Your Daily Decrypt

8/16/2023 - Today’s news and insights for cybersecurity pros and leaders

📸 Cybersecurity Snapshot

📰 Top Stories 

Summary

Who's Behind the Attacks: Unknown threat actor.

What They Did: Breached Discord.io, leading to the exposure of information for 760,000 members.

How They Did It: Exploited a vulnerability in the website's code to gain access to the database, downloading sensitive and non-sensitive information.

What's Been Affected: Usernames, Discord IDs, email addresses, billing addresses, passwords, coin balances, API keys, registration dates, internal user IDs, etc.

What Actions Were Taken: Discord.io shut down all operations temporarily, cancelled all subscriptions and premium memberships, and is conducting a complete overhaul of security practices, including a rewrite of website code.

Why it’s important to you

Stay Informed: If you've used Discord.io, especially before 2018, be aware of the breach and consider changing shared passwords.

Be Proactive: This incident underscores the importance of robust security practices, including code vulnerabilities, even in third-party services.

Consider Implications: The breach demonstrates how sensitive information can be exploited, sold, and how it might affect other platforms if shared credentials are used.

Summary

Who's Behind the Tool: Unknown creators, discovered on the dark web.

What It Does: Enables even inexperienced attackers to craft sophisticated attacks, including phishing emails and malware creation.

How It Works: FraudGPT, a subscription-based generative AI tool, offers capabilities without needing advanced technical skills.

Why It Matters: Marks a dangerous shift in cybersecurity, necessitating a new era of AI-powered defenses and highlighting the urgency to innovate.

Why it’s important to you

Stay Informed: Know the emerging threats like FraudGPT to preempt risks.

Invest in Defense: Continuous innovation and an aggressive stance in cybersecurity are vital to keep pace in this new, fast-moving arms race.

🚨 Threat Alerts

Summary

Who's Behind the Attacks: