Hello and thanks again for stopping by the GlobalSign blog!
This week marked a new phase for TLS certificates, which now only have a lifespan of 398 days. The lifecycles have been reduced as some in the technology industry, especially Apple, Google and Mozilla, believe that this will improve security. Not everyone agrees that this will truly make a difference. Time will tell.
On Tuesday the Norwegian Parliament announced that it is the victim of a cyber attack. Hackers breached email accounts for elected representatives and employees alike, from where they stole various amounts of information.
Also this week, Wall Street giant Morgan Stanley learned that a $5 million lawsuit seeking class action status has been filed against the company. The lawsuit claims the organization failed to properly safeguard personally identifiable information when the company discarded old computer equipment. The equipment was likely tied to two separate incidents in 2016 and 2019 when Morgan Stanley decommissioned several pieces of computer equipment without properly scrubbing the personal data.
Finally, a new report on phishing from GreatHorn shows the frequency of phishing threats has risen considerably since the pandemic began, and that companies experience an average of 1,185 attacks every single month! Further, 38% of the report participants stated that a coworker fell victim to an attack within the last year. As a result, 15% of organizations are now spending anywhere from one to four days remediating malicious attacks during what is already a precarious and strenuous time for many.
That’s the week’s re-cap. You can read all of the top global security stories and other industry news below. Wishing everyone a great weekend!
Top Global Security Stories
CBR (September 3, 2020) TLS Certificates Cut to One Year From This Month: What You Need to Know
As of the first of September companies cannot buy a TLS certificate that lasts for longer than 398 days in a move designed to protect users from compromised certificates.
The certificates were initially designed to last for five years, which was subsequently reduced to two. The latest change was announced by Apple in March.
'Keys valid for longer than one year have greater exposure to compromise' explained a spokesperson for Mozilla in a blog post. 'A compromised key could enable an attacker to intercept secure communications or impersonate a website till the TLS certificate expires.'"
HelpNet Security (September 2, 2020) Organizations facing surge in phishing attacks since the start of the pandemic
"The frequency of phishing threats has risen considerably since the pandemic started, with companies experiencing an average of 1,185 attacks every month, according to a survey from GreatHorn.
Additionally, 38% reported that a coworker fell victim to an attack within the last year. As a result, 15% of organizations are now left spending anywhere from one to four days remediating malicious attacks during what is already a precarious and strenuous time for many.
The report asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the pandemic."
ZDNet (September 1, 2020) Norwegian Parliament discloses cyber-attack on internal email system
"The Norwegian Parliament (Stortinget) said on Tuesday that it fell victim to a cyber-attack that targeted its internal email system.
In a press release today, Stortinget director Marianne Andreassen said that hackers breached email accounts for elected representatives and employees alike, from where they stole various amounts of information.
Andreassen said the incident is currently under investigation, and, as a result, couldn't provide any insight into who was behind the attack, or the number of hacked accounts."
Data Breach Today (September 1, 2020) Morgan Stanley Hit With $5 Million Data Breach Suit
"A $5 million lawsuit seeking class action status has been filed against Morgan Stanley, claiming the financial organization failed to properly safeguard personally identifiable information when the company discarded old computer equipment.
The suit is being brought by Morgan Stanley customer Timothy Smith in the U.S. District Court for the Southern District of New York on behalf of about 100 other customers affected by the data breach. The case is tied to incidents in 2016 and 2019 when the firm decommissioned several pieces of computer equipment without properly scrubbing the personal data.
Morgan Stanley confirmed these incidents in data breach notification letters sent to the California attorney general and other states' attorneys general. The letter notes the data exposed may have included account names and numbers (at Morgan Stanley and any linked bank accounts), Social Security number, passport number, contact information, date of birth, asset value and holdings data. It says it offered victims two years of prepaid credit monitoring services."
Dark Reading (September 1, 2020) New Threat Activity by Lazarus Group Spells Trouble for Orgs
"A US government warning last week about new attacks targeting banks in multiple countries has focused attention on what has been a particularly busy year for the Lazarus advanced persistent threat (APT) group.
Over the past several months, the group has ramped up efforts to raise money for its sponsor, the cash-strapped North Korean government, via numerous campaigns targeting organizations in the cryptocurrency space and financial sector. Lately, security researchers have also observed the group launch ransomware attacks on enterprise organizations via virtual hard disk (VHD) files — a somewhat rare tactic so far. The recent campaigns have involved new tools and tactics, including a multiplatform malware framework called MATA for launching attacks against Windows, Linux, and MacOS environments."
CRN (August 31, 2020) Ma Labs Ransomware Attack Shakes Up Components Industry
"A reported REvil ransomware attack earlier this month against Ma Labs has left its mark on customers and competitors of the components distributor.
The operators of REvil ransomware claim to have gotten a hold of 949 gigabytes of confidential information from the central servers of Ma Labs in five days, according to threat intelligence firm Cyble, citing a message posted earlier this month to REvil’s leak site. REvil said the attack affected more than 1,000 Ma Labs servers, and claims the distributor didn’t tell the public about the attack.
An executive at a system builder company that buys components from Ma Labs learned about the ransomware from a CRN reporter Friday. Up until then, he said, he had been wondering what was happening with the distributor after his accounting team stopped receiving emails from Ma Labs employees a week ago."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.