Cyber Resilience News May 8, 2018

A lot of headlines this week swirled around what might be lurking in your social media account. This week Facebook warned of similar domain phishing and “punycode” scams that are landing in Messenger and Twitter is urging their users to change their passwords due to a bug.  The Facebook/Cambridge Analytica scandal keeps resurging as we near the deadline for GDPR.  This week also saw a lot of news surrounding research on cybersecurity and the increase in attacks like trusted third-party impersonation. And for good measure, our favorite “Nigerian Prince” is still "a thing" you should be concerned about.

1. Facebook tool warns developers of phishing attacks dangling lookalike domains, Via TechCrunch
   • Phishing seems like a problem that will be here for the long haul, so I welcome any tools to combat it with open arms. Today Facebook announced one: a service for domain owners or concerned users that watches for sketchy versions of web addresses that might indicate a phishing attempt in the offing.
2. Facebook scandal raises data privacy concerns, Via Risk Management Magazine
   • Facebook announced a number of data privacy and transparency changes in response to the Cambridge Analytica situation coming to light and, in turn, demands from outraged users and lawmakers worldwide. Some of these changes, however, are also measures the social network already needed to roll out soon to comply with the EU’s General Data Protection Regulation (GDPR).
3. Survey roundup: lack of investment exposes critical infrastructure, Via The Wall Street Journal
   • A survey of around 800 IT decision-makers and C-suite executives by data security firm Mimecast and research firm Vanson Bourne found 40% said they’ve noticed an uptick in trusted third-party impersonation attacks.
4. Twitter advising all 330 million users to change passwords after bug exposed them in plain text, Via The Verge
   • Twitter is urging all of its more than 330 million users to immediately change their passwords after a bug exposed them in plain text. While Twitter’s investigation showed that there was no evidence that any breach or misuse of the unmasked passwords occurred, the company is recommending that users change their Twitter passwords out of an “abundance of caution.”
5.  ‘We are having enormous amount of phishing attacks’ – says Founder of MyEtherWallet, Via AMB Crypto
   • Kosala Hemachandra, CEO of MyEtherWallet, that MyEtherWallet is having an enormous amount of phishing attacks every day, with over 6500+ domain names similar to MyEtherWallet. To avoid these attacks, they are planning on creating a hardware wallet.
6. Eighty-one percent of organizations see an increase in cyber security challenges, Via BetaNews
   • A new study reveals that the top three IT challenges for businesses are seen as: protecting against email-related threats like ransomware, malware and phishing; transitioning legacy systems that no longer receive security updates; and ensuring the company is always up to date with patches and current software versions.
7. Spartacus ransomware: introduction to a strain of unsophisticated malware,Via Security Boulevard
   • Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others we have seen in the past, such as ShiOne, Blackheart, and Satyr.
8. Massachusetts Senate passes data breach bill regulating consumer reporting agencies, Via SC Magazine
   • By a 38-0 margin, the Massachusetts Senate last week unanimously passed S.2455, a bill that affords citizens enhanced protections in the event of a breach affecting a consumer credit reporting agency such as Equifax.
9. Nigerian email scammers are more effective than ever, Via Wired
   • Nigerian scammers will send tailored phishing emails to a company to get someone to click a link and infect their computer with malware. From there, the attackers are in no hurry. They do reconnaissance for days or weeks, using key loggers and other surveillance tools to steal credentials to all sorts of accounts, figure out how a company works, and understand who handles purchasing and other transactions.