This Week in Security News – October 8, 2021
Learn about how Ransomware as a service (RaaS) is enabling attacks to spread more rapidly and the cause of Facebook’s major outage this week
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Ransomware as a service (RaaS) is enabling attacks to spread more rapidly. Additionally, read about the cause of Facebook’s major outage this week.
Read on:
Ransomware as a Service: Enabler of Widespread Attacks
Ransomware as a service (RaaS) can be credited as one of the primary reasons that ransomware attacks are proliferating rapidly. In the past, ransomware attacks were launched by the ransomware operators themselves. When RaaS entered the picture, however, it made it easier for a variety of attackers, even those who have little technical knowledge, to wield ransomware against targets.
Facebook Blames Networking Issues, not a Cyberattack, For Long Downtime
Configuration changes “on the backbone routers that coordinate network traffic between our data centers” interrupted communication, Facebook said, causing a “cascading effect” that disrupted the flow of communication. The same issue also halted Facebook’s internal systems, further delaying the recovery process.
How to Secure Smart Home IoT Devices, Routers, and Smart Speakers
Smart TVs, smart refrigerators, smart cameras, and other smart devices make life at home convenient, but if left unguarded, they can inadvertently expose homes to risks. Some of these dangers include theft and privacy invasion, especially when cybercriminals use smart home devices to enter a network and infiltrate other devices such as laptops and phones. In this blog, learn some basic recommendations for securing these devices.
TSA to Impose Cybersecurity Mandates on Major Rail and Subway Systems
The move reflects a determination by the Biden administration to use its rulemaking muscle to compel critical industries to improve their cybersecurity in the wake of damaging cyberattacks on a major American pipeline and the world’s largest meat supplier. The coming directive will require the most critical rail and transit systems to identify a cybersecurity point person, report incidents to the CISA and create an incident recovery plan.
Twitch Confirms Major Data Breach
Twitch has experienced a major data breach, the game streaming service confirmed on this week. The company's statement came after an anonymous individual reportedly released more than 120 gigabytes of Twitch data on the online forum 4chan, including what they claim was the platform's source code and data on how much top streamers on the service get paid.
4.6 Million Customers Might Be Affected by Neiman Marcus Data Breach
4.6 million customers of Neiman Marcus Group stores are being notified about the hack, the company said in a press release. Customers' names, contact information, payment card numbers and expiration dates (without CVV), virtual gift card numbers, usernames, passwords, security questions, and answers associated with Neiman Marcus online accounts were compromised in the hack, according to the retailer.
Google Prepares to Auto-Enroll 150M Accounts in Two-Factor Authentication
The upgraded security setup is designed to prevent hackers from breaking into a user account in the event a password is successfully guessed or stolen. Hackers can often break into online accounts by using software programs to successfully guess the passwords or by uncovering re-used login credentials from past data breaches.
Government organizations accounted for more than half of the targets for Moscow-linked hacking groups for the year through June 2021, compared to just 3% the previous year, according to Microsoft. At the same time, the success rate of Russian intrusions into government and non-government targets has gone from 21% to 32% year over year, the technology giant said in a report focusing on state-backed and cybercriminal activity.
Cybersecurity Awareness Month is a Good Time to Help Friends
Cybersecurity Awareness Month is a worthwhile reminder to individuals to check their own cybersecurity, and for us to offer some advice to less-techie friends and family members. Many of the steps that seem obvious to us may not be so to less tech-savvy friends, so here’s a checklist you can show them.
US Gov’t Will Slap Contractors with Civil Lawsuits For Hiding Breaches
In a groundbreaking initiative announced by the Department of Justice this week, federal contractors will be sued if they fail to report a cyber attack or data breaches. The newly introduced "Civil Cyber-Fraud Initiative" will leverage the existing False Claims Act to pursue contractors and grant recipients involved in what the DoJ calls "cybersecurity fraud."
Zero Trust and UES Lead Gartner's 2021 Hype Cycle for Endpoint Security
Gartner’s Hype Cycle for Endpoint Security, 2021 explores how chief information security officers can achieve their goals while reducing costs and improving visibility and control. This year’s Hype Cycle prioritizes UES as the solution CISOs need in order to secure their endpoints. Unified endpoint security market momentum is accelerating as cybersecurity teams rush to close the gaps in their endpoint infrastructure and avert potential breaches before they happen.
Supply Chain Risk Matters When It Comes to Cybersecurity for Next-Gen 911
A bill in front of the Senate on next generation 911 infrastructure, or NG911, includes funds and policies to address cybersecurity as part of modernizing public safety communications. 911 is vulnerable to cyber-attacks, and municipalities and organizations have been compromised by low-end ransomware, denial of service attacks and other vectors. Senate Bill 2754 provides $10 billion to help facilitate the transition from legacy public safety networks to the NG911 standard by distributing grants to local agencies responsible for 911.
What do you think about the Facebook outage as whistleblower statements come to light? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.