Friday Five 9/11
Initial access brokers, scam domain names, and Brazil's new data protection law - catch up on the week's news with the Friday Five.
1. Meet the Middlemen Who Connect Cybercriminals With Victims by Kelly Sheridan
One of the most significant trends in cybersecurity is the increase in ransomware attacks. One of the ways that ransomware operators get into companies is through Initial Access Brokers, middlemen who handle the initial requirements of an attack and streamline the process. These middlemen often advertise their skills and intrusions subtly through the dark web. Using port scanning tools like Shodan or Masscan, initial access brokers look for users who have Remote Desktop Protocol (RDP) exposed to the Internet (although they can also get in through other methods, such as Citrix gateways and domain controller accesses). Once in, they explore the network, organize the data, and figure out how much money the access is worth. The brokers have to be careful with how they present the information on the dark web; too much information and the breach could be noticed, not enough information and they might not attract any buyers. Initial access brokers are a key part of many ransomware operations and to stop ransomware, it’s worth knowing as much as possible about how the hackers pull off the crime.
2. The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis by Tonya Riley
A three-month investigation by Digital Citizens Alliance, a non profit group, found that domain registrars, such as GoDaddy, have done little to prevent the sale of internet domain names that scams could use. Domains such as getcoronavaccines.com, freecoronavaccine.net, and bleachcoronaviruscure.com were available, despite the fact there is no current coronavirus vaccine available and that all three domains could have potentially dangerous applications. Since the pandemic began, there have been at least 114,219 new virus-themed domains registered, which had a fifty percent higher chance of being malicious than other kinds of domain names. The domains are a part of the larger trend of coronavirus scams, whether it be faulty masks or false cures that have propagated on social media and the internet. Legislators, such as Sen. Mazie Hirono (D-HI) believe that domain registrars should be more proactive in shutting down fake accounts. Domain registrars argue that there are too many domains registered for them to keep track and that people should have freedom of expression in domain creation. The larger question is whether private companies have the moral obligation or even legal obligation to proactively shut down potentially misleading and dangerous domain names.
3. Brazil's Data Protection Law, LGPD, is Imminent by Chris Brook
Brazil’s new data protection law, LGPD, will go into effect in the next couple of days, despite the assumption the law would be bumped to 2021 because of COVID-19. Assuming President Jair Bolsonaro signs the bill into law, it will be the first general data protection law on the books in Latin America. To attain compliance under the LGPD, companies need to identify a data protection officer, review any processing activities governed under the LGPD, prepare compliance documentation, and review contracts for compliance. As well, the LGPD grants residents of Brazil certain rights over how their data is collected. Although the law is rolling out now, the Congress has already voted to delay penalties and sanctions until next August. Still, the law's rollout will force organizations to consider how they handle and process personal data sooner than they expected.
4. Netwalker ransomware hits Pakistan's largest private power utility by Lawrence Abrams
A ransomware attack has hit K-Electric, the largest private power utility in Pakistan. K-Electric is the sole electricity provider for Karachi, the seventh largest city proper in the world. The attack has knocked out customers’ ability to access online services on their accounts. Currently, the attack is disrupting the company’s online billing services, but not its supply of power. The ransomware, Netwalker, is demanding $3.8 million dollars, which will increase to $7.7 million if the ransom is not paid within seven days. In the past year, Netwalker has also attacked the University of California San Francisco, Argentina’s immigration offices, and U.S. Government agencies. The attack highlights the increasing ambition of ransomware groups and presents worrying implications: imagine the damage if a group decided to cut off the power to the seventh largest city proper in the world.
5. Facebook may have to stop moving EU user data to US by Kelvin Chan
A recent court ruling stated that some transatlantic transfers don’t sufficiently protect users from the American government accessing that data. In the first major fallout from the case, Facebook may be forced to stop sending data about its European users to the U.S. Ireland’s Data Protection Commission has started an inquiry into how Facebook moves data and gave Facebook until mid-September to suspend transfers. Potentially, Facebook will have to revamp how it stores and transfers data for its European customers to be compliant with the new rules. The case in question that jump-started the new scrutiny of Facebook’s data practices began seven years ago when an Austrian privacy activist, Max Schrems, filed a complaint after Edward Snowden revealed that the NSA was eavesdropping on communications. The implications are massive, not just for Facebook, but all other tech companies that have operations in Europe. It may also complicate collaboration between companies based in Europe and those outside, especially if they have to transfer data between each other, such as a German tech startup working with a U.S. cloud-based provider.