ISACA provides a summary of the President’s executive order on cybersecurity issued earlier this month.
From the whoops I forgot to patch my system front
- The American Hospital Association reports that “Cyber actors continue to exploit vulnerabilities in the operating system for the Fortinet network security system, the FBI warned [Thursday May 27], noting that a group “almost certainly” exploited a Fortigate appliance this month to access a webserver hosting the domain for a U.S. municipal government. The agency said actors are actively targeting a broad range of victims across multiple sectors. The alert recommends actions to help organizations guard against the threat.” More background on the Fortinet situation is available on ZDNet.
- Bleeping Computer informs us that “A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. * * * The researchers found that the threat actor breached the enterprise network by exploiting unpatched vulnerabilities in on-premise Microsoft Exchange server. * * * Because of the critical severity, organizations across the world rushed to install the patches and in less than a month about 92% of the vulnerable on-premise Microsoft Exchange servers received the update.”
- Here is a link to the Bleeping Computers’ This Week in Ransomware for May 28, 2021.
- Also for MacOS users like the FEHBlog, Fortune reports that that “A newly discovered flaw in the macOS operating system could allow intruders to take screenshots, record video, or access files on a hard drive without the machine owner’s knowledge. * * * A type of malware, dubbed XCSSET, which was first discovered last year, has found a way to use permissions obtained by other apps to bypass TCC, giving it broad access to infected Macs. * * * Apple already has issued a patch to keep XCSSET from using this vulnerability and is encouraging anyone running macOS 11.4 or later to download it immediately.”
From the phishing front, Security Week alerts us that
The Russia-linked threat group believed to be behind the SolarWinds attack has been observed launching a new campaign this week. The attacks have targeted the United States and other countries, and involve a legitimate mass mailing service and impersonation of a government agency.
The latest attacks were analyzed by Microsoft, which tracks the threat actor as Nobelium, and by incident response firm Volexity, which has found some links to APT29, a notorious cyberspy group previously linked to Russia.
The campaign appears to have started on May 25 and Microsoft said it involved malicious emails being sent to roughly 3,000 accounts across over 150 organizations in 24 countries. The highest percentage of emails went to the United States, but Volexity also saw a significant number of victims in Europe.
Targeted organizations include government agencies, think tanks, NGOs, and consultants. Microsoft said at least a quarter of the targets are involved in human rights and international development work.
Meanwhile Fortune reports that
Several cyber security startups like IronScales and Vade Secure are using machine learning to spot phishing emails. Venture capitalists are betting that these startups will eventually become big businesses.
Tessian co-founder and CEO Tim Sadler said that his startup analyzes a company’s corporate emails to discover patterns, such as common email addresses that people correspond with, which could indicate that they are messages to customers, for instance. The company then uses this data to train a machine-learning model, which can scan emails and flag those that are suspicious before employees click on them.
The machine learning system also displays the reasons why it suspects an email is fraudulent, such as it featuring a strange web link or misspellings of employee names. * * *
One challenge facing companies trying to combat phishing is the rise of more realistic attacks aided by advances in natural language processing, a subset of A.I. that involves computers creating and understanding text. Bishop said that advances in powerful language models like OpenAI’s GPT-3 systemcould lead to criminals more easily creating phishing emails that appear to be personalized to particular recipients. For instance, such an email could contain an A.I.-generated message in which the writing style is similar to a worker’s boss, making it harder to spot a fraud.
As a result, Tessian, and other companies, are on a quest to improve their A.I. to detect more advanced A.I.-powered phishing attacks, which could one day be as “prevalent as spam,” {Tessian co-founder and chief technology officer Ed] Bishop said.