Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Multi-factor authentication
Two-factor authentication (2FA) is a security process in which users provide a two distinct pieces of information to confirm their identity. 2FA is an example of multi-factor authentication (MFA), the general term for providing several types of identification or credentials.
Many of us have two-factor (or more) authentication in place to access our workplace environments. But have you considered securing your own personal web services too? For example, Google provides straightforward instructions that let you easily set up 2FA on your Google account (including Gmail!). Technology website The Verge provides 2FA security instructions for over a dozen other popular home services too.
Joint statement released after 30-country cybersecurity summit
On October 13-14, the United States convened a virtual, 30-country meeting aimed at coordinating international efforts to fight ransomware and other cyber crime.
The two-day summit consisted of six sessions, which included the misuse of virtual currencies for money laundering, tactics for disrupting criminal activities and prosecuting cyber criminals, using diplomacy to fight ransomware, and strategies to help each state improve its national cybersecurity posture and resilience.
Though the United States organized the event, the White House emphasized that the event was truly intending to be an international forum, as opposed to an American-driven initiative. For example, the U.K. led the discussion on the abuse of cryptocurrencies, Australia moderated the disruption and law enforcement panel, Germany led the diplomacy session, while India led the discussion on cyber resilience.
The countries involved in the two-day summit included Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, the E.U., France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, and the United States. Notably absent from the guest list were China and Russia, nations widely alleged to orchestrate state-sponsored cyber crime.
On October 15 – the day after the conference – representatives from the 30 attendees issued a joint statement recommending a focus on four key areas:
+ cyber resilience and defenses
+ countering illicit finance
+ collaboration in an effort to disrupt criminal activity
+ diplomacy to encourage all nations to discourage cyber crime operations
“Fastest Cache” plug-in vulnerabilities put thousands of WordPress-based websites at risk
Vulnerabilities in a popular WordPress plugin called “WP Fastest Cache” could allow an attacker to gain access to privileged credentials and take over an administrative account.
The first flaw, an SQL injection vulnerability, could grant attackers access to privileged information like userids and hashed passwords from the management database of a compromised website database. A second, more potentially serious, bug involves a cross-site scripting flaw that could allow an attacker to perform the same site management actions as a victimized user.
WP Fastest Cache is designed to improve the performance of WordPress websites by creating and storing static copies of pages to optimize page load times. The Fastest Cache website indicates that the extension has been downloaded over a million times, though fewer than 60,000 premium licenses have been issued. Regardless, both the free and paid versions of the application are affected: users of the extension are encouraged to check the version of the application to ensure that it is 0.9.5 or later to defend against these vulnerabilities.
U.S. Treasury Department report shows dramatic jump in ransomware payments
In a report issued by the United States Treasury Department on October 15, it was revealed that American financial institutions had reported $590 million (all figures USD) in suspected ransomware-related payments to cybercriminals in the first half of 2021 – more than the record $416 million that was reported in all of 2020. The report is based on “Suspicious Activity Reports” (SARs) that American financial institutions must file within 30 days of identifying potential cases of fraud or money laundering.
“If current trends continue, SARs filed in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined,” according to the report, which also highlighted the continuing trend of Bitcoin being the cryptocurrency of choice for ransom demands.
Microsoft report: U.S., Israeli defense firms attacked by Iranian hackers
An October 11 blog post from Microsoft reports that nearly 250 organizations – including American and Israeli defense technology companies – have been targeted by threat actors in a spying campaign that commenced in late July 2021. The hackers, believed to be Iran-based, have successfully breached nearly 20 of the firms. “Given Iran’s past cyber and military attacks against shipping and maritime targets, Microsoft believes this activity increases the risk to companies in these sectors,” warns the report.
Microsoft has notified all of the customers that have been targeted or compromised.