Friday Five 12/10
Five things CIOs want from their CEOs, Google and Microsoft crack down on hackers, and how to prepare for forthcoming privacy laws - catch up on the infosec news of the week with the Friday Five!
1. Google disrupted a massive botnet that hackers used to steal information and mine cryptocurrency by Gerrit De Vynck
The first of two big hacker crackdowns this week from big tech: Google announced this week it managed to takedown servers associated with the Glupteba botnet. Glupteba infected one million Windows machines, according to Google; it made money through cryptocurrency mining, the proxying of malicious traffic and stealing user cookies and credentials. The company also launched litigation against two Russian-based actors, Dmitry Starovikov and Alexander Filippov, it believes are behind the botnet. If you want to read the complaint - apparently the first ever against a blockchain enabled botnet – you can find it here.
2. Microsoft seizes control of websites used by China-backed hackers by Carly Page
One of the biggest news stories of the week, along with Google's disruption, came on Monday when another tech giant, Microsoft, said it seized websites being used by a China-based hacking group, Nickel, aka APT 15, to carry out attacks against companies in 29 countries. According to Microsoft, the group has been performing attacks since 2016 using malware that helps them carry out intrusion, surveillance, and data theft. The takedown was spearheaded by the company's Digital Crimes Unit, thanks to an order granted by a federal court in Virginia which allowed them to take over the websites and redirect traffic to their servers. While the group will almost certainly continue to operate, the action should slow it down in the near term.
3. 5 things CIOs want from their CEOs by Georgina Gonzalez
Quick countdown from Becker's Health IT here that digs into five things that chief information officers want from their CEOs. The bullet points are derived from a fairly new McKinsey report, released December 1, on how CEOs (and boards) can help transform IT. Understanding the role technology plays in relation to the big picture can be a steep learning curve for some CEOs, so the advice is merited. That's also why a number of the points made involve helping the CEO understand - tech limitations, the value of tech, and so on. It's through discussions like this that productivity blossoms, the report suggests.
4. Your Face Is, or Will Be, Your Boarding Pass by Elaine Glusac
Here’s a story from the New York Times that may pique the interest of privacy-minded folk. It's about the rise in biometric or identity-based systems in use at airports across the United States - you likely haven’t flown, or if you have, not as frequently. This piece gets into how the pandemic may be changing the public consensus on the technology. The biggest sign the tides may be changing come from a recent survey: “In its recently released 2021 passenger survey, the International Air Transport Association found that 73 percent of passengers are willing to share their biometric data to improve airport processes, up from 46 percent in 2019.” While there will always be privacy concerns, it's worth noting that much of the technology and programs mentioned here are opt in.
5. Q&A: A Data Privacy Lawyer Explains How to Prepare for Forthcoming Privacy Laws by Amelia Pang
A straight forward primer here on how those in charge of compliance at universities and colleges can prepare for and meet existing and forthcoming privacy laws. In it, Ed Tech's Amelia Pang discusses data privacy best practices with Deborah Howitt, a partner at the law firm Dorsey & Whitney. The two discuss why it's important to understand where your organization's data resides and to ensure there's an incident response plan in place just in case the business is impacted by a data breach. To handle any curve balls that constantly changing data privacy laws can throw, Howitt recommends making headway with the work organizations have (hopefully) already done to comply with laws on the books, like the GDPR, the California Consumer Privacy Act and the recently enacted Virginia Consumer Data Protection Act and Colorado Privacy Act.