The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
Hackers targeting the US electric grid, M1 chip compatible malware, and a new attack framework for inferring keystrokes - catch up on all of the week's infosec news with the Friday Five!
1. Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn by Andy Greenberg
Researchers warned this week that hackers linked to the Russian Military intelligence group Sandworm have been targeting the US energy grid for years. Sandworm has a history of tampering with electric utilities, notably triggering blackouts in Ukraine in 2015 and 2016. The researchers who released the report stress that the threat to energy systems has been intermittent, if not persistent. To gain access to the grid, the hackers' main intrusion tools have been phishing emails containing malware and brute force attacks on cloud-based logins of Microsoft services. The news is part of the concerning increase in malicious groups targeting electric utilities, which deserves the attention of the cybersecurity community, as many local utilities lack the funding to properly defend their infrastructure and any disruption to a public utility would cause massive disruption, as evidenced by Texas’s grid problems last week during its winter storm.
2. Australia passes law requiring Facebook and Google to pay for news content by Jon Porter
Australia has passed legislation that requires Google and Facebook to pay news outlets for their content. Facebook has pushed back aggressively against the new legislation. Recently, it temporarily prevented users and publishers from sharing news content on Facebook. Google also threatened to remove its search engine from the country but has since relented and signed deals to pay media organizations for their content. The law is backed by the fact that if companies didn’t reach agreements, there would be forced arbitration, where independent parties could determine the value and thus cost of the news media’s content. With the Australian media being hit hard by coronavirus-driven layoffs, there was an incentive to finally address the disproportionate share of online advertising revenue received by large tech companies.
3. Chinese spyware code was copied from America's NSA: researchers by Raphael Satter
In the latest example of malicious software run amok, there were reports this week that Chinese spies were using code in their hacking operations that were originally developed by the NSA. Specifically, the code in question likely came from the 2017 leak of the NSA’s break-in tools. The news comes amid the cybersecurity communities’ debate about what the correct balance between offensive and defensive cyber strategies should be in national defense. How the stolen break-in tools are being used and what companies, if any, have been affected, is still unclear. In light of the news, some are calling for a shift towards patching more known vulnerabilities. Currently, when an organization like the NSA discovers a vulnerability, it must weigh the pros and cons of alerting the company into patching versus knowing about the vulnerability so they can exploit it when they need it, but this report shows that if that info leaks, the consequences can be significant.
4. 30,000 Macs infected with new Silver Sparrow malware by Catalin Cimpanu
A new malware targeting Mac devices has already infected over 30,000 systems. Researchers are calling the malware Silver Sparrow. Details of how it operates are still unclear, but its arrival is unsurprising, as it has been designed to infect systems running Apple’s new M1 chip. Its initial high infection rate, global reach, and operational maturity have raised concerns about its impact, especially if it’s effective at delivering malware. The initial report also contains helpful indicators, such as files and file paths created and used by the malware, for researchers and users to check if they were compromised. As Apple’s new M1 chip continues its rollout, it will be important for the cybersecurity community to keep an eye on Silver Sparrow.
5. Experts Find a Way to Learn What You're Typing During Video Calls by Ravie Lakshmanan
A new attack framework is inferring keystrokes of a user by using the video feed to correlate body movements to the text being typed. The technique can be applied to any video or live video feed as long as the camera captures the targets’ upper body movements. So far, the tests have been conducted with a small enough group to not be definitive but the framework was able to infer most emails and usernames typed by participants while struggling with passwords and most of the words typed by individuals. When combined with audio from videos, the framework was even more successful. Amid the increased use and necessity of online calls for work, the research presents a worrying new way that personal data can be stolen.