Friday Five: 8/9 Edition
Twitter shares user data without permission, malware attacks are on the rise, and more - catch up on the week’s infosec news with this roundup!
1. A cyber-espionage group has been stealing files from the Venezuelan military by Catalin Cimpanu
International cyber-crime organization, Machete, has recently narrowed its hacking focus on Venezuela, following the political unrest they have been dealing with. The group is notoriously active throughout the world, but has targeted the Venezuelan military using spear-phishing emails attached with malicious files. The group's success can be attributed to their strategy of attaching malware to previously stolen files, and sending those, which tend to be opened more often than arbitrary documents. The group is still active in South America and continually stealing multiple gigabytes of sensitive data per week. It is still unknown if the group is acting out of self-interest or is a state sponsored organization tasked with hacking and retrieving valuable assets.
2. Organizations are employing cyber-resilient strategies in new ways by Help Net Security
Wipro recently released their annual “State of Cybersecurity” report highlighting the new findings regarding cybersecurity in modern businesses. The study took place over three months and used surveys from security leaders and operational analysts working at more than 200 worldwide companies. Wipro found that cybercriminals are becoming more efficient in their hacking capabilities, with an increase in the number of exposed documents in a breach by 164%. Another finding showed cryptominer malware to be the prevailing threat, with 25% of global organizations being targeted in 2018 alone. On a positive note, companies are proving more likely to become cyber-resilient. Organizations are implementing more cloud and IoT securities while also dedicating more resources to training and simulation exercises to best prepare employees for an attack.
3. Twitter Again Admits Sharing User Data Without Permission by Eduard Kovacs
After Facebook was caught in a legal battle resulting in a $5 million fine, Twitter has now found themselves in hot water regarding user privacy concerns. Despite Twitter offering various options within their settings to help users understand and control how their information is used, the company identified two lapses relating to data privacy. The first was concerning data being shared with advertising companies after people had already opted out of that information being shared. Twitter released user location, information, and engagement data related to how and when the ads were viewed. The second problem that Twitter addressed related to how advertisers were able to tailor ads to accounts based on the devices being used, despite users declining to have that information known. This is not the first time Twitter has been found out for inadvertently releasing user information to advertisers, and it does not seem like it will be the last.
4. PIN the blame on us, says Monzo in mondo security blunder: Bank card codes stored in log files as plain text by Shaun Nichols
Monzo Bank, based in the U.K., recently urged 480,000 customers to reset their PINs because it accidentally kept these customers’ PINs in log files as plain text. Since PINs were stored in log files, about 100 Monzo engineers temporarily had access to these PINs, although they typically do not have the authorization to do so. Monzo reassured affected customers that no one outside the company viewed the PINs, yet these customers should still monitor their accounts for anything suspicious. Monzo also recommends that impacted customers download the latest version of the Monzo app to ensure that their PINs will no longer be sent to the log files.
5. Destructive Malware Attacks Up 200% in 2019 by Kelly Sheridan
IBM X-Force Incident Response and Intelligence Services (IRIS) noted that it helped with 200% more destructive malware cases in the first half of this year in comparison to the second half of last year. Destructive malware attacks shut down an organization’s corporate environment, and on average, large international organizations lose $239 million per attack. In particular, the manufacturing, education, and oil and gas industries have been frequent targets for these attacks. Organizations should also be aware that these attacks may begin with a credential stuffing attack, phishing email, or watering hole attack, and that security researchers believe that the use of destructive ransomware by cybercriminals will escalate within the next five years.