CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Subscribe

Episode 40: January 09 2023

January 9, 2023 Jim Guckin CyberSecurity News Byte 13:2645 MB Comments Off on Episode 40: January 09 2023

Links

https://www.scmagazine.com/news/data-security/hackers-went-after-personally-identifiable-information-the-most-study-says?&web_view=true

https://www.imperva.com/resources/whitepapers/More-Lessons-Learned-from-Analyzing-100-Data-Breaches_WP.pdf

https://cyware.com/news/flipper-zero-phishing-attacks-eye-infosec-community-b40c8ac5

https://hackernoon.com/cloud-phishing-new-tricks-and-the-crown-jewel

https://www.bankinfosecurity.com/blogs/do-ransomware-victims-pay-for-data-deletion-guarantees-p-3342

Hackers go after PII the most

  • Imperva
    • Cyber Security Software Company
    • California
  • Report
    • 100 breaches
    • 1 Year
      • July 2021 to July 2022
  • PII Target
    • 42.7%
      • Other types
      • credit card info
      • passwords
      • source code
    • Why?
      • most valuable
        • can compile more PII from the dark web
          • harder to prevent fraud
          • full-on identity theft
  • Tactics
    • 27.1% of data breaches were caused by hackers
    • unsecured databases and social engineering at 14.6%
    • Ransomware followed as the fourth most common cause of a breach at 10.4%
    • third parties caused 7.2% of breaches
  • top four industries
    • Finance
    • professional services
    • healthcare
    • public administration

InfoSec Community Target in Phishing Campaign

  • Flipper Zero
    • multi-functional portable cybersecurity tool
      • RFID emulation
      • radio communications
      • digital access key cloning
      • NFC
      • Bluetooth
      • Infrared
    • Production issues
      • People have a hard time getting it
      • Supply chain shortages
      • Huge demand
  • Attack
    • creating fake shops and faking to sell it.
    • A security researcher spotted the phishing campaigns, including two fake Flipper Zero stores and three fake Twitter accounts
    • One of the fake Twitter accounts has the same handle as the official Flipper Zero account. However, it was spotted using a capital “I” in the name that looks just like an “l” on Twitter.
      • This fake Twitter account responds to people regarding availability and other accounts’ tweets to make it look genuine.
    • The aim behind attacks is to take buyers to the phishing checkout page, where they are urged to enter their full names, shipping addresses, and email addresses.
      • The victims are given a choice to pay using Ethereum/Bitcoin and told that the order will be processed within 15 minutes.

Harder to Detect Phishing Technique

  • Phishing from SaaS to SaaS
    • They distribution of a phony invoice, protected document, or PDF housed on trusted cloud services
      • the user must either download it or activate it using cloud services.
      • These phishing emails are challenging to identify during scanning because their contents and URLs all seem legitimate.
      • Utilize cloud services like:
        • Office365
        • Box
        • DropBox
        • OneDrive
        • SharePoint
      • Forces the user to login.
    • 2nd Phase
      • second stage establishes a new Office 365 account on a rogue device in the victim’s name. Once established on the new computer, the victim’s user account (and or this case, its Azure Ad) is used to send internal phishing attacks (disguised as the victim) within the company or to customers using the legitimate email account.
    • BYOD (Bring-Your-Own-Device)
      • Helps leverage this attack
  • QR Method
    • malware links via QR codes embedded in emails
      • Not detected by security software

Ransomware Victims Pay for Data Deletion

  • Ransomware Attack
    • pay for a decryptor!
      • you’ll be able to unlock the encrypted data.
    • Pay some more, name disappears.
      • your name gets deleted from the list of victims on a ransomware group’s site.
    • Pay even more for deletion.
      • They promise that whatever data they’ve stolen – or already leaked – will be immediately deleted.
  • Psychological Goal
    • Organizations need is to protect stolen data and salvage their reputation.
  • Allan Liska
    • a principal intelligence analyst at Recorded Future
      • “They’re not going to delete your data. I mean, just flat out, they’re going to pretend to delete your data,”
      • “We’ve seen that time and time and time again, and I think organizations are fully aware of that. So then the question becomes: ‘Will they pay for the illusion that the data has been removed?
  • Don’t pay