Friday Five 10/14
This week, supply chain attacks, phishing, and other email threats took many of the top headlines. Catch up on all the latest in this week’s Friday Five!
1. ELECTION WORKERS IN BATTLEGROUND STATES FACED ONSLAUGHT OF MALICIOUS EMAILS, RESEARCHERS SAY BY AJ VICENS
Ahead of their states' primaries, election workers in Pennsylvania and Arizona were hit with a surge of malicious emails, according to researchers. These emails reportedly included attempts at password theft and efforts to deliver malware via poisoned links. Data from a cybersecurity firm shows that these malicious emails have tripled in Q3 compared to Q1 2022, peaking around the state's August 2 primary, while those emails increased by over 380% in Pennsylvania between Q4 2021 and Q1 2022 prior to their May 17 primary. Learn more about the danger of these emails and what some of them looked like in the full story from CyberScoop.
2. GOOGLE FORMS ABUSED IN NEW COVID-19 PHISHING WAVE IN THE U.S. BY BILL TOULAS
A spree of recent phishing attacks has been abusing Google Forms to steal sensitive information from business owners. The bad actors behind the phishing emails are said to be impersonating the U.S. Small Business Administration (SBA), which ran COVID-19 financial recovery programs in the past, to fool their victims. Read the full story from BleepingComputer to learn more about how the victims have been fooled into thinking the scams are legit, why the use of Google Forms matters, and what type of information is being compromised.
3. WHITE HOUSE TO UNVEIL AMBITIOUS CYBERSECURITY LABELING EFFORT MODELED AFTER ENERGY STAR BY SUZANNE SMALLEY
The White House National Security Council announced a new initiative this past week, modeled after the EPA's Energy Star, which will create a consumer products cybersecurity labeling program intended to improve digital safeguards on IoT devices. According to Deputy National Security Adviser for Cyber and Emerging Tech Anne Neuberger, who will be spearheading the initiative, “today when folks buy tech, they buy it for a cool feature, speed to market — cybersecurity is often an afterthought,” said the official, who requested to remain anonymous to speak candidly about the effort. “Everybody realizes that it’s an idea whose time has come.”
4. EMAIL DEFENSES UNDER SIEGE: PHISHING ATTACKS DRAMATICALLY IMPROVE BY ROBERT LEMOS
In a troubling development, a recent report found that nearly 1 In 5 phishing emails managed to bypass Microsoft's default platform email defenses and land in employees' inboxes, marking a 74% increase since 2020. These phishing attacks are reportedly getting exponentially more advanced, leveraging zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, among other tactics. Read the full story from Dark Reading to learn more about how these phishing attacks are becoming more advanced and why email security tactics are beginning to fall behind.
5. SUPPLY CHAIN HACKS ARE ON THE RISE. BUT MOST COMPANIES AREN'T PREPARED BY LIAM TUNG
In the wake of a spike in supply chain attacks, the UK's National Cyber Security Center (NCSC) has released new guidance for organizations to protect themselves against such attacks, saying that the guidance is aimed at helping medium and larger organizations "assess the cyber risks of working with suppliers and gain assurance that mitigations are in place," in a recent announcement.