Krebs: Enterprises Should Master Basic Cybersecurity Techniques in the Wake of the SolarWinds Hack and Other Top Infosec News for 1/21/21
Microsoft shares more details on SolarWinds, Chinese group has been attacking airlines, ShinyHunters release nearly 2M user records, Chrome 88 will check for weak passwords, and more
Did you know that bulk subscriptions to Metacurity are available at 50% of the price of individual subscriptions? Please contact us if you want everyone in your organization to access our daily newsletter, archives, and special content. Email firstname.lastname@example.org or click below. Thank you!
The former government executive who for four years led the nation’s cybersecurity efforts wants corporate America to know that a reckoning is at hand when it comes to the nuts and bolts of cybersecurity in the wake of the SolarWinds hack. Chris Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), jumped to the private sector after Donald Trump unceremoniously ousted him from his perch because Krebs defended the integrity of the 2020 presidential election.
Speaking at the SANS Institute’s Cyber Threat Intelligence Summit this morning, Krebs, who is now working with SolarWinds on their response to the hack of the company’s management software, said, “We really need to get organizations to think about where they fit in the broader ecosystem,” to ward off the kinds of devastating effects the supply chain breach wrought.
Companies need to figure out “why might someone come after you? Is there a function that you are so just directly relevant to? How do you account for that? How do you prepare for that? And how do you put your leadership team in a position to be successful?”
The central task is to implement the traditional cybersecurity techniques, such as solid endpoint detection response capability, otherwise “you’re blind in a lot of spots,” which is where the U.S. government stands right now, according to Krebs.
“You need to have a really detailed and in-depth understanding of what your third-party dependencies are, what you’re third party risks are, who has access to your networks, who can come in with maintenance access. Those are the things we really need to have a reckoning with in terms of contracts we have cut over the last several years. We have to get better.”
On a separate but related note, Krebs might become even more of a cybersecurity rockstar if a Wall Street Journal report holds. The Journal reports that talent agency UTA has signed Krebs to develop his experience in the Trump administration into a TV series.
Security experts from the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), and Microsoft Cyber Defense Operations Center (CDOC) shared details on how the SolarWinds hackers were able to remain undetected inside compromised systems.
In particular, they shared new details regarding the Solorigate second-stage activation, the steps, and tools used to deploy custom Cobalt Strike loaders (Teardrop, Raindrop, and others) after dropping the Solorigate (Sunburst) DLL backdoor, which the attackers hid using a variety of tactics, operational security, and anti-forensic behavior. (Sergiu Gatlan / Bleeping Computer)
A suspected Chinese hacking group called Chimera has been attacking the airline industry for the past few years to obtain passenger data and track the movement of persons of interest, as outlined in a new report by the NCC Group.
Earlier attacks targeted the semiconductor industry, and in some cases, the hackers stayed hidden in compromised networks for three years. (Catalin Cimpanu / ZDNet)
Notorious hacking group ShinyHunters released 1.9 million stolen user records from free online photo editing service Pixlr as part of a release of hacked data from various sites.
The data, published on a well-known hacking forum, included user login names, email addresses, hashed passwords, country of origin, and other details. (Duncan Riley / Silicon Angle)
In Chrome 88, which has been released in a stable version, Google has added a feature that will make it easier to check if users’ stored passwords are weak and easy to guess, exposing users to brute force attacks or password cracking attempts.
After finding weak passwords, Chrome will let users change them using stronger ones generated on the spot and stored for later use. (Sergiu Gatlan / Bleeping Computer)
Interpol has warned via a “Purple Notice” to its 194 members that threat actors target victims via dating apps such as Tinder, Harmony, or Bumble to push an investment-based scam that defrauds the would-be romance partners of cash.
The schemes are made to look legitimate, and victims are often promised they can reach a “Gold” or “VIP” status under the scam artist’s tutelage. (Charlie Osborne / ZDNet)