials are being sold for an average price of $15.43. But, hackers can “rent” an identity for as little as $10.
So, how are hackers getting their hands on this data? Phishing, credential-stealing malware, and credit-card skimmers are three of the most popular ways.
The Psychology of Human Error, the latest report from Tessian, examines not only the mistakes people make at work, but why they make those mistakes. These are important questions to answer, especially when the research shows that nearly half (43%) of employees say they’ve made a mistake at work that had security repercussions for themselves or their company.
The findings reveal that younger employees are more likely to make mistakes, that men are more likely than women to fall for phishing scams, and that fast-paced company cultures are driving employees to make more mistakes. The research also outlines that those employees who are distracted (which many people are when working from home) or tired are more likely to fall for phishing scams.
Read the full report to learn more, including what security leaders can do to combat the problem. In a rush? You can read an overview of the key findings here.
As a part of Microsoft’s monthly security update – called Patch Tuesday – 123 security flaws across 13 products were fixed. The most severe? The flaw is known as CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability, and points to a problem with Microsoft’s implementation of DNS that can result in a server improperly handling domain name resolutions requests.
Researchers say hackers can exploit this vulnerability and weaponize it to create wormable malware that would allow them to gain Domain Administrator rights and take control of an entire network.
Patches are available for several versions of Windows Server, going back as far as 2003 and Microsoft has advised that organizations install the patch as soon as possible. Note: The vulnerability is limited to Microsoft’s Windows DNS Server implementation, so Windows DNS clients are not affected.
The 2016 election made it clear how important cybersecurity is in politics.
As a preventive measure, some (although very few) candidates’ in this year’s election have brought on Chief Information Security Officers (CISOs). The latest announcement came from Joe Biden who announced Chris DeRush – former CISO for the State of Michigan who has also served as a cybersecurity advisor in the White House and Department of Homeland Security – would fill the position for his presidential campaign.
Learn more about why political campaigns need CISOs on our blog.
TikTok – the popular social media application – has generated a lot of buzz throughout July. Why? According to a press release from India’s Ministry of Electronics & IT, it’s because the app (and 58 other Chinese-owned apps) are “hostile to national security” and “pose a threat to sovereignty”.
These concerns arose after a military stand-off between China and India in mid-June. Other countries are following suit. Both US and Australian authorities banned the use of the app for military personnel as more and more questions are being asked about the security of data and potential breaches of privacy.
Most recently, The House of Representatives voted 336-71 in favor of the National Defense Authorization Act, which includes an amendment banning TikTok from all federal devices. Meanwhile, TikTok – who has recently hired an American CEO – has maintained that it doesn’t share data from its app with the Chinese government.
July 1 was the official enforcement data of the CCPA and, less than two weeks later, Walmart was sued in a class-action lawsuit. Why? A San Francisco man claims that his personal information – including his credit card – was sold on the dark web after the superstore was hacked.
Under the CCPA, companies can be fined up to $750 “per consumer per incident” and, because the man alleges that hundreds more customers were affected, Walmart could be hit with a big fine.
For now, Walmart says it wasn’t hacked, maintaining that “Protecting our customers’ data is a top priority and something we take very seriously. We dispute the plaintiff’s allegations that the failure of our systems played any role in the public disclosure of his personally identifiable information (PII)”.
That’s all for this month! Did we miss anything? Email madeline.rosenthal@tessian.com. You can also keep up with us on social media and check our blog for more updates.