The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Russia’s SolarWinds Attack (Schneier on Security, Dec 28 2020)
Espionage is internationally allowed in peacetime. The problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.
2. Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code (Dark Reading, Dec 31 2020)
Malicious SolarWinds Orion backdoor installed in Microsoft’s network led to the attackers viewing some of its source code.
3. On the Evolution of Ransomware (Schneier on Security, Dec 30 2020)
Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and, unfortunately, predictable devolution. After years spent honing their techniques, attackers are growing bolder. They’ve begun to incorporate other types of extortion like blackmail into their arsenals, by exfiltrating an organization’s data and then threatening to release it if the victim doesn’t pay an additional fee. Most significantly, ransomware attackers have transitioned from a model in which they hit lots of individuals and accumulated many small ransom payments to one where they carefully plan attacks against a smaller group of large targets from which they can demand massive ransoms. The antivirus firm Emsisoft found that the average requested fee has increased from about $5,000 in 2018 to about $200,000 this year.
Happy New Year!
Hello 2021! Since I started this curated newsletter in June 2017, I’ve clipped ~18,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype.
Thanks! – Lucas Samaras
Share on Twitter Facebook LinkedIn
*AI, IoT, & Mobile Security*
4. T-Mobile Hacked — Again (Dark Reading, Jan 04 2021)
The wireless carrier has suffered a data breach for the fourth time since 2018.
5. How artificial intelligence will be used in 2021 (TechCrunch, Dec 31 2020)
“We’re going to start to see a lot of real value and ROI generated by AI across more and more businesses”
6. New Lawsuit Takes Aim at Ring After Smart Doorbell Hijacking (Infosecurity Magazine, Dec 24 2020)
Incidents led to murder and sexual assault threats for users
*Cloud Security, DevOps, AppSec*
7. Hacker Earns $2m in Bug Bounties (Infosecurity Magazine, Dec 24 2020)
Romanian man earns $2m through HackerOne and becomes richest bug bounty hunter in the world
8. Amazon Has Trucks Filled with Hard Drives and an Armed Guard (Schneier on Security, Jan 04 2021)
“Plus, we make it easy to migrate and difficult to leave. If you have a ton of data in your data center and you want to move it to AWS but you don’t want to send it over the internet, we’ll send an eighteen-wheeler to you filled with hard drives, plug it into your data center with a fiber optic cable, and then drive it across the country to us after loading it up with your data.
What? How do you do that?
We have a product called Snowmobile. It’s a gas-guzzling truck. There are no public pictures of the inside, but it’s pretty cool. It’s like a modular datacenter on wheels. And customers rightly expect that if they load a truck with all their data, they want security for that truck. So there’s an armed guard in it at all times.”
9. Re:Invent – New security sessions launching soon (AWS Security Blog, Jan 06 2021)
You can stream all the sessions released in 2020 via the AWS re:Invent website. Additionally, we’re starting 2021 with all new sessions that you can stream live January 12–15. Here are the new Security, Identity, and Compliance sessions—each session is offered at multiple times, so you can find the time that works best for your location and schedule.
*Identity Mgt & Web Fraud*
10. Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That? (VICE, Jan 07 2021)
Several Trump supporters gained access to computers in the U.S. Capitol building. Is the security of the building’s networks compromised?
11. How China Uses Stolen US Personnel Data (Schneier on Security, Dec 24 2020)
“Interesting analysis of China’s efforts to identify US spies:
By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official. China’s spies “were actively using that for counterintelligence and offensive intelligence. The capability was there and was being utilized.”
12. SolarWinds Campaign Focuses Attention on ‘Golden SAML’ Attack Vector (Dark Reading, Dec 22 2020)
Adversaries that successfully execute attack can achieve persistent anytime, anywhere access to a victim network, security researchers say.
*CISO View*
13. Latest on the SVR’s SolarWinds Hack (Schneier on Security, Jan 05 2021)
“The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that).
Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points:
The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained “
14. Ticketmaster fined $10 million in corporate espionage scheme (SC Media, Dec 31 2020)
Ticketmaster tried to steal both a client and design ideas from a competitor by logging into the back-end system with a former employer’s login credentials.
15. FireEye’s Mandia: ‘Severity-Zero Alert’ Led to Discovery of SolarWinds Attack (Dark Reading, Jan 07 2021)
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.