News Items

Federal officials have discovered that Iranian threat actors are trying to interfere with the election. Iranian threat actors are behind two separate email campaigns that went out to Democratic voters this week. The emails contain threats to "vote for Trump or else." The adversaries tried to make the emails seem like they came from the Proud Boys group. On October 20th and on October 21st, two specific email campaigns were sent out and threatened Democrat voters in Alaska, Arizona, and Florida. Iran also distributes other content to mislead voters, including a video that implies that individuals can cast fraudulent ballots.

Threatpost reports: "Feds: Iran Behind 'Proud Boys' Email Attacks on Democratic Voters"

IBM security researchers discovered a new malware variant called Vizom that is focused on compromising bank accounts via large Brazilian banks' online financial services. The malware applies remote overlay techniques and DLL hijacking to remain hidden and compromise user devices. Vizom is distributed through a spam-based phishing campaign and masquerades as popular video conferencing software. This article continues to discuss Vizom's distribution, techniques, capabilities, and prime targets.

ZDNet reports "This New Malware Uses Remote Overlay Attacks to Hijack Your Bank Account"

Researchers have found that Facebook has been a top cybercriminal favorite in phishing attacks so far this year. There were 4.5 million phishing attempts on the social media platform between April and September 2020. Messenger app WhatsApp is the second-top platform leveraged by attackers (with 3.7 million phishing attempts), followed by Amazon (3.3 million attempts), Apple (3.1 million attempts), and Netflix (2.7 million attempts). Google's offerings (including YouTube, Gmail, and Google Drive) took the sixth position, with 1.5 million phishing attempts altogether.

Threatpost reports: "Facebook: A Top Launching Pad For Phishing Attacks"

Cybercriminal groups are getting more creative in the execution of attacks against digitally transformed and agile environments, as indicated by a new report by VMware Carbon Black. According to the report, more than 80% of attacks now include cases of counter incident response (IR), which refers to an attacker's move into a destructive attack mode in response to being spotted by the defender. An attacker may respond by dropping wiper malware, launching ransomware, altering time stamps on logs, and more. Organizations are encouraged to make their response and hunting efforts less visible to attackers. There has also been an increase in island hopping, where an attacker uses an organization's network to attack other businesses along the supply chain. This article continues to discuss the increased rates of counter IR, the need to change how IR is conducted, the concept of island hopping, and the growing sophistication of cybercrime groups.

Infosecurity Magazine reports "Modern Attacks Include Supply Chain 'Hopping' and Reversing Agile Environments"

Congratulations to Himanshu Neema for winning the Best Paper Award at HoTSoS 2020! 

"Simulation Testbed for Railway Infrastructure Security and Resilience Evaluation" was submitted to HoTSoS 2020 earlier this year and presented by Dr. Neema, on behalf of himself and his team, on the first day of the symposium. The Best Paper Award was given to him that same day. Dr. Neema's team was comprised of Xenofon Koutsoukos, Bradley Potteiger, CheeYee Tang, and Keith Stouffer. 

A recording of the awards ceremony is not publicly available.

The Cybersecurity Collaborative is a membership organization that facilitates the collaboration between senior cybersecurity leaders to share best practices and address complex enterprise security challenges. Together with its parent CyberRisk Alliance, the Cybersecurity Collaborative has announced the launch of a $1M fund to help organizations whose security operations have been affected by the COVID-19 pandemic. The goal of the Cyber Resiliency Fund is to help companies access cybersecurity resources and tools that help defend against ransomware, phishing, and other cyber threats. The fund will also help organizations address the security challenges associated with work-from-home environments. This article continues to discuss the Cybersecurity Collaborative, CyberRisk Alliance, and Cyber Resiliency Fund.

