Hello and welcome to GlobalSign’s weekly cybersecurity news round-up!
There were lots of very interesting stories this week, including:
- The ongoing fight between technology companies, privacy and civil rights groups, law enforcement, and the US government over encryption
- The one-year certificate lifespan mandated by the Apple, Google and other browsers
- Files stolen from 945 websites and discovered on the Dark Web
- A DDoS attack against a large European bank
- A Russian ransomware group that has been identifying employees working from home during the pandemic and attempting to get inside their networks with malware
- A major public broadcaster in France targeted in a cyber attack
…and much more.
As always you can get the details in our blog below. Hope you are enjoying reading it every week! We’d love to hear from you, so please reach out to us on Twitter or LinkedIn.
Top Global Security Stories
Portswigger blog (June 29, 2020) ‘Groundhog Day’ – Security experts decry latest US attempt to kill end-to-end encryption
"2020 has been quite the year so far, with many of us adapting to a new way of living and working due to Covid-19.
In the technology realm, however, 2020 has become 'Groundhog Day', experts say, because of the ongoing fight between technology companies, privacy and civil rights groups, law enforcement, and the US government over encryption.
The bone of contention is end-to-end encryption, a communication approach where the keys needed to decrypt conversations are held on individual devices rather than by service providers or device manufactures.
Law enforcement and governments worldwide want to be able to access messages sent from consumer devices during criminal investigations – a prospect made difficult due to modern authentication checks and encryption-based security."
Dark Reading (June 29, 2020) Files Stolen from 945 Websites Discovered on Dark Web
"A team of security researchers has discovered a collection of SQL databases for sale on the Dark Web. The archived files were stolen from 945 websites around the world, Lucy Security reports.
All of these websites were breached by different attackers, according to the researchers, who found two databases containing approximately 150 GB of unpacked SQL files. One of these databases was released on June 1, 2020 and the other on June 10. The information within them, now publicly available, includes usernames, full names, phone numbers, hashed and non-hashed passwords, IP addresses, email addresses, and physical addresses. Up to 14 million people may be affected.
Affected websites include 14 governmental sites belonging to Ukraine, Israel, United Kingdom, Belarus, Russia, Lebanon, Rwanda, Pakistan, and Kyrgyzstan. The SQL files taken from these websites are dated between 2017 and 2020."
ZDNet (June 28, 2020) Apple strong-arms entire CA industry into one-year certificate lifespans
"A decision that Apple unilaterally took in February 2020 has reverberated across the browser landscape and has effectively strong-armed the Certificate Authority industry into bitterly accepting a new default lifespan of 398 days for TLS certificates.
Following Apple's initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers.
Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days."
SC Mag UK (June 26, 2020) Biggest-ever packets-per-second DDoS attack hits large European bank
"A large European bank suffered a huge DDoS attack earlier this week, according to a new report by Akamai. The attack was massive and quick. Akamai said that the attack on a bank earlier this week was the largest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. The attack generated 809 million packets per second (Mpps). The targeted bank has not been revealed.
In a report, Akamai claimed this was a new industry record for pps focused attacks, and well over double the size of a previous attack it had mitigated.
What made attack unique, according to Akamai, was the massive increase in the amount of source IP addresses observed."
New York Times (June 25, 2020) Russian Criminal Group Finds New Target: Americans Working at Home
"A Russian ransomware group whose leaders were indicted by the Justice Department in December is retaliating against the U.S. government, many of America’s largest companies and a major news organization, identifying employees working from home during the pandemic and attempting to get inside their networks with malware intended to cripple their operations.
Sophisticated new attacks by the hacking group — which the Treasury Department claims has at times worked for Russian intelligence — were identified in recent days by Symantec Corporation, a division of Broadcom, one of the many firms that monitors corporate and government networks.
In an urgent warning issued Thursday night, the company reported that Russian hackers had exploited the sudden change in American work habits to inject code into corporate networks with a speed and breadth not previously witnessed."
Other Industry News
InFraud Cybercrime Gang Member Pleads Guilty to Charges
IoT Botnet Developer Gets 13-Month Sentence
This is how EKANS ransomware is targeting industrial control systems
University of California pays 1 million ransom following cyber attack
Eight cities using click2Gov targeted in Magecart skimming attacks
France Télévisions hit by cyber attack
Calls for Reform grow louder as UK Computer Misuse Act turns 30
Even during Pandemic healthcare organizations successfully fending off attacks
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.