Pete Recommends – Weekly highlights on cyber security issues January 25, 2020

Subject: Apple complies with 90% of US government requests for customer data
Source: Business Insider

  • Apple announced in a report Friday that it received a record-high 3,619 requests from the US government for users’ account information in the first half of 2019, up 36% from the previous six-month period.
  • Apple said it complied with 90% of those requests, which generally asked for customers’ iTunes or iCloud account details and occasionally their iCloud data.
  • Apple’s report comes amid its battle with the US government over privacy, which was reignited this week after it refused an FBI request to unlock a mass shooter’s iPhones.
  • The report paints a stark contrast to the government’s efforts to paint Apple as unhelpful in assisting law enforcement’s’ investigations.

Apple released its biannual transparency report on Friday, which included details about the number and type of government and private party requests for customer information that the company received globally.

NB see also:

Subject: NIST Releases Privacy Framework
Source: Multichannel News Policy via NIST

The National Institute of Standards and Technology (NIST) has published a guide to privacy best practices, “Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.” [43-page PDF]. The idea is to continue to get the benefits of data collection while mitigating the privacy risks while avoiding a one-size-fits-all approach, an approach which deregulatory types often associate with “heavy handed” government regulation.

Related: Commerce Releases Suspect Tech-Vetting Framework – The self-regulatory framework has no force of law and is not binding on anyone. Instead, it is meant to be a tool for privacy-by-design practices that put privacy risks on the same level as other risks and is meant to work in concert with the “Framework for Improving Critical Infrastructure.”


NIST Privacy Framework January 16, 2020

Executive Summary – For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.

Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool, the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), to enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;
  • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals,business partners,assessors, and regulators.Deriving benefits from data while simultaneously managing risks to individuals’ privacy is not well-suited to one-size-fits-all solutions. Like building a house, where homeowners make layout and design choices while relying on a well-engineered foundation, privacy protection should allow for individual choices, as long as effective privacy risk mitigations are already engineered into products and services. The Privacy Framework—through a risk-and outcome-based approach—is flexible enough to address diverse privacy needs,enable more innovative and effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things…

Subject: Public-private cooperation must improve to fill gaps in pandemic preparation, response
Source: Homeland Preparedness News

Pandemic preparedness collaboration among private businesses with the public sector is critically important at this time, say experts at the Johns Hopkins Center for Health Security, the World Economic Forum, and the Bill & Melinda Gates Foundation.“The next severe pandemic will not only cause great illness and loss of life but could also trigger major cascading economic and societal consequences that could contribute greatly to global impact and suffering,” the three organizations said in a joint statement released on Jan. 17.


Subject: FTCode Ransomware Now Steals Saved Login Credentials
Source: Bleeping Computer

FTCode ransomware victims now have one more thing to worry about with the malware having been upgraded to also steal saved user credentials from email clients and web browsers.FTCode is a PowerShell-based ransomware strain first spotted in 2013 by security researchers at Sophos, a malware that resurfaced in October 2019 as the final payload in a spam email campaign targeting Italian recipients.

Being fully developed in PowerShell allows it to encrypt its targets’ devices without having to download additional components, while also making it very easy for its developers to add new functionality.

The ‘new and improved’ FTCode ransomware – The newly added info stealer functionality allows FTCode to harvest and exfiltrate the stored credentials before encrypting its victims’ files.

FTCode is now capable of stealing saved credentials from both web browsers (Internet Explorer, Mozilla Firefox, Google Chrome) and email clients (Mozilla Thunderbird and Microsoft Outlook).

The way the ransomware collects the credentials is different for each of the five applications, directly accessing registry keys in the case of Internet Explorer and Microsoft Outlook, while in the case of Mozilla Firefox, Mozilla Thunderbird, and Google Chrome it goes into the folders where the apps store the credentials.



Subject: Infiltrating Networks: Easier Than Ever Due to Evil Markets
Source: Bleeping Computer

Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the hackers have infiltrated.

All type of access is for sale. Entities from various sectors have been compromised, with managed service providers (MSPs) being the most attractive because they can act as a stepping stone for a larger set of victims.

Jim Walter from SentinelOne says that breaching an MSP can help attackers keep a low profile on the network and obtain persistence.

