This week on Security News in Review, we have coverage on the Facebook data leak, some movement from the federal government on closing a weak spot, and theories on whether IcedID could take on the role Emotet used to have.
Now for the news:
IcedID Banking Trojan Surges: The New Emotet? -- The banking trojan known as IcedID seems like it’s taking on the role of the Emotet trojan since that network’s disruption, according to researchers. IcedID (a.k.a. BokBot), is similar to Emotet in that it’s a modular malware that started life as a banking trojan used to steal financial information. The volume of IcedID samples has exploded worldwide, which is what’s leading security researchers to guess that it’s a candidate for taking over Emotet’s role.
What Really Caused Facebook's 500M-User Data Leak? -- The tech giant Facebook is in the news for a data breach that compromised up to 500 million users. According to Facebook, the data breach is old news; they claim news outlets are overblowing an already resolved issue from 2019. Analysts disagree. While they do acknowledge that Facebook has fixed an issue that left millions of its users exposed, it’s unclear as to whether Facebook had given a public statement and exactly how many users were compromised.
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof -- Another day, another breach. Roughly 2 million LinkedIn users were leaked on a hacker site. The reason? Hackers have collected over 500 millions LinkedIn profiles and are attempting to auction them off--the 2 million leaked are “proof” of the accounts’ validity. LinkedIn is currently investigating.
Facebook ran ads for a fake ‘Clubhouse for PC’ app planted with malware -- Have you heard of “Clubhouse for PC”? If so, you’ve likely seen the insidious malware campaign masquerading as a Facebook ad. Clicking on the ad would lead users to a link to download “Clubhouse” that would actually infect their computers with malware. The malware, while still masquerading as Clubhouse, also has the potential to infect computers with ransomware. The fake Clubhouse website went offline overnight, rendering the malware inactive. Facebook ads for the malware have been removed as well.
Federal watchdog investigating State Department cybersecurity practices -- An independent government watchdog, i.e accountability office, is directing a wide-ranging probe into the State Department's cybersecurity strategy and response. Namely, it will oversee how it manages and responds to cyber threats. Recent attacks have highlighted issues within cyber vulnerabilities within the United States and these attacks have pressured the Biden administration into action. The probe is hoping to increase visibility, “detect [and block] anomalous cyber behavior.”
After A Major Hack, U.S. Looks To Fix A Cyber 'Blind Spot' -- Cybercriminals understand the laws in the US and how to exploit them. Namely that the National Security Agency, though well equipped to do so, cannot legally collect domestic intelligence. This puts the agency at a disadvantage when trying to detect and fight cybercrime. The NSA only realized their latest breach after they had been informed that FireEye (a leader in cyber security and frequent collaborator to the NSA) had been compromised as well. The current administration is now working to add visibility to this blind spot without disregarding US laws.
European Institutions Were Targeted in a Cyber-Attack Last Week -- A wide range of European Union institutions, including the European Commission, were compromised by last week’s cyber attack.The attack was serious enough for senior officials to be alerted and is said to be “bigger than usual”. This attack comes on the heels of the US cyber attack and the Vietnamese cyber attack.
Spy Operations Target Vietnam with Sophisticated RAT -- Spy operations have targeted the country of Vietnam with a sophisticated RAT. According to research, the malware used in the campaign, called “FoundCore”, allows attackers to: conduct file system manipulation, process manipulation, screenshot capture, and perform arbitrary command execution. While this is primarily a local threat, the malware is described as “sophisticated” and is likely to be replicated.
Financial organizations struggling to secure data in the cloud -- According to research, 53% of financial organizations store customer data in the cloud, while 35% store their own financial data there as well. This is noteworthy because targeted attacks on cloud infrastructure took the longest to detect and resolve . On average, 41% of financial organizations needed days or weeks to discover the incident, and 38% spent days or weeks on response.
In response to the pandemic, 30% of respondents had to change their IT priorities but stick to their existing budget and 19% reported security budget cuts.
DoD launches new security vulnerability pilot -- In an effort to share vulnerability data and boost digital hygiene within the defense industrial base, the Pentagon’s Cyber Crime Center and HackerOne (bug bounty vendor) have launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP). Any information submitted to the DIB-VDP under the program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications. The research, however, is not contributing to offensive tools or capabilities.