Welcome to Cyber Security Today, the Week In Review edition for Friday January 15th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Here’s a look at some of the week’s headlines:
The cost to organizations for fixing the hack of SolarWinds’ Orion network management platform could be as much as $100 billion dollars. That’s the estimate one American expert put on the time and effort it will take companies around the world that use Orion to go through their IT systems to see if they’ve been victimized by data theft, and, if so, to purge any infections. On the other hand, a Canadian expert told me it could be as little as $1 billion. It depends on how many organizations are hit. One estimate is as few as 200. However, they include some important U.S. federal departments. A Canadian general says to his knowledge no government systems here were infected through Orion.
An Iranian-based hacking group has been blamed for an SMS text and email phishing campaign over the Christmas holidays. A group of cybersecurity researchers called Certfa says the targets were members of think tanks, political research centres, university professors, reporters and environmental activists in a number of countries including the U.S. To goal is to steal their login credentials. Tactics include sending text messages that appear to come from Google about account recovery, and an email with a link to a supposed gift book. As always think before clicking on links in messages. And protect your email login with two-factor authentication.
A common programming mistake may have allowed activists to copy almost the entire content of the controversial social media site Parler, an expert told me. Briefly, if someone legitimately logged into Parler they could have copied content from other subscribers’ accounts because web pages were sequentially numbered. It’s called an insecure indirect object reference. Make sure your web page developers don’t make the same mistake.
The DarkMarket criminal marketplace has been shut by the efforts of police and law enforcement agencies in seven countries. The Europol police co-operative said the site had more than 500,000 users buying and selling goods like malware, drugs, counterfeit credit card data and more.
An American court sentenced a hacker to 12 years in prison for his part in a gang that pulled in hundreds of millions of dollars in scams including stock manipulation.
And McAfee released its cybersecurity predictions for the year. Among them:
–the success of SolarWinds’ Orion hack will spark others to try the same tactic. By infecting trusted software patches attackers can by-pass regular cyber defences;
–attacks on cloud platforms like Microsoft Office365 and Amazon will become more automated, while other hackers will take a more targeted approach;
–and new mobile payment scams will be seen because people are buying more things with their smartphones.
It’s predictions for 2021 that I want to discuss today with guest analyst Terry Cutler of Cyology Labs. He started off by anticipating more attacks to organizations through their supply chains, such as partners and software. One recent example is the SolarWinds Orion hack. One outcome of that attack, he noted, is an attacker was able to look at Microsoft’s source code. “And that in itself was a danger because that means the cybercriminals now can create their code in ways that will circumvent Microsoft’s protection,” he said. As a result organizations and individuals will have to look at more advanced protection technology and not just your antivirus/antispyware.
Attacks on cloud platforms will also increase, Cutler said, thanks to the number of credentials captured in data breaches. Because many people use the same passwords for several accounts hackers will use them to get into corporate sites. Use of multifactor authentication to protect logins is vital, he said.
I noted that one of McAfee’s predictions was an increase in what they call receive based mobile payment exploits, where a user receives a phishing email or a direct email, a direct message, or a smishing message telling them that they can receive payment or transaction refund or a cash prize by clicking on a URL, which of course is malicious. Instead of receiving a payment the user gets conned into sending a payment from their account.
Terry also believes that this year organizations will spend more on identity and access management solutions.