Friday Five: FCC Cracks Down on Privacy, a Massive Phishing Campaign, & More
This past week, the FCC announced the launching of a data privacy task force, CISA issued a new directive and a separate LockBit advisory, and a massive phishing campaign was uncovered. Catch up on the latest in this week’s Friday Five!
NEW FCC PRIVACY TASK FORCE TAKES AIM AT DATA BREACHES, SIM-SWAPS BY TONYA RILEY
The Federal Communications Commission (FCC) is launching its first-ever privacy and data protection task force to address issues like SIM swapping and broader data privacy concerns. Chairwoman Jessica Rosenworcel announced the creation of the task force in response to data protection challenges faced by telecom customers, such as data sharing, geolocation data collection, and recurring data breaches. The task force, led by Loyaan Egal, the agency's enforcement chief, will focus on modernizing the FCC's data breach rule, preventing SIM swapping, and establishing authentication standards for transferring phone numbers. Rosenworcel expressed concerns about mobile carriers collecting and sharing private data and mentioned upcoming enforcement actions to address security risks posed by certain companies.
MASSIVE PHISHING CAMPAIGN USES 6,000 SITES TO IMPERSONATE 100 BRANDS BY BILL TOULAS
Since June 2022, a large-scale brand impersonation campaign has targeted more than a hundred popular apparel, footwear, and clothing brands, tricking users into sharing their account credentials and financial information on fake websites. The campaign involves over 3,000 domains and around 6,000 sites, with an increasing number of fake sites being added each month. The scam domains mimic well-known brands like Nike, Puma, and Clarks, often using similar website designs. These malicious domains have managed to evade detection and survive for an extended period, allowing them to be indexed by Google Search and appear prominently in search results, increasing their credibility and luring unsuspecting users to the phishing sites.
UKRAINE INFORMATION SHARING A MODEL FOR COUNTERING CHINA, TOP CYBER OFFICIAL SAYS BY CHRISTIAN VASQUEZ
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), highlighted the importance of intelligence sharing with critical infrastructure operators in response to the threat of Chinese hacking groups. Easterly praised the quick declassification of information about Russian cyber operations in Ukraine as a model for addressing the Chinese threat while protecting sensitive sources and methods. She emphasized the need for transparency and collaboration to reduce risk to the nation. CISA developed a "Ukraine tensions plan" during the invasion, conducted exercises with infrastructure owners, and launched the "Shields Up" campaign to improve cybersecurity. Easterly warned of China's disruptive cyber operations and stressed the need to build resilience against potential attacks on critical infrastructure.
CISA ORDER HIGHLIGHTS PERSISTENT RISK AT NETWORK EDGE BY BRIAN KREBS
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive ordering all federal agencies to take immediate action to restrict access to Internet-exposed networking equipment. This directive follows a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances. Under the order, federal agencies have 14 days to respond to reports from CISA regarding misconfigured or Internet-exposed networking equipment. The directive applies to devices like firewalls, routers, and load balancers that allow remote authentication or administration. The aim is to limit access to these devices only to authorized users on an agency's local or internal network. The order comes after incidents involving zero-day vulnerabilities in popular networking products used for ransomware and cyber espionage attacks.
LOCKBIT RANSOMWARE ADVISORY FROM CISA PROVIDES INTERESTING INSIGHTS BY PIETER ARNTZ
The US Cybersecurity and Infrastructure Security Agency (CISA) and several international cybersecurity authorities have jointly published a cybersecurity advisory about the LockBit ransomware threat. The advisory includes information about LockBit's tools, techniques, and procedures (TTPs), common vulnerabilities and exposures (CVEs) used for exploitation, and an overview of LockBit's evolution as a Ransomware-as-a-Service (RaaS) provider. It highlights LockBit's status as the most active global ransomware group and RaaS operator in terms of the number of victims claimed on its data leak site. The advisory also emphasizes the diverse attack vectors used by LockBit affiliates and the geographical distribution of their activities. The lists provided in the advisory are subject to change due to the large number and diversity of LockBit affiliates.