The cyber realm has progressed much over the last week; here is the compilation of the top cybersecurity headlines from the past seven days.
UK Government Passes New Cybersecurity Bill
The general notion among consumers of electronic goods today is that a seller or manufacturer does a good job of ensuring their security from cyberattacks. More often than not, this isn’t true. Of late, cyber adversaries have been intruding into netizens’ private and public spaces – right from attacks on their organizational networks to home systems such as smart TVs, CCTVs, baby monitors, etc. The United Kingdom government has implemented the Product Security and Telecommunications Infrastructure (PSTI) Bill as a corrective measure. The PSTI bill mandates all manufacturers and sellers of IoT devices to abide by cybersecurity protocols and protect the privacy of Britons.
Apart from imposing fines of up to £10 million (about $13.25 million), the government has demanded that firms be transparent with customers about their email security measures and establish an efficient public vulnerability reporting system. In extreme cases, disregarding the PSTI bill norms may withhold an organization’s license to sell particular products. Some of the devices that fall under these new security requirements are IoT-connected cameras, phones, speakers, TVs, baby monitors, children’s toys, door locks, smoke detectors, etc. Other devices include fitness trackers, base stations, GPS devices, alarm systems, fridges, washing machines, smart home assistants, etc.
Devices exempted from this list include smart meters, cars, medical devices, laptops, desktop computers, etc. While this step by the UK government may not ensure total protection, it is a good start and shall reduce cyber incidents considerably if implemented well.
Recommendations to Increase Cybersecurity Experts
It is a known fact that the diverse cybersecurity roles out there are underexploited, as a result of which there is an uneven ratio of cyberattacks and cybersecurity experts. The cybersecurity workforce is evidently inadequate across nations as there are not enough qualified and skilled employees. A recent report by ENISA highlights the research done by the Cybersecurity Higher Education Database – CyberHEAD to predict the future of the cyber landscape.
The findings of this study highlight that there has been a growth in the number of students and programs oriented towards cybersecurity higher education. Thus, we can expect an increase in cybersecurity graduates within the next 2-3 years. But on the flip side, the gender ratio remains uneven, with only 20% of women students enrolled in such cybersecurity programs.
The report further highlights the measures taken by the European government to increase the number of cyber experts and enhance their expertise. The report lists the many recommendations for European Institutions, member states, industries, and the academic community. These include increasing enrolments in cybersecurity programs, providing scholarships in Higher Education Institutions (HEIs), having a unified approach or common framework like European Cybersecurity Skills Framework, cooperation among member states, analyzing the cybersecurity market needs, etc.
Lazarus Group Actors Pose as Samsung Recruiters
Threat actors from the notorious North Korean adversary group Lazarus (or Zinc) are posing as Samsung recruiters to offer innocent South Korean job seekers fake jobs. The adversaries are sending out fake job offer emails to lure victims from security organizations that sell anti-malware software. Like all phishing emails, these fake Samsung emails come with an attached PDF called the so-called job description document.
Victims cannot access this document, and when they report the same to the fake recruiters, they receive the link to a Secure PDF Reader app, the modified version of PDFTron. This trojan installs a backdoor on the victims’ systems. This instance is clear evidence of the ever-evolving cyber-attack strategies of threat actors and serves as a lesson for organizations to increase cybersecurity awareness among employees.
Beware of Texts From FluBot
After distressing Android users in Australia and New Zealand earlier this year, the Android malware FluBot is now affecting Finnish users. Authorities in Finland are warning users against the malware being spread via SMS messaging. The National Cyber Security Center (NCSC-FI) warns that the FluBot messages contain a combination of letters that are difficult to filter for telecommunications operators and are often disguised as voicemail messages from mobile operators.
The NCSC-FI has detected over 70,000 such messages in just 24 hours, and it urges users not to install the malicious Android app that these FluBot texts lead them to. Affected Android users should perform a factory reset on their devices to ensure ransomware protection. The iOS users receiving this message are directed to phishing sites instead of the prompt to install the malicious app. After being installed, FluBot allows adversaries to access and regulate everything on a user’s phone, right from viewing contact lists to sending unauthorized messages to contacts. The malware also steals credit card details and passwords types while using various apps.
CISA Releases a Capacity Enhancement Guide for Organizations
The Cybersecurity and Infrastructure Security Agency (CISA) has recently released a Capacity Enhancement Guide (CEG) to enable organizations to better secure organization data by monitoring the use of employee mobile devices to access enterprise resources. CISA presents an Enterprise Mobility Management (EMM) system checklist, which lists the major cybersecurity practices to ensure an increased number of enterprise-managed mobile devices.
The first step is denying access to untrusted devices, meaning the devices without an EMM configuration. CISA further advises enterprises to mandate the use of strong authentication on enterprise-managed mobile devices such as pins that are at least six digits long, implementing 2FA, etc. The CEG comes with a host of other recommendations for enterprises. Some of these include reducing the amount of PII in applications, disabling Bluetooth, NFC, Wi-Fi, etc., when not in use, using VPNs while working on enterprise applications, etc.
CISA also instructs enterprises to use Mobile Threat Defense (MTD) systems, meaning that only trusted chargers and cables be used for charging and that the lost device function remains active.
MSP Leaves Vulnerability Unpatched For Two Years, 200 Affected
Designed to detect fake emails, Sender Policy Framework (SPF) is a critical email authentication check. For over two years, a Managed Service Provider (MSP) called the Precedence Group operated with an undiscovered vulnerability. It had exposed over 200 Australian enterprises to phishing emails. The Precedence Group managed these organizations’ DNS, email servers, and websites and had unfortunately added an over-permissive SPF DNS record to each organization’s domain.
Resultantly, any Amazon Web Services (AWS) user could send authenticated emails impersonating Precedence Group’s client organizations. However, the MSP has now fixed the bug and informed the Australian Cyber Security Center about the same.