Hello and welcome to GlobalSign's weekly cybersecurity news wrap-up.
We begin with a White House announcement late Wednesday regarding post-quantum computing. The White House issued a security memo, along with a plan to promote U.S. leadership in quantum computing, which provide direction to agencies regarding actions to take during what is being described as an intensive, multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography. The government stated that quantum computers will "at some point in the not-too-distant future" reach such a high level of sophistication, "they will be capable of breaking much of the cryptography that currently secures our digital communications on the Internet."
Meantime, phishing attacks continue to be big business. In the UK, attackers have been going after employees of the National Health System with the aim of stealing their Microsoft email login details. That according to researchers at email security firm INKY, who say more than a thousand phishing messages were sent from NHS employee email accounts.
Then, the U.S. the Department of Defense (DoD) this week announced it has convicted a California resident for a phishing scam that bilked the government of nearly $24 million. Sercan Oyuntur was convicted for managing to divert $23.5 million from the DoD to his personal bank account. The fraud occurred in 2018.
There's been another attack on an energy provider, this time at Alabama-based Riviera Utilities. The attack resulted in a data breach exposing the personal details of customers after employee email accounts were accessed. A company statement confirmed that an unknown actor had gained access to internal data. Among the exposed data were the personal information of a “limited number of individuals”, such as names, Social Security numbers, driver’s license or state identification numbers, passport numbers, medical information, health insurance information, credit or debit card numbers, card expiration dates, and card CVVs.
In addition to the energy sector, higher education is another vertical experiencing increased activity. A story in Tech Target's SearchSecurity (see below) reports that March and April were tough months for some U.S. colleges and that the attacks may have been carried out by Russian cyber gangs. Early in the month, the BlackCat or ALPHV group claimed two ransomware attacks, one on April 6 and the other on April 8. The April 6th claim stated that BlackCat was responsible for a March cyber attack on A&T State University in Greensboro, N.C., disrupting systems at the university. The SearchSecurity story includes details of other attacks which took place last month, including one at Florida International University in Miami.
Nozomi Networks this week disclosed a potentially serious vulnerability affecting a C standard library used by several major companies. The impacted companies and products include Linksys and Netgear for their wireless routers, and Axis for its network cameras. The security hole, tracked as CVE-2022-05-02, can be exploited for DNS poisoning attacks against affected devices.
Finally, while not everyone is happy that Elon Musk is about to acquire Twitter, security buffs will likely be pleased that the billionaire wants to upgrade Twitter direct message security by adding end-to-end encryption. Currently, Twitter direct messages are readable by Twitter before they reach their recipient. According to the Brookings Institution, privacy activists have been calling for end-to-end encryption for DM's but the complexity of the task has stymied the effort. Now that Musk is about to take over Twitter, it seems likely this will come to fruition.
That's all the news for this week. Please stick around to check out all not only the top stories, but other articles we think you'll appreciate. Have a great weekend!
Top Global Security News
Security Week (May 5, 2022) US Gov Issues Security Memo on Quantum Computing Risks
The U.S. government is barreling ahead with plans to mitigate future threats from quantum computing with a new White House memo directing federal agencies to jumpstart an all-hands-on-deck approach to migrating to quantum-resistant technologies.
The security memo, released alongside a plan to promote U.S. leadership in quantum computing, directs specific actions for agencies to take during what is being described as a laborious, multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography.
"Research shows that at some point in the not-too-distant future, when quantum computers reach a sufficient size and level of sophistication, they will be capable of breaking much of the cryptography that currently secures our digital communications on the Internet," the government warned.
Bleeping Computer (May 4, 2022) Attackers hijack UK NHS email accounts to steal Microsoft logins
For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins.
More than a thousand phishing messages have been sent from NHS email accounts belonging to employees in England and Scotland, according to researchers from email security INKY.
Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.
Portswigger (May 3, 2022) Data breach at US energy supplier Riviera Utilities exposes customer information
A data breach at Riviera Utilities, a utility company serving Baldwin County in Alabama, has exposed the personal details of customers after employee email accounts were accessed.
In a statement released last night (May 2), the company confirmed that an unknown actor had gained access to internal data. Exposed details include the personal information of a “limited number of individuals”, such as names, Social Security numbers, driver’s license or state identification numbers, passport numbers, medical information, health insurance information, credit or debit card numbers, card expiration dates, and card CVVs.
SearchSecurity (May 3, 2022) April ransomware attacks slam US universities
Ransomware attacks in April began with a burst from one of the most notorious cybercrime gangs and closed with a relative newcomer claiming an attack on one of the world's largest beverage companies.
While it appears the number of ransomware attacks against targets in the United States has declined since Russian's invasion of Ukraine, there were still several attacks reported and disclosed in April.
While no ransomware attacks against critical infrastructure were publicly reported or disclosed in April, there were still examples of suspected Russian ransomware gangs hitting the U.S., including several high-profile attacks against universities and colleges. Early in the month, the BlackCat or ALPHV group claimed two ransomware attacks, one on April 6 and the other on April 8. The claim made on the April 6 stated that BlackCat was responsible for a March cyber attack that hit North Carolina A&T State University in Greensboro, N.C. The attack disrupted systems at the university, and the group also claimed to have stolen personal information from both employees and students.
Security Week (May 3, 2022) Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library
Nozomi Networks, a firm specialized in securing operational technology (OT) and IoT systems, has disclosed a potentially serious vulnerability affecting a C standard library used by several major companies. The affected library is uClibc, which is designed for developing embedded Linux systems.
According to the official uClibc website, the library is used by Linksys and Netgear for their wireless routers, and by Axis for its network cameras. uClibc-ng, a fork for the OpenWRT router operating system, is also impacted by the vulnerability.
The security hole, tracked as CVE-2022-05-02, can be exploited for DNS poisoning attacks against affected devices.
Bleeping Computer (May 2, 2022) U.S. DoD tricked into paying $23.5 million to phishing actor
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). The fraudster managed to divert to his personal bank account DoD funds destined for a jet fuel supplier.
After an eight-day trial in Camden, California, Oyuntur was found guilty of conspiracy to commit wire, mail, and bank fraud, unauthorized device access, aggravated identity theft, and making false statements to federal law enforcement officers.
According to the criminal complaint against Oyuntur in 2019, the damage from the phishing fraud occurred in September 2018.
Bit Defender (April 29, 2022) Elon Musk says Twitter DMs should be end-to-end encrypted
Elon Musk says Twitter DMs should be end-to-end encrypted. Elon Musk's takeover of the company might bring a swathe of changes to Twitter, including the introduction of end-to-end encryption for direct messages (DMs).
Musk, in customary fashion, tweeted his opinion to his many millions of followers.
Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages. Whereas messaging apps such as WhatsApp, Signal, and iMessage allow their users to send private messages to each other, Twitter DMs are readable by Twitter before they reach their recipient.
Twitter doesn't make any secret of this processing, saying that it scans DMs for prohibited content (such as spam), and can even have its workers manually review DMs when investigating if the service is being abused, or to handle requests from law enforcement and governments.
Other Thought Provoking Articles