“Communication channels between MSPs and their clients often occur across trusted and private networks, with the boundaries between them turning into somewhat of a grey area. The traffic may remain ‘internal’ to the infrastructure of the MSP, therefore not being susceptible to traditional controls found at the perimeter (Internet facing IDS, Email Content Filters, and the like).”

An MSP with 100 customers is considered mid-sized by a network intruder looking to sell credentials for admin accounts, which could be used to get the usernames and passwords the clients use to log into the MSP’s platform.

“The price is a firm $700,” reads the post on an underground market, adding that the ad was present on other markets and setting a 48-hour deadline for the transaction.

This type of visibility makes it easier for less skilled attackers to drop their malware as they pay their way onto the victim’s network instead of envisaging methods to break into an environment and gain a foothold.

Defense advice – Walter lists some simple, general steps companies can take to reduce the risk of an intruder taking roots on their network or move laterally…


Subject: Reminder: Safeguard Websites from Cyberattacks
Source: DHS CISA

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.

For more information, review:

Subject: Microsoft discloses security breach of customer support database
Source: ZDNet via beSpacific

Is this the year that we finally admit we have no privacy? – Today’s news via ZDNet – Microsoft discloses security breach of customer support database – Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between December 5 and December 31. The database was spotted and reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery. The leaky customer support database consisted of a cluster of five Elasticsearch servers, a technology used to simplify search operations, Diachenko told ZDNet today. All five servers stored the same data, appearing to be mirrors of each other. Diachenko said Microsoft secured the exposed database on the same day he reported the issue to the OS maker, despite being New Year’s Eve….

beSpacific Subjects: Cybercrime, Cybersecurity, E-Records, Microsoft, Privacy

ZDNet Topic: Security

Subject: How Do People Decide Whether to Trust a Photo on Social Media?
Source: NYT Open

Even without photoshop, visuals with misleading content, missing context and false information are common on the internet, and with the help of social platforms, they can be spread far and wide in a matter of minutes.

Posts with visuals are shared more widely and rapidly than text-only posts and are central to the spread of misinformation. Within this polluted information ecosystem, it’s difficult to discern which visuals are credible. According to The Pew Research Center, almost half of American adults say it’s hard for them to recognize when visuals have been made up or altered. The result is a muddled discourse about what’s true: a majority of American adults say that made-up or altered visuals can create confusion about the facts of current events.
If anything can be faked, how can people trust that credibly sourced visuals are accurate? Do people still believe what they see in photojournalism? Spurred by questions like these, the New York Times R&D team created The News Provenance Project to explore solutions to issues of misinformation around visual journalism.

How can publishers help readers discern what’s credible? At The News Provenance Project, we wanted to find out how publishers can help readers make more informed, confident judgements about the credibility of news photography.


Bonus RSS:

Sample category RSS:

Subject: Analysis Ties Hacking of Bezos’ Phone to Saudi Leader’s Account
Source: The New York Times

Investigators said the phone of Jeff Bezos, the Amazon chief, began behaving strangely after he received a video from Crown Prince Mohammed bin Salman’s WhatsApp account.SEATTLE — A forensic analysis of Jeff Bezos’ cellphone found with “medium to high confidence” that the Amazon chief’s device was hacked after he received a video from a WhatsApp account reportedly belonging to Crown Prince Mohammed bin Salman of Saudi Arabia.

After Mr. Bezos, who also owns The Washington Post, got the video over the WhatsApp messaging platform in 2018, his phone began sending unusually large volumes of data, according to a report summing up investigators’ findings, which was reviewed by The New York Times.



Subject: Increased Emotet Malware Activity

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation.CISA recommends users and administrator adhere to the following best practices to defend against Emotet. See CISA’s Alert on Emotet Malware for detailed guidance.

  • Block email attachments commonly associated with malware (e.g.,.dll and .exe).
  • Block email attachments that cannot be scanned by antivirus software (e.g., .zip files).
  • Implement Group Policy Object and firewall rules.
  • Implement an antivirus program and a formalized patch management process.
  • Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
  • Adhere to the principal of least privilege.
  • Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system.
  • Segment and segregate networks and functions.
  • Limit unnecessary lateral communications.

CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.

Posted in: AI, Cybercrime, Cybersecurity, Email, Email Security, Government Resources, Legal Research, Privacy, Social Media