Morphisec Cybersecurity Blog

Security News In Review: Data Breaches, Data Poison, and Big Data

Written by Nuni Snowden | May 22, 2021 at 2:00 PM

This week’s news roundup is all about data. Kicking things off is a recently announced breach at Mercari, predictions for “data poisoning” becoming a big attack vector, and the possibility of a national data breach disclosure law. 

Read on for the news.

The E-Commerce Giant With A Data Breach  -- A supply chain attack has had some major consequences. Mercari, the Japanese e-commerce giant that has recently expanded to the US and the UK, has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. According to Bleeping Computer, this is unfortunate, as the mega-company has reached over 100 million downloads since 2017 and is the first Japanese company to reach unicorn status. Thus far, thousands of customer financial records have been compromised. Read about the breach here.

Data Poison May Be The Next Big Attack Vector -- According to research by SANS Institute, data poisoning attacks against the machine learning used in security software may be attackers’ next big vector. What is “data poisoning”? Johannes Ullrich, dean of research at SANS, says data poisoning could occur when adversaries provide a stream of bad information by flooding a target organization with malware designed to refine ML detection away from the techniques they, the malicious executable content plan to use for the main attack. Data poisoning has historically been involved in signature-based antivirus measures. In 2013, Microsoft presented research that someone had uploaded false samples to malware repositories to create signature collisions with system files. Learn more about data poisoning with this post by SC Magazine.

A National Data Breach Notification Law? -- What would a national, data breach notification law look like? Should we even have one? These are questions some lawmakers are asking. Since the supply chain attack that targeted SolarWinds and its customers was uncovered in December 2020, many have become more open to the idea of mandated, swift notification of breaches involving their data. Already, there is a patchwork of laws in place that force companies to give their users a “heads up” when their data has been compromised, but many lawmakers are saying this patchwork has too many holes. Read more about this ongoing legal debate here

For the First Time, Cloud Security Breaches Surpass On-Prem Breaches -- Verizon’s annual report on cybersecurity breaches has determined that more cybersecurity incidents involved external assets than internal (on-premises) ones. This is a massive jump from the year before. According to the report, cloud incidents now make up 73 percent of cybersecurity incidents. In 2019, cloud incidents only made up 27 percent of incidents. Read more about the shift to cloud-based threats, here.

How To Navigate Value vs. Volume In The World Of Big Data -- Though this story sits behind a pay-wall, it could be very useful for those of you who are trying to scale your business, safely, with the help of big data. Within the last ten years, there have been a plethora of companies promising to help quantify B2C business strategies. This may be connected to the increase in supply chain attacks and the difficulty lean security teams have securing their endpoints. This TechCrunch article summarizes their findings and gives a helpful how-to for anyone looking to navigate big data.

The Malware Attack on the Alaskan Healthcare Department -- The website for the health department of the state of Alaska was recently under attack. Although investigators are not sure if any personal or confidential information was compromised, several features of the website were offline for several hours. It is unclear who is responsible for this attack. Read more about the incident here. 

New Malware That Can Steal Your Passwords and Hijack Your Webcam -- Just when you thought the RAT couldn’t get any worse...it turns out, it can. A remote access tool called RevengeRAT appears to be targeting the aerospace and travel industries with spear-phishing emails. These threat actors are especially insidious because they deliver an email designed to fool the recipient into thinking it’s genuine. After opening it, along with the attached Adobe PDF file, the recipient has unknowingly infected themselves with malware. These kinds of Trojans steal content like user login credentials,  webcam images, and anything that the system clipboard has been used to copy. Scary right? The malicious executable content at the center of this threat campaign is a loader called Snip3, a campaign we’ve spoken about previously. To learn more about Revenge Rat, click here. 

Dridex Takes the 2021 Crown -- Check Point has named the Dridex trojan the most prevalent malware of 2021 (so far). Other threats to watch out for include, Agent Tesla and Trickbot. Mobile malware is also on the rise, with “Web Server Exposed Git Repository Information Disclosure” cited as the most common exposed vulnerability in April. Read more here

Cybercriminals Are Getting Faster -- According to new research published by Cortex Xpanse, cybercriminals began searching the web for vulnerable Exchange Servers within five minutes of Microsoft's security advisory going public. This influx of cheap cloud services has allowed cyberattackers to quickly pick out targets. The report goes on to say that in particular, zero-day vulnerabilities can prompt attacker scans within as little as 15 minutes following public disclosure. When it came to Microsoft Exchange, researchers say attackers worked “even faster,” scanning within five minutes of public disclosure. The usual players such as the Chinese advanced persistent threat (APT) group Hafnium -- and other APTs including LuckyMouse, Tick, and Winnti Group -- all have been documented as increasing their speed. Read more about the changes to cybercriminals and their tactics here

Ransomcloud: An Emerging Ransomware Targeting K-12 Schools -- While healthcare used to be the primary target of threat actors and ransomware operators, K-12 schools now share a significant portion of that burden. In late 2020, the FBI reported that 57% of the reported ransomware attacks involved K-12 schools. Add this to the undoubtedly many more attacks that we know aren’t reported, and it would seem that cybercriminals have a new favorite target. Read more about ransomcloud and its threat to K-12 schools here.