Byte Sized News has gone to video! Check out the first episode in video form below. Don’t worry though, you can still read the transcript below if you prefer to get your news in text-form.
As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.
The first story of the week is one that comes from our friends at Threatpost.
This story details a warning from the Cybersecurity and Infrastructure Security agenda, or CISA for short, about a new Emotet attack that is targeting state and local governments. Emotet malware attacks, for those who don’t know, are sophisticated trojans which commonly are attached in targeted phishing email campaigns. These trojans, once clicked, launch a payload that uses the tactic of brute force to obtain user credentials and do damage.
There has been a massive uptick in these Emotet attacks since July of this year, which is what led to a mass warning by CISA. “This increase has rendered Emotet one of the most prevalent ongoing threats,” the CISA alert, issued Tuesday, read. The article goes on to describe the strain of this situation, saying that these attacks only compound a time where municipalities must juggle a global pandemic, widespread social unrest, and one of the more divisive elections in United States history.
Since July, CISA’s executive branch security protection tool, the EINSTEIN Intrusion Detection System, has found more than 16,000 instances of Emotet activity. “Emotet is one of the reasons why you should never click on links in emails you don’t recognize,” Bryan Becker, product manager at WhiteHat Security, told Threatpost.
Our next story comes to us from Cyberscoop!
The Cyberscoop article details a statement from the US government, who says it has seized 92 internet domains used to “spread pro-Iranian disinformation around the globe”, including four that directly targeted US audiences. The group, which is named Iran’s Islamic Revolutionary Guard Corps, operated in domains that violated US sanctions, the Justice Department announced on Wednesday.
The department went on to state that the operation was based on intelligence provided by Google, and was a collaborative effort between the FBI and Google, Facebook, and Twitter. The remaining 88 domains targeted West Europe, the Middle East, and South East Asia. All of the domains disguised themselves as a genuine source for news.
The US seized control of all 92 of these domains because the government of Iran and the IRGC ran them through website and domain sevices in the United States without a license from OFAC.
Our third article from the week comes from CSO Online, and focuses on a group called “Silent Fade”
Silent Fade is a scammer group that specifically targets obtaining credentials to Facebook Ad accounts. The group then flips those accounts to other bad actors. This group, which was previously mitigated by the team at Facebook, has resurfaced with improved malware for attacks. The group has been very successful to this point, walking away undetected with over $4 million filling their pockets.
Two employees from the Facebook team offered more details about this scheme at the VB 2020 conference last week. The Facebook insiders call the group behind it SilentFade and discovered that it came from a Chinese malware ecosystem that used different types of malware in its cybercrime sprees. Facebook discovered this malware family back in 2018, but has its origins traced back to 2016. The name Silent Fade comes from the phrase “Silently Running Facebook Ads with Exploits”
Our second-to-last article from the week, which comes from Threatpost, discusses Comcast, the TV provider we all love to hate.
In an article also published by Threatpost, it was revealed that there is a hack In the Xfinity TV remotes that allows bad actors to snoop on its victims. Researchers have disclosed the attack codenamed “WarezTheRemote,” which works with the popular Comcast XR11 remote control. These remotes have a handy feature that allows you to search their platform with your voice.
However, the feature has been compromised, allowing attackers to listen in on your conversations without interacting with the remote. The attack is also very easy to carry out, requiring only a RF transceiver and antenna, and is able to be carried out from up to 65 feet away.
Thankfully, researchers have worked fast in conjunction with Comcast, and have found and remediated the issue that caused this flaw. However, this article is a reminder of the mass vulnerability of IoT devices in regard to our privacy and safety.
Our last article from the week comes from InfoSecurity Magazine and talks about the importance of the cybersecurity industry as a whole.
The article details data from the World Economic Forum, or WEF for short. This data states that while Cyber-attacks may have dropped in the prioritization pecking order in some countries, they remain at the top in both North America and Europe.
This information comes from the yearly report titled “Regional Risks for Doing Business report.” This report is compiled from over 12,000 responses from business leaders in 127 countries. They are presented with a pre-selected list of 30 global risks and asked to choose the five that they believe to be of most concern for doing business in their country over the next decade. Unsurprisingly given the COVID 19 pandemic, the top two global risks were unemployment and spread of infectious disease. Although cyber-attacks fell from second place globally last year to fourth, they are still top-of-mind in the West.
To detail that further, cyber-attacks were named the number one risk of the next decade by North America business leaders, garnering 55% of the responses. This was followed directly by infectious diseases. Cyber-attacks ranked second on Europe’s list, but first in the UK. This data shows the importance of our field, and also shows that business leaders are beginning to prioritize cybersecurity more and more as we move towards the future.