GlobalSign Blog

Cybersecurity News Round-Up: Week of October 25, 2021

Cybersecurity News Round-Up: Week of October 25, 2021

Welcome back to the GlobalSign blog. 

It’s always interesting to follow the cybersecurity market because something intriguing is always happening. 

For example, earlier this week it was revealed that the private key used to sign EU Digital Covid certificates has been leaked and was being circulated on messaging apps and online data breach marketplaces. Even more intriguing is how the perpetrators managed to create a valid CoronaCheck app code in the name of Adolf Hitler, Sponge Bob and Mickey Mouse. Fortunately, the private key used to verify Hitler’s pass was reportedly revoked as of Wednesday, but there were multiple reports of working certificates still being sold online. On Thursday, French & Polish authorities announced they had found no sign of cryptographic compromise in the leak of the private key. But experts say the leak is likely going to be a big issue as travelers increasingly require proof of vaccination. The ThreatPost article excerpt below has more details.

In other news, on Monday, Microsoft said Russia-backed Nobelium crime group – responsible for the 2020 SolarWinds breach – continue to attack the global technology supply chain. Microsoft says Nobelium is employing a new strategy to enable them to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers." Microsoft is hopeful it caught this early enough that cloud service resellers, technology providers, and their customers will take timely steps to help ensure Nobelium is not more successful.

On Tuesday, a massive cyber attack crippled gas stations across Iran on Tuesday. No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump. State television quoted an unnamed official in the country’s National Security Council acknowledging the cyber attack, hours after it aired images of long lines of cars waiting to fill up in Tehran.

Security firm Proofpoint uncovered a new, "highly active" threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, the firm said the threat actors, dubbed "Balikbayan Foxes" and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy sectors across the US, Europe, and Asia. This year the group sent phishing emails claiming to be from Philippine government entities including the country's department of health, employment agency, and customs.

Google, Salesforce, Okta, Slack and a number of other companies have teamed up to create a vendor-neutral cybersecurity baseline, the Minimum Viable Security Product (MVSP). The new baseline is a checklist for B2B software and business processes, enabling users to verify the security posture of a vendor's solution. The checklist contains “only those controls that must, at a minimum, be implemented to ensure a reasonable security posture.” According to HelpNetSecurity, mandated are things such as enabling customers to test the security of your application; performing annual penetration tests on your systems; complying with relevant industry security standards and local laws and regulations; implementing a specific password policy; using encryption to protect sensitive data and at rest; training developers to prevent specific vulnerabilities; publishing a list of third-party companies with access to customer data on your website; and more.

That is all for this week. Please stop by our blog next week for an overview of the latest cybersecurity news. Have a great weekend! 

Top Global Cybersecurity News 

ThreatPost (October 28, 2021) EU’s Green Pass Vaccination ID Private Key Leaked

"UPDATE: French & Polish authorities found no sign of cryptographic compromise in the leak of the private key used to sign the vaccine passports and to create fake passes for Mickey Mouse and Adolf Hitler, et al.

As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports.

Two days earlier, on Tuesday, several people reported that they’d found a QR code online that turned out to be a digital Covid certificate with the name 'Adolf Hitler' written on it, along with a date of birth listed as Jan. 1, 1900."

READ MORE 

Computing UK (October 28, 2021) Tech vendors create neutral 'security baseline' to simplify protection

"Google and Salesforce are among the tech firms that have teamed up to create a vendor-neutral security baseline, which should help raise the minimum bar for security while simplifying the vetting process. Called the Minimum Viable Security Product (MVSP), the new baseline takes the form of a checklist for B2B software and business processes, enabling users to verify the security posture of a vendor's solution.

The checklist is designed with simplicity in mind: it contains only those controls that must be implemented, at a minimum, to ensure a realistic security posture.

The main purpose of MSVP is to eliminate complexity, uncertainty and overhead during the procurement, request for proposal (RFP) and vendor security assessment process by establishing minimum acceptable security standards, said Google VP of security Royal Hansen."

READ MORE 

ZDNet (October 27, 2021) Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't

"Proofpoint has uncovered a new, 'highly active' threat group that is impersonating the Philippine government and businesses to spread Trojan malware. 

On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed 'Balikbayan Foxes' and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy sectors across the US, Europe, and Asia. 

Balikbayan Foxes has conducted campaigns over 2021 in which the group sent phishing emails claiming to be from Philippine government entities including the country's department of health, employment agency, and customs."

READ MORE 

Associated Press (October 26, 2021) Iran says cyberattack closes gas stations across country

"A cyberattack crippled gas stations across Iran on Tuesday, leaving angry motorists stranded in long lines. 

No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.

It bore similarities to another attack months earlier that seemed to directly challenge Iran’s Supreme Leader Ayatollah Ali Khamenei as the country’s economy buckles under American sanctions. Those economic problems worsen as the U.S. and Iran have yet to jointly re-enter Tehran’s tattered nuclear deal with world powers.

State television quoted an unnamed official in the country’s National Security Council acknowledging the cyberattack, hours after it aired images of long lines of cars waiting to fill up in Tehran. "

READ MORE 

U.S. News (October 25, 2021) Microsoft: Russian-Backed Hackers Targeting Cloud Services

"Microsoft said Monday the same Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global technology supply chain and have been relentlessly targeting cloud service companies and others since summer.

The group, which Microsoft calls Nobelium, has employed a new strategy to piggyback on the direct access that cloud service resellers have to their customers' IT systems, hoping to 'more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.' Resellers act as intermediaries between giant cloud companies and their ultimate customers, managing and customizing accounts.

'Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,' Tom Burt, a Microsoft vice president, said in a blog post."

READ MORE 

Other Industry News 

German investigators identify REvil ransomware gang core member – Bleeping Computer 

US Deputy Attorney General requests assistance from companies in the fight against cybercrime - Lexology 

Cyber-attack hits UK internet phone providers - BBC News 

US Citizens Sue Company That Processes Billions of Texts For Exposing Data - Vice

Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members - HealthITSecurity

North Korea's Lazarus Group Turns to Supply Chain Attacks - Dark Reading 

The Tokyo 2020 Olympics saw how many attempted cyber attacks? - GovTech

As fewer victims pay ransoms, Conti gang looks to sell victim data – SC Magazine 

Welcome to the New Field of Software Supply Chain Management - DevOps.com 

Mitigating Supply Chain Cyber Risk - Lexology 

Blog CTA_blog newsletter signup.jpg

Share this Post