SC Media reports "$1M Cyber Resiliency Fund Launched to Support Security Operations Impacted by Pandemic"

Researchers at Check Point have found that hackers are impersonating Microsoft and using Microsoft products and services in nearly a fifth of all global brand phishing attacks in the third quarter of this year. Adversaries are still trying to capitalize on remote workforces created by the coronavirus pandemic. Behind Microsoft (related to 19 percent of all phishing attempts globally) were: shipping company DHL (9 percent); Google (9 percent); PayPal (6 percent); Netflix (6 percent); Facebook (5 percent); Apple (5 percent); WhatsApp (5 percent); Amazon (4 percent); and Instagram (4 percent).

Threatpost reports: "Microsoft is the Most-Imitated Brand for Phishing Emails"

Smart cities refer to urban areas that employ different types of technologies to improve upon the quality of life for those residing in these areas. As these technologies are expected to serve whole urban regions in the future, it is essential to develop more solutions to secure the data managed and accessed by such cities. Victor Garcia Font, a researcher at the Universitat Oberta de Catalunya's (UOC) Internet Interdisciplinary Institute (IN3) presented a model called SocialBlock that applies blockchain technology to manage data security and control in smart cities. This article continues to discuss how the proposed SocialBlock architecture could strengthen data security in smart cities.

UOC reports "SocialBlock: Technology That Could Improve Data Security in Smart Cities"

Fewer organizations are reporting cyber incidents. However, for those that are experiencing these incidents, the attacks have increased in severity. According to the 2020 Cyber Readiness Report released by Hiscox, a Bermuda-based insurance provider, the total cyber losses among impacted companies rose to $1.8 billion within the past 12 months, a 50% increase from last year's total of $1.2 billion. Large organizations were the most targeted by cybercriminals, and the most willing to pay demanded ransoms. Organizations within the energy, manufacturing, and financial services sectors are considered the most vulnerable to attacks due to their low cyber resilience maturity level and tolerance for high-impact outages. In addition, the most commonly used attack vectors are still malware, ransomware, Business Email Compromise (BEC), and Distributed Denial-of-Service (DDoS). This article continues to discuss key findings shared by the 2020 Cyber Readiness Report.

Dark Reading reports "Cybercrime Losses Up 50%, Exceeding $1.8B"

Barnes & Noble is warning that it has been hacked, potentially exposing personal data for shoppers. The cyberattack occurred on October 10 and resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems. The IT team at Barnes & Nobel does not know if personal information was exposed, but the systems that were hit contained personal data, so it may have been. The data that could have been breached includes email addresses, billing and shipping addresses, telephone numbers, and transaction and purchase histories. Payment-card information is encrypted and tokenized and was not involved in the possible data breach.

Threatpost reports: "Barnes & Noble Hack: A Reading List for Phishers and Crooks"

During an investigation, Carnival Corporation has discovered that passenger and employee data from three different cruise lines were accessed in a ransomware attack in August. The cruise lines affected include Carnival Cruise Line, Holland America Line, and Seabourn. The investigation is still ongoing. Carnival stated that the information accessed by the threat actors might include names, addresses, phone numbers, passport numbers, and dates of birth. They also anticipate additional information that may have been impacted, include Social Security numbers, health information, or other personal information.

Infosecurity reports: "Carnival Confirms Passenger Data Compromised"

A new study conducted by Binghamton University, State University of New York, suggests that an organization's subcultures influence whether or not employees violate Information Security Policies (ISP). As each subculture within an organization responds differently to the organization-wide ISP, researchers recommend that the development of ISP involves consulting with each of these subcultures. Organizations are encouraged to examine the design and implementation of ISP, and to work closely with employees to figure out how they could fit ISP compliance into their work responsibilities and priorities. This article continues to discuss the performance and findings of the study on how subcultures influence ISP compliance.

Binghamton University reports "Some Employees More Likely to Adhere to Information Security Policies Than Others"

A team of computer scientists and international studies students at Johns Hopkins University developed a new online database called the Cyber Attack Predictive Index (CAPI) that can predict the likelihood of a cyberattack between nations. The site predicts where in the world, the next major cyber conflict might occur based on the analysis of existing data gathered from past attacks. Nations are given a score from 1 to 5 for each common element identified in national cyberattacks within the past 15 years. These elements include cyber strength, sophistication, fear of serious repercussions, motivation to attack, and more. As a nation's total score increases, they are more likely to launch an attack. A CAPI Advisory Board has been established to regularly gather project stakeholders to discuss activities around the world that may result in cyber conflict and to update the database. This article continues to discuss the purpose and methodology behind the online CAPI Heat Index.

