CyberSec Intel Thursday #1

December 9, 2021 - Welcome to CyberSec Intel Thursday (CIT)! If you are a reader of our blog, you may already aware of our Blockchain Intel Tuesday (BIT) column, where we summarize several newsworthy tidbits on blockchain related news from prior weeks for your Tuesdays. Our goal for CIT is similar, however, we will be cybersecurity related news and that will be for every Thursday. Let's dive in with our 1st post!

  • NIST reported a fifth straight year of record numbers of vulnerabilities. The figure for 2021 was different in some ways. The number of high severity vulnerabilities fell slightly compared to 2020 while the number of medium and low risk vulnerabilities reported exceeded those seen in 2020. COVID plays a significant role in the increased as organizations adopts or rush to market new solutions which may contribute to the record hike.

  • Amazon Web Services experienced a brief outage on Tuesday this week impacting thousands of users on different websites and streaming platforms. The root cause of the issue was identified causing service API and console issues in the US-EAST-1 Region. The downtime impacted several major websites including Amazon Deliveries, Ring, Netflix, Roku, Delta and DeFi dYdX.

  • Microsoft announced the seizures of 42 domains used by Nickel, a China-based cyber espionage group operating under the various names including APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon, and Vixen Panda. The attacks employed sophisticate techniques including breaching remote access services and exploiting vulnerabilities in unpatched VPN appliances as well as Exchange Server and SharePoint systems. Google also announced earlier in the week that it has successfully disrupted the command and control infrastructure of Russia-based Glupteba, a blockchain-backed botnet being used to target Windows machines.

  • Apple notified several US Embassies and State Department employees that their iphones may have been targeted by Pegasus Spyware, created by the Israeli company NSO Group. The attacks started several months past signify the first known time the sophisticated surveillance software has been put to use against U.S. government employees.

  • Phishing actors start exploiting the Omicron COVID-19 variant using classical scams such as free Omicron PCR testing links, or contact forms for follow-ups or notifications of 'positive' contacts.

  • DHS Announced New Cybersecurity Requirements for Surface Transportation Owners and Operators. The TSA Security Directives target higher-risk freight railroads, passenger rail, and rail transit, and specifically require owners and operators to: a) designate a cybersecurity coordinator; b) report cybersecurity incidents to CISA within 24 hours; c) develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and, d) complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.

  • Experian released its 2022 (9th) Data Breach Industry Forecast. The report offers the following five predictions of potential threats: 1. Cyberdemic 2.0: Adaptation Leads to Trouble: More vulnerabilities will emerging seeking to exploit ongoing remote or hybrid work environment and the booster and vaccination relating to COVID 19. 2. Perfect Storm: Natural Disasters and Broken Supply Chains: Broken and unreliable global supply chains will make the sourcing of important emergency goods supporting natural disasters difficult, providing the means for hackers to exploit vulnerabilities. 3. Hackers Bet on New Gamblers: As more states legalize online sports betting, phishing scams will target the growing ranks of online gamblers, particularly new entrants. 4. Digital Assets Put Us in Peril: As people increasingly accept cryptocurrency and NFTs (or Non-Fungible Tokens) as legitimate transactions and legitimate asset classes, both will become targets for attack exposing previously unknown vulnerabilities. 5. Infrastructure: New Roads to Theft and Destruction: Both state and non-state actors will more frequently target physical infrastructure like electrical grids, dams, or transportation networks. Hackers may target funds disbursed by Congress that are intended to rebuild U.S. infrastructure.

  • The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. The group made over $40M targeting US companies.

  • Key Characteristics of Malicious Domains. Newer top-level domains and certain hosting providers are frequent sources of malicious content, while newly registered domains and free SSL certificates are not any more likely than average to be risky, new research shows.