AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/01/2021

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere

No one ever wants a group of hackers to say about their company: “We had the keys to the kingdom.” But that’s exactly what the hacker Sick Codes said on this week’s episode of Lock and Code, in speaking with host David Ruiz, when talking about his and fellow hackers’ efforts to peer into John Deere’s data operations center, where the company receives a near-endless stream of data from its Internet-connected tractors, combines, and other smart farming equipment. For Sick Codes, what began as the discovery of a small flaw grew into a much larger group project that uncovered reams of sensitive information. Customer names, addresses, equipment type, equipment location, and equipment reservations were all uncovered by Sick Codes and his team, he said.

 

CISA: Don’t use single-factor auth on Internet-exposed systems

Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against. CISA’s Bad Practices catalog includes practices the federal agency has deemed “exceptionally risky” and not to be used by organizations in the government and the private sector as it exposes them to an unnecessary risk of having their systems compromised by threat actors. They are exceptionally dangerous for orgs that support Critical Infrastructure or National Critical Functions (NCFs) responsible for national security and economic stability, as well as the public’s safety. Furthermore, these dangerous practices are “especially egregious” on Internet-exposed systems that threat actors could target and compromise remotely.

 

SEC charges broker-dealers, investment advisors over cybersecurity failures

Units of three broker-dealer and investment advisory firms agreed to pay hundreds of thousands of dollars in penalties to settle charges from the U.S. Securities and Exchange Commission (SEC) over cybersecurity failures, the regulator said on Monday. The SEC charged KMS Financial Services, five units of financial firm Cetera, and two units of Cambridge Investment Research for failures to adopt and implement cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm. Cetera, Cambridge and KMS did not respond immediately to requests for comment. None of the firms admitted to or denied the findings, the SEC said in a statement.

 

Afghanistan’s reported data breach has life-and-death consequences

In the wake of the Taliban’s takeover of Kabul and the ouster of the Afghan national government, alarming reports indicate that the insurgents could potentially access biometric data collected by the U.S. to track Afghans, including people who worked for U.S. and coalition forces. Afghans who once supported the U.S. have been attempting to hide or destroy physical and digital evidence of their identities. Many Afghans fear that the identity documents and databases storing personally identifiable data could be transformed into death warrants in the hands of the Taliban. This potential data breach underscores that data protection in zones of conflict, especially biometric data and databases that connect online activity to physical locations, can be a matter of life and death. My research and the work of journalists and privacy advocates who study biometric cybersurveillance anticipated these data privacy and security risks.

 

Ransomware attacks on US schools and colleges cost $6.62bn in 2020

In 2020, 77 individual ransomware attacks affected over 1,740 schools and colleges, potentially impacting 1.36 million students. We estimate that these attacks cost education institutions $6.62 billion in downtime alone. Most schools will have also faced astronomical recovery costs as they tried to restore computers, recover data, and shore up their systems to prevent future attacks. Over the last few years, ransomware attacks have become an increasing concern for schools and colleges worldwide. They take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data. But what we did notice in 2020 was that while individual attack figures decreased quite significantly, the number of schools and students impacted by the attacks grew exponentially. This suggests hackers targeted larger school districts with bigger annual budgets, hoping to cause greater disruption and increase their ransom payment demands. This trend looks as though it has continued in 2021, too, exemplified by the “bizarre” $40 million ransom request made to Broward County Public Schools in April.

 

South Korea passes world’s first law to curtail Apple, Google app store dominance

South Korean legislators passed a bill Tuesday that breaks the iron grips of Apple and Google over their app stores, becoming the first country to rein in the tech giants’ dominance of the mobile economy. The pending law, a revision of the country’s Telecommunications Business Act, prevents the companies from requiring mobile developers to use their proprietary payment channels, which take commissions ranging from 15% to 30% on in-app purchases of digital content. The bill, which allows the country’s media regulator to fine violators up to 3% of their annual South Korean revenue, is expected to be signed into law by President Moon Jae-in. Rep. Han Joon-ho, of the majority Democratic Party, said in a written statement that the law would “strengthen domestic content competitiveness, protect users’ rights and interests and grow K-content into a global leader in the long term by blocking fee abuse.”

Related Posts