JHU reports "New Website Predicts Likelihood of Cyberattacks Between Nations"

Deepfakes refer to synthetic media, including images and videos, created using Artificial Intelligence (AI). Deepfakes remain a significant issue despite recent developments in security measures that can detect many of them. Bart Kosko, a professor in the Ming Hsieh Department of Electrical and Computer Engineering, underlined the expected advancement in the generation of deepfakes and the increased difficulty in detecting them as computers and learning algorithms grow more sophisticated. In a new paper from Professor Kosko's neural learning and computational intelligence course, Electrical and Computer Engineering masters students Apurva Gandhi and Shomik Jain showed the vulnerability of deepfake detectors to adversarial perturbations. This article continues to discuss the expected advancement of deepfakes, the results of the study, and the researchers' strategies for improving vulnerable deepfake detectors.

Homeland Security News Wire reports "Fooling Deepfake Detectors"

Researchers at Telos have discovered that organizations are struggling to keep up with IT security and privacy compliance regulations. Researchers at Telos surveyed 300 IT security professionals in July and August. The survey revealed that, on average, organizations must comply with 13 different IT security and/or privacy regulations and spend $3.5 million annually on compliance activities. Compliance audits, on average, consume 58 working days each quarter.

Help Net Security reports: "Compliance Activities Cost Organizations $3.5 Million Annually"

Facebook is creating a loyalty program as part of its bug-bounty offering, hoping to incentivize researchers to find vulnerabilities in its platform. Facebook bounty hunters will be placed into tiers by analyzing their score, signal, and the number of submitted bug reports, which will dictate new bonus percentages. The new program is called "Hacker Plus" and offers bonuses, bounty awards, access to more products and features that researchers can stress-test, and invites to Facebook annual events.

Threatpost reports: "Facebook Debuts Bug-Bounty 'Loyalty Program'"

The Agari Cyber Intelligence Division (ACID) published the results of a study on the operations of Business Email Compromise (BEC) attacks. These results give insight into the global footprint of BEC activity. Researchers looked at information on 9,000 defense engagements between May 2019 and July 2020, 2,200 of which allowed them to identify where attackers are likely located. They were able to identify BEC attackers in over 50 different countries. According to ACID's report, 25% of those behind BEC attacks were based in the United States, with nearly half of them located in California, Florida, Georgia, New York, and Texas. Sixty percent of the perpetrators behind these attacks were based in 11 African countries, with 83% of them based in Nigeria. This article continues to discuss key findings of the study on the locations of BEC cybercriminals and BEC money mules.

Dark Reading reports "25% of BEC Cybercriminals Based in the US"

The Government Accountability Office (GAO) calls on federal regulators to increase efforts toward strengthening the security of airliners' computer systems against hackers. The agency pointed out that the Federal Aviation Administration (FAA) has not developed a program for cybersecurity training or testing potentially vulnerable airplane computer systems. It is recommended that the FAA conducts a risk assessment for avionics systems and trains inspectors on how to judge the security of these systems. As the complexity of avionics systems grows, opportunities for attackers to target commercial transport airplanes increase, making it essential for federal regulators to take more action to address vulnerabilities in these systems. This article continues to discuss the GAO's report on the vulnerability of plane systems to hacking as well as recommended actions to bolster airline cybersecurity.

