Cyber Intelligence Weekly: The 3 New Ideas You Need to Know this Week (Issue 148 – June 30, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight a new article by my colleague @Shir Butbul, The Remote Worker’s Guide to Building a Professional Cybersecurity Network. Shir shares tips on building a professional network, especially for introverts and remote workers. Learn how to leverage summits, industry associations, online communities, and social media, and create your own networking opportunities.

Don’t miss out on Shir's valuable insights. Read the full article here: https://lnkd.in/eUfperuY

Away we go!

?

1.?Polyfill[.]io and the Risks of JavaScript Supply Chain Attacks

The owner of polyfill[.]io is fighting back against allegations of inserting malicious code into websites, following the shutdown of its domain. In a series of heated posts over the last three days, the CDN operator behind polyfill[.]io has accused Cloudflare , the media, and others of malicious defamation and slander, firmly denying any supply chain risks.

Polyfill[.]io provides JavaScript polyfills that add modern functionalities to older browsers, ensuring wider compatibility for developers' web code. However, if these polyfills turn malicious, they could harmfully impact visitors by executing unauthorized code. Multiple reports , have shown that the polyfill service was being used, and could be used again, to inject malicious JavaScript code into users’ browsers. This is a real threat to the Internet at large given the popularity of this library. Concerns over this potential led to warnings from cybersecurity experts and the creator of the open-source Polyfill service, urging the removal of polyfill[.]io code from websites.

The controversy intensified when domain registrar Namecheap shut down polyfill[.]io, leading to the service's relaunch as polyfill[.]com. Cloudflare had previously warned that the domain's new owner posed a supply-chain risk, which was confirmed when polyfill[.]io began injecting harmful code. This code was reportedly designed to redirect users to malicious sites and had specific protections to evade detection.

Despite the shutdown, the polyfill[.]io owner remains defiant, criticizing Cloudflare's actions and announcing plans to develop a superior global CDN product. The owner claims to have secured $50 million in funding for this venture. However, as of the latest update, polyfill[.]io has become inaccessible, rendering the site non-operational.

2.??Google's New Facial Recognition Pilot for Campus Security

Google has begun testing facial recognition technology as part of its campus security measures, starting with an office in Kirkland, Washington, a suburb of Seattle. This initiative aims to prevent unauthorized individuals from accessing Google's premises by comparing facial data captured by security cameras with images from employee badges. The Security and Resilience Services (GSRS) team is overseeing this test to enhance the safety of Google's people, products, and locations.

The pilot program involves interior security cameras collecting and analyzing facial data to detect unauthorized persons. While employees cannot opt out of the facial screening process when entering the building, they can choose not to have their ID images stored by submitting a form. According to an internal document viewed by CNBC, the data collected is intended for immediate use only and will not be stored.

This move comes at a crucial time for Google, which is deeply involved in the burgeoning artificial intelligence industry and is incorporating AI across its product and service portfolio. The use of facial recognition technology is particularly contentious due to privacy concerns related to surveillance. Google has previously faced violent incidents, such as the 2018 shooting at YouTube's office, underscoring the need for robust security measures.

The test also coincides with broader security enhancements at Google's headquarters and other offices, following layoffs and protests in the past year. In early 2023, Google announced significant job cuts and has recently relocated some engineering roles to India and Mexico. These changes, along with the introduction of advanced security systems, reflect Google's ongoing efforts to maintain a secure and safe environment for its employees and operations.

3.??Inside the TeamViewer Security Breach: Cozy Bear Strikes Again

TeamViewer, the well-known remote desktop software company, has revealed that its corporate IT network was breached by Russian intelligence. The breach, which occurred on June 26, was traced to the cyber-espionage group Cozy Bear, also known as APT29 and Midnight Blizzard. This group has previously been linked to high-profile cyber-attacks on Microsoft, SolarWinds, and the US Democratic National Committee.

The intrusion was detected when TeamViewer's security systems noticed unusual activity from a standard employee account. Immediate incident response measures were taken, and external cybersecurity experts were brought in to assist with the investigation. TeamViewer emphasized that the breach was contained to its non-production systems, reassuring customers that their data and the company's product environment were not compromised.

Cozy Bear's method involved using the login credentials of an employee to gain access to TeamViewer's internal network. The company highlighted its robust security architecture, which segregates its corporate IT environment from its production systems and the TeamViewer connectivity platform. This design aims to prevent unauthorized access and lateral movement within its network, forming part of a multi-layered defense strategy.

Despite the breach, TeamViewer remains confident in its security measures and has committed to providing further updates as the investigation progresses. With over 600,000 customers relying on its software for remote management of PCs and other devices, the potential implications of a deeper compromise could have been significant. However, TeamViewer's swift response and containment efforts have, so far, mitigated the risk.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about