Implementing cybersecurity is a collective responsibility wherein every member has to play their part in maintaining confidentiality, integrity, and availability of the organization’s information assets at large. This includes keeping oneself abreast of the latest happenings in the cyber world to keep one step ahead of threat actors at all times. Here are the most relevant cybersecurity headlines this week, highlighting the progress made by both the good and the bad (malicious) actors.
FTC Implements Data Breach Rule For Mobile Applications
Developed in 2009, the Federal Trade Commission’s Health Breach Notification Rule is back on the table. The FTC has recently released a statement asking health app creators collecting users’ personal health information (PHI) to comply with the data breach notification rule. This might be the first of the many checks on the cybersecurity practices adopted by such apps and devices. The PHI is usually collected and stored to feature behavioral ads; however, permission needs to be acquired before collecting such sensitive personal data.
The Health Breach Notification Rule mandates vendors beyond the medical information-related privacy laws such as Health Insurance Portability and Accountability Act (HIPAA) to notify about any data breach affecting the agency, users, or the media. This decision to implement the breach notification rule for mobile apps comes after a letter was sent to the FTC by Senator Bob Menendez, Congresswomen Bonnie Watson Coleman, and Mikie Sherrill.
Dynatrace Acquires SpectX
Amidst all the mayhem about cyberattacks being more potent in the battle among internet users and breakers, Dynatrace has managed to strengthen its cybersecurity position by acquiring the high-speed query analytics and parsing organization SpectX. This merger shall facilitate faster security and convergence of observability for modern multi-cloud environments (characterized by constant change). With the acquisition of SpectX, Dynatrace will now be able to extend its Software Intelligence Platform’s observability and security analytics to broader audiences.
The CTO and Founder of Dynatrace, Bernd Greifeneder, views this acquisition as an empowering move for both parties as they can now use the best of both teams to provide advanced analytics solutions and bring in digital innovation. The CTO and Founder of SpectX, Renee Trisberg, too, looks forward to the journey ahead of both enterprises in providing robust parsing and query analytics services to customers.
Ransomware Actors Turn Hostile
In a recent series of reports, some ransomware gangs are threatening victim organizations of deleting their files if they seek the help of professional negotiators. Among these gangs is Grief Corp which has clearly warned victims against engaging mediators. They say that recovery organizations will have to be hired anyway, so it’s better to do it later than losing all encrypted data. The RagnarLocker ransomware gang seems to be the pioneer in this ongoing trend among adversaries.
Cybersecurity analyst Brett Callow said that hiring negotiators help organizations evade ransom demands and recover quickly by paying the least amount of money. Hence, the ransomware gangs have taken to threatening victims against doing it now.
Grief Corp, in particular, operates under Evil Corp, which is subject to OFAC sanctions. Negotiators are aware of this and can advise victim organizations accordingly. In essence, it is advisable to refrain from complying with the demands of the ransomware operators as it helps kill their business. The UK government also advises against paying ransom to the adversaries.
Microsoft Users Can Now Go Passwordless
While creating an online account, we first choose a password and safeguard it for all years to come. But Microsoft is in the process of removing the compulsory password needed to log in to Microsoft accounts. Users will have the liberty to choose between security keys, Microsoft Authenticator mobile app, Windows Hello biometrics, or verification codes received on SMS and email as alternative authentication measures. The option is likely to be rolled out in a couple of weeks. It was first introduced among Azure enterprise users in March as a safer alternative to traditional passwords.
This move comes in response to the easy-to-crack and recycled passwords that people often use on their online accounts. The passwordless feature serves as a significant security measure, and it has been widely requested for quite some time now. Microsoft’s findings suggest that people tend to forget their passwords or use a simple combination of words and numbers such as their loved ones’ or pets’ names, date of birth, etc., as passwords that simplify adversaries’ work. Over the last six years, “123456” has consistently been the most commonly seen password in data breaches. Therefore, going passwordless might be the cybersecurity measure netizens have been looking forward to for logging into their accounts without having to worry about remembering the passwords.
Next Target of Threat Actors: Cloud Accounts
As more people and organizations shift to the cloud, the risks associated with cloud account access have also increased. This time, the adversaries are running after the compromised admin accounts of Amazon AWS, Azure, and Google Cloud circulating in the dark market.
The malware Cpuminer has been allegedly used to mine altcoin(s). In addition, the threat actor Keksec is using Ryuk’s new DDoS malware strain Tsunami to conduct crypto-mining attacks. Another gang called 8220 is using PwnRing to attack hosts on common cloud services. Such activities in the recent past hint at the increase in the compromise and sale of cloud accounts. These trends suggest that there is a growing need for stringent email security measures for cloud services.
Financial Services Spent $2M in Data Breach Costs in 2020
A new cybersecurity report by Sophos on global financial services firms indicates that 34% of enterprises were victims of ransomware attacks in 2020. The survey was conducted among 550 mid-sized financial organizations, of which 51% admitted to having their data compromised by the adversaries. An average of $2 million was spent on recovering this data from the clutches of the attackers. This data was represented in the Sophos State of Ransomware in Financial Services 2021 report. It indicated that around 62% of victim organizations were able to restore their systems from backup. The report further suggested that the costs involved in recovering files were higher in this sector than in other sectors ($1.85 million).
This huge figure is ironic as only 25% of the surveyed financial services had paid the demanded ransom. This led to the conclusion that these financial bodies had more robust defenses and could recover the encrypted data from backups because of the strong adherence to the guidelines of regulatory bodies such as GDPR and SOX. But on the flip side, a targeted ransomware attack on such an organization is likely to cause more harm. Finally, the Sophos report referred to IBM’s findings which indicated that the financial sector continues to record the second-highest data breach costs even in 2021.