MBT reports "Watchdog Urges More Action to Protect Planes from Hackers"

The COVID-19 crisis has sped up the adoption of cloud technologies, further emphasizing the importance of strengthening cloud security. Although more businesses are adopting cloud technologies to protect their data and networks, their processes are weak. According to a new report from SailPoint, an identity management firm, the rush to adopt Infrastructure-as-a-Service (IaaS) for cloud infrastructure has created security challenges. More than 40% of cyberattacks stem from the lack of visibility and control deficiencies associated with IaaS infrastructure management and access. This article continues to discuss the increased use of IaaS cloud environments during the pandemic and the hurdle created by this rush in IaaS adoption.

CISO MAG reports "How Lack of Visibility Over IaaS Cloud Infrastructure Fuels Cyberattacks"

Microsoft has identified a new strain of Android ransomware known as AndroidOS/MalLocker.B. According to Microsoft researchers, the authors of this malware have been continuously been updating it. The new variant applies various methods to circumvent the protections implemented by Google to prevent malicious apps from taking over a device's home screen and disabling functions. This article continues to discuss the techniques used by the latest MalLocker.B ransomware variant to get victims to pay the demanded ransom and the methods used by other Android ransomware families.

Decipher reports "Microsoft Warns of 'Continuously Evolving' Android Ransomware"

Two security researchers from SecNiche Security Labs were able to access the command and control (C&C) panels of Internet of Things (IoT) botnets, including Mana, Vivid, 911-Net, Purge Net, Goon, Kawaii, 0xSec. The compromise of IoT botnets' C&C panels allowed them to delve deeper into the capabilities and operation of these threats. The researchers gathered information on commands supported by the IoT botnets, differences between different panels, and administrator options such as those used to execute DDoS attacks. They also shared details on techniques that could be used to create additional attack scenarios and develop measures to defend against such scenarios. This article continues to discuss how researchers accessed C&C panels of 10 IoT botnets and the importance of compromising these panels.

Security Week reports "C&C Panels of 10 IoT Botnets Compromised by Researchers"

Sarah Freeman is senior industrial control systems cybersecurity analyst at Idaho National Laboratory (INL) who looks at the different aspects of cyberthreats facing critical infrastructure. Attacks against pipelines, transportation networks, and other critical infrastructure are continuing to grow in frequency and sophistication. Part of Freeman's work is to solve puzzles regarding who is behind an attack against critical infrastructure in order to help the government better defend against perpetrators. Freeman looks at the characteristics of target industrial control systems, attack techniques, and more. This article continues to discuss what Freeman and other analysts look at in the performance of cyber attribution.

Homeland Security News Wire reports "Finding the Origins of a Hacker"

A Brain-Computer Interface (BCI) allows people to use their brain activity to interact with a computer. A team of researchers led by Professor Dongrui Wu from the Huazhong University of Science and Technology (HUST) explored the security of electroencephalogram (EEG)-based BCI spellers, which enables text entry using EEG signals, helping to restore communication for severely disabled individuals. The examination of P300 and SSVEP spellers revealed that an attacker could cause them to misclassify characters through the generation of tiny adversarial EEG perturbation templates. Adversarial attacks on EEG-based BCI spellers could lead to usability problems, misdiagnosis in clinical applications, and other consequences, posing a threat to patients' safety. This research aims at bringing further attention to the need to strengthen security for BCI systems. This article continues to discuss the findings and next steps of this study on the security of BCI systems.

ScienMag reports "Are Brain-Computer Interface Spellers Secure?"

The Cybersecurity and Infrastructure Security Agency (CISA) published an alert about the recent resurgence of the credential-stealing malware Emotet. Since its return, there has an increase in Emotet attacks against U.S. state and local governments. Researchers discovered that Emotet is now applying new tactics, including the use of subject lines in phishing email attacks that capitalize on the COVID-19 crisis. The Emotet downloader is also now contained in a password-protected archive file to avoid the security gateways implemented to protect email accounts. This article continues to discuss CISA's warning about the return of Emotet, researchers' findings surrounding this malware's new tactics, and suggested steps that state and local IT organizations can take to avoid falling victim to Emotet attacks.

StateScoop reports "Emotet Is Back and Phishing State and Local Governments, CISA Warns"