Cyber security update 11 Jan 2023

Before the Christmas and New Year weekends, many were worried about a repeat of the stress from the previous two years. In December 2020, the world was hit by a highly advanced supply chain attack via the software company Solarwinds. One year ago, the Log4J vulnerability ruined the Christmas celebrations for millions of security professionals. Fortunately, December 2022 was calm on the data security front, both at home and internationally. However, the global security situation is tenser than in a long time.

The password storage service LastPass has recently been affected by two data breaches. On 22 December, they stated that the intruders had copied customer data. Unencrypted data includes both email addresses and which services customers have saved passwords for. Who can use this to create personally crafted phishing attacks to trick users of their passwords? Fortunately, users' passwords are encrypted with the individual user's "main password." If this password is unique and long (at least 12 characters), the risk that the data can be decrypted must be small. In any case, we recommend changing the password on essential services such as email accounts, Apple ID, Google, BankID, etc. Also, change the primary password if this is unique, or has a sufficient number of characters.

The US Department of Justice reports that it has arrested six people for operating several websites that offered paid DDoS attacks. The FBI has also seized 48 Internet domains where the services have been sold. Extortionists often use these types of services ("booter" services). They select victims, perform DDoS attacks against them and demand a ransom to end the attacks.

Apple has announced that it will now offer encryption of photos, chat logs, and other sensitive user data in iCloud. The new security feature became available to customers in the US before the New Year, while the remaining countries will gain access to the service during 2023. It is expected that there will be protests from authorities in various countries along with potential legislative proposals to stop the security measure. Until now, many countries authorities have been able to access an unencrypted backup of Apple devices using data disclosure requirements, which will now be impossible

The security company Hold Security reports that ransomware groups often have problems getting paid. They, therefore, make use of constantly new extortion methods. Ransomware group Venus, for example, has threatened to alter emails belonging to high-profile executives to make it look like they are planning insider trading. The group further threatens to publish these emails if a ransom is not paid. Another group called CLOP has started sending infected files designed to look like ultrasound images or other medical documents. They then obtain health insurance and proof of payment to book a consultation appointment, hoping that healthcare professionals will review the infected files before the meeting and thereby infect their systems.

Access to stolen corporate email accounts is being sold on cybercriminal marketplaces for as little as $2. The Israeli cyber-intelligence company KELA reports that at least 225,000 email accounts are for sale on such marketplaces. The accounts are usually stolen through cracking (of stolen password files), guessing passwords against exposed services (credential stuffing), or phishing. Those who buy the accounts often use them to carry out targeted phishing attacks or as a gateway to deeper network infiltration with industrial espionage or ransomware as the ultimate goal.

#cybersecurity #cybercrime