Trending headlines in cybersecurity from the week:
Cybersecurity Clinics Program Act
Phishing Caution to Twitter Users
Okta Passwordless Authentication Update
Watch this episode now:
Updates from Capitol Hill
All eyes were on the recent election, and despite both domestic and foreign threats, a senior official with the Cybersecurity and Infrastructure Security Agency reports that no specific attacks disrupted election day. While “a handful” of DDoS attacks targeted state and local election websites and a few technical glitches affected voting equipment, CISA says it saw “no activity” that should undermine the results of the midterm elections.
CISA and Outcomes From the Ransomware Summit
CISA, in partnership with the U.S. Department of State and the Spanish Ministry of the Interior, recently announced a joint project to develop a capacity-building tool to help countries utilize public-private partnerships to combat ransomware. The project is an outcome of the Global Ransomware Summit, hosted by the US earlier this month. Spain is taking the lead on the project, which will provide much needed guidance to nations around the world seeking to develop or deepen public-private partnerships, share information, and build capacity in the fight against ransomware.
Other government news
Texas congressman Marc Veasy introduced a bill that would invest in cybersecurity curricula in predominantly minority schools and community colleges. The Cybersecurity Clinics Grant Program Act would create a Department of Homeland Security grant program to fund cybersecurity education programs at community colleges and minority-serving institutions. The bill is intended to provide career paths into cybersecurity, give grant recipients practical experience, address the industry’s talent gap, and increase the percentage of women and minorities entering the cyber workforce.
For many CISOs, this bill is a welcome relief. Dave Stapleton, CISO at CyberGRX couldn’t agree more. “What an amazing opportunity to satisfy a serious business and market need while utilizing diversity and inclusion,” he noted.
According to Cyberseek.org there are currently over 700,000 unfilled cyber positions in the US alone. Commenting on the hiring challenges, Shane Hasert, Director of Threat Research and Cybersecurity Standards at CyberGRX said, “Security has always been a 'chicken/egg' conundrum....to be hired, you have to have X certification, but you can't get X certification without X years of experience. A bill like this would help to shrink this particular gap.”Stapleton agreed, adding, “Enabling and supporting the next generation of cybersecurity professionals, and doing so in a way that focuses on historically underrepresented and disadvantaged communities, is a win-win for everyone.”
Enabling and supporting the next generation of cybersecurity professionals, and doing so in a way that focuses on historically underrepresented and disadvantaged communities, is a win-win for everyone.
Microsoft recently released patches for several zero day vulnerabilities, including:
A Windows print spooler elevation of privilege vulnerability, which could enable an attacker to gain system privileges.
A Windows Cryptographic Next Generation key isolation issue, again potentially resulting in an attacker gaining system control.
A Windows scripting language vulnerability that enables remote code execution by luring users to visit a malicious server via email or chat.
And a zero day we’ve previously reported on, a “mark of the web security bypass,” which disables Microsoft’s protected view and allows an attacker to host a malicious website, send malicious emails or text messages, or add malicious content to a compromised website.
The good news is that patches are now available and Microsoft is advising all users to install the updates immediately.
Twitter Phishing Spikes
Phishing attacks on Twitter have spiked since Elon Musk took over, coinciding with the launch of Twitter Blue. Twitter Blue, the new paid premium service, promises users prioritized tweets, but cybercriminals have used the launch as an opportunity to steal login credentials from unsuspecting users. The phishing campaign uses both Google forms for data collection and URLs that redirect users to cybercriminals. The primary targets are users with large followings, typically media and entertainment companies, including journalists.
Jeff Hodgin, VP of Product at CyberGRX offers perspective on the attacks targeting journalists, sharing, “We spend so much time talking about the cybersecurity posture of companies that it can sometimes be difficult to think of it in the context of an individual. By promoting yourself on social media you are promoting yourself as a brand just as any other company would be. The more prominent your brand, the larger the target will be on your back. Individuals who are looking to promote themselves should consider their individual risk in the same way companies do: what is my exposure, what would be the impact of a breach, what is the likelihood of that happening. When you think of things in this manner, cybersecurity awareness training, password management best practices, endpoint security all become important parts of your day-to-day life. Protect your brand– your brand and your cyber reputation is your business. And if not managed properly, individuals will be dealing with a ‘breach’ crisis event in the same way that large companies do.” Well said, Jeff!
While Twitter has not historically been a popular target for cyber crime, the recent change in ownership plus the departure of Twitter’s CISO have made it an attractive target for hackers.
Good News: Okta Passwordless Authentication
Okta, who was compromised earlier this year, has developed a safer passwordless authentication system, aimed at countering the illegitimate use of biometric login data. According to data by Verizon, illegitimate use of credentials was responsible for 48% of breaches in 2021, up from 37% in 2017. Okta’s answer to this growing threat is to bind biometric data to the user’s device, so that only that device can be used for authentication. While biometric data is considered more secure, recent high-profile cases have intercepted one-time passcodes tied to biometrics, and Okta believes this could potentially grow into larger scale phishing attacks. Okta’s new capability will prevent the reuse of login keys generated from a user’s biometric data and protect the user’s biometrics as they do not leave the user's device– so even if an attacker stole a fingerprint, they can’t use it. Okta’s Advanced Phishing Resistance for FastPass, is in early preview now, and is expected to be released in early 2023.
All information is current as of November 14, 2022. Subscribe to receive future episodes as they are released.
Get Cyber Risk Intel delivered to your inbox each week: