August Cybersecurity News Roundup

  • By Maddie Rosenthal
  • 28 August 2020

The end of the month means another roundup of the top cybersecurity headlines.

Keep reading for a summary of the top 12 stories from August. Bonus: We’ve included links to extra resources in case anything piques your interest and you want to take a deeper dive. Did we miss anything? Email [email protected]

Russian charged with trying to recruit Tesla employee to plant malware 

Earlier this week, news broke that the FBI had arrested Egor Igorevich Kriuchkov – a 27-year-old Russian citizen – for trying to recruit a fellow Tesla employee to plant malware inside the Gigafactory Nevada. The plan? Insert malware into the electric car maker’s system, causing a distributed denial of service (DDos) attack to occur. This would essentially give hackers free rein over the system. 

But, instead of breaching the network, the Russian-speaking employee turned down Egor’s million-dollar offer (to be paid in cash or bitcoin) and instead worked closely with the FBI to thwart the attack.

Feds warn election officials of potentially malicious ‘typosquatting’ websites

Stories of election fraud have dominated headlines over the last several months. The latest story involves suspicious “typosquatting” websites that may be used for credential harvesting, phishing, and influence operations.

  • What is typosquatting?

    Also known as URL hijacking, typosquatting is a tactic used by hackers that targets users who incorrectly type a website’s address into their browser (for example, teesian.com instead of tessian.com). The hacker will purchase the incorrect domain, create a look-a-like page, and hope that users don’t realize they’ve landed on the wrong page.

    Most often, they’re created to steal data like passwords or credit card information.

While the FBI hasn’t yet identified any malicious incidents, they have found dozens of illegitimate websites that could be used to interfere with the 2020 vote.  

To stay safe, make sure you double-check any URLs you’ve typed in and never input any personal information unless you trust the domain. 

Former Google engineer sent to prison for stealing robocar secrets

An Insider Threat at Google who exfiltrated 14,000 files five years ago has been sentenced to 18 months in prison. The sentencing came four months after Anthony Levandowski plead guilty to stealing trade secrets, including diagrams and drawings related to simulations, radar technology, source code snippets, PDFs marked as confidential, and videos of test drives. 

He’s also been ordered to pay more than $850,000.

Looking for more information about the original incident? Check out this article: Insider Threats: Types and Real-World Examples. All the information you need is under Example #4.

For six months, security researchers have secretly distributed an Emotet vaccine across the world

Emotet – one of today’s most skilled malware groups – has caused security and IT leaders headaches since 2014. 

But, earlier this year, James Quinn, a malware analyst working for Binary Defense, discovered a bug in Emotet’s code and was able to put together a PowerShell script that exploited the registry key mechanism to crash the malware.

According to ZDNet, he essentially created “both an Emotet vaccine and killswitch at the same time.”

Working with Team CYMRU, Binary Defense handed over the “vaccine” to national Computer Emergency Response Teams (CERTs), which then spread it around the world to companies in their respective jurisdictions.

Online business fraud down, consumer fraud up

New research from TransUnion shows that between March and July, hackers have started to change their tactics. Instead of targeting businesses, they’re now shifting their focus to consumers.

Key findings include:

You can read the full report here.

FBI and CISA issue warning over increase in vishing attacks

A joint warning from the Federal Bureau of Investigations (FBI) and Cybersecurity Infrastructure Security Agency (CISA) was released in mid-August, cautioning the public that they’ve seen a spike in voice phishing attacks (known as vishing). 

They’ve attributed the increase in attacks to the shift to remote working. Why? Because people are no longer able to verify requests in-person.

Not sure what vishing is? Check out this article, which outlines how hackers are able to pull off these attacks, how you can spot them, and what to do if you’re targeted. 

TikTok sues U.S. government over Trump ban

In last month’s cybersecurity roundup, we outlined why India had banned TikTok and why America might be next. 30 days later, we have a few updates.

On August 3, President Trump said TikTok would be banned in the U.S. unless it was bought by Microsoft (or another company) before September 15. Three days later, Trump signed an executive order barring US businesses from making transactions with TikTok’s parent company, ByteDance. The order will go into effect 45 days after it was signed.

A few weeks later, ByteDance filed a lawsuit against the U.S. government, arguing the company was denied due process to argue that it isn’t actually a national security threat. In the meantime, TikTok is continuing its sales conversations with Microsoft and Oracle.

Stay tuned next month for an update on what happens in the next 30 days.

A Stanford deception expert and cybersecurity CEO explain why people fall for online scams

According to a new research report – The Psychology of Human Error – nearly half of employees have made a mistake at work that had security repercussions. But why?

Employees say stress, distraction, and fatigue are part of the problem and drive them to make more mistakes at work, including sending emails to the wrong people and clicking on phishing emails. 

And, as you might expect, the sudden transition to remote work has only added fuel to the fire. 57% of employees say they’re even more distracted when working from home. 

To avoid making costly mistakes, Jeff Hancock, a professor at Stanford, recommends taking breaks and prioritizing self-care. Of course, cybersecurity solutions will help prevent employees from causing a breach, too.

University of Utah pays $457,000 to ransomware gang

On August 21, the University of Utah posted a statement on its website saying that they were the victim of a ransomware attack and, to avoid hackers leaking sensitive student information, they paid $457,000.

But, according to the statement, the hackers only managed to encrypt .02% of the data stored on their servers.

While the University hasn’t revealed which ransomware gang was behind the attack, they have confirmed that the attack took place on July 19, that it was the College of Social and Behavioral Sciences that was hacked, and that the university’s cyber insurance policy paid for part of the ransom.

Verizon analyzed the COVID-19 data breach landscape

This month, Verizon updates its annual Data Breach Landscape Report to include new facts and figures related to COVID-19.

Here some of the trends to look out for based on their findings:

  • Breaches caused by human error will increase. Why? Many organizations are operating with fewer staff than before due to either illness or layoffs. Some staff may also have limitations because of new remote working set-ups. When you combine that with larger workloads and more distractions, we’re bound to see more mistakes.
  • Organizations should be especially wary of stolen-credential related hacking, especially as many IT and security teams are working to lock down and maintain remote access. 
  • Ransomware attacks will increase in the coming months.

SANS Institute Phishing Attack Leads to Theft of 28,000 Records 

The SANS institute – a global cybersecurity training and certifications organization – revealed that nearly 30,000 accounts of PII were compromised in a phishing attack that convinced an end-user to install a self-hiding and malicious Office 365 add-on.

While no passwords or financial information were compromised and all the affected individuals have been notified, the breach goes to show that anyone – even cybersecurity experts – can fall for phishing scams.

The cybersecurity skills shortage is getting worse

In March, Tessian released its Opportunity in Cybersecurity Report which set out to answer one (not-so-simple) question: Why are there over 4 million unfilled positions in cybersecurity and why is the workforce twice as likely to be male than female?

The answer is multi-faceted and has a lot to do with a lack of knowledge of the industry and inaccurate perceptions of what it means to work in cybersecurity. 

The bad news is, it looks like the problem is getting worse.

A recent report, The Life and Times of Cybersecurity Professionals 2020, shows that only 7% of cybersecurity professionals say their organization has improved its position relative to the cybersecurity skills shortage in the last several years. Another 58% say their organizations should be doing more to bridge the gap.

What do you think will help encourage more people to join the industry? 

That’s all for this month! Keep up with us on social media and check our blog for more updates.

Maddie Rosenthal