Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Ethical Hacking
Ethical hacking should be a part of every company’s cybersecurity program. We all do our best to secure our networks and data, but having a trusted independent expert attempt to breach those defenses in a controlled fashion can help identify unknown vulnerabilities – before the bad guys do.
Researchers discover “alarming exposures” in cybersecurity at Las Vegas casinos
Researchers at Sposify have reportedly discovered a variety of security vulnerabilities at several Las Vegas area casinos. Among the findings were significant weaknesses in casino network perimeter defenses; unsecured diagnostic information that “leaked information about the casino’s backend architecture and other highly sensitive data points;” and serious lingering Exchange Server vulnerabilities.
The study was conducted in response to a warning from Nevada Gaming Control Board Chairman J. Brin Gibson in July, who called for casinos to prioritize cybersecurity in the wake of the Kaseya third-party cybersecurity incident and a series of June attacks on Oklahoma casinos.
The announcement was timed to coincide with this year’s annual BlackHat and DEF CON conferences in Las Vegas, which saw attendance down about 75% from pre-COVID gatherings.
Apple announces new child safety features
On August 5, Apple announced a sweeping new set of child safety features planned for its iOS and MacOS platforms. The changes will scan device interactions and content for indications of Child Sexual Abuse Material (CSAM) content, restricting functionality in some cases and reporting illegal content in others. Three key feature areas were announced:
+ machine learning is being added to the Messages app to help warn users and guardians about sensitive content;
+ changes to Siri and Search will offer help in unsafe situations, and intervene when CSAM is involved; and
+ changes to OS and iPad OS will introduce “private set intersection” that will match image patterns against a database of CSAM materials, and “threshold secret sharing” to be set to a high confidence level to avoid false positives
While the goal of the changes is laudable, the image checking features have raised significant privacy concerns. Aside from appearing to contradict Apple’s longstanding privacy credo of “what happens on your iPhone, stays on your iPhone,” civil liberty organizations and others fear that the so-called “NeuralHash” technology could be adapted or abused to track other activities.
An open letter published in response to Apple’s plans calls for an immediate halt to the deployment of the proposed content monitoring technology, and for Apple to issue a “statement reaffirming their commitment to end-to-end encryption and to user privacy”. WhatsApp head Will Cathcart entered the debate as well, tweeting: “This is an Apple built and operated surveillance system that could very easily be used to scan private content for anything they or a government decides it wants to control,” among a series of posts in response.
IBM releases Cost of a Data Breach 2021 Report
BM has released their 17th annual Cost of a Data Breach report for 2021. Considered one of the leading industry benchmark reports on cybersecurity, this year’s edition was based on the analysis of 537 reported breaches between May 2020 and March 2021, and provides a wealth of insights into breach costs, security trends, and successful risk mitigation strategies.
Among this year’s report’s key findings:
+ 2021 had the highest average cost in the history of the report
+ costs were higher among incidents in which remote work was a factor in causing the breach
+ companies with over 50% remote work adoption took 10% longer than average to identify and contain a breach
+ compromised credentials were the initial attack vector in one out of five breaches analyzed
The report was posted for free download on July 28. Previous editions of the report are still available on the website as well.
Researchers release report on Prometheus TDS malware distribution system
On August 5, researchers at Group-IB released a detailed technical report outlining the activities of Prometheus TDS, an underground service used for the distribution of a host of malware families including BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader.
The user-friendly malware distribution service offers an administrative panel that allows attackers to configure various parameters for their attack campaigns, including types of malware, geographical targets, and preferred browsers and operating systems – all for as low as $250 U.S.
Over 3,000 victims have been identified so far in Europe and the U.S., covering a wide range of industries including the financial, insurance, healthcare, energy, retail, and IT sectors. According to the report, data about “targets of attacks with the use of Prometheus TDS and companies affected as their result has been handed over to the US, German and Belgian CERTs” by the research team.
The report also provides a number of examples of threat patterns seen in use – most importantly, it provides an extensive library of IOCs (indicators of compromise) that can be used to help identify and mitigate potential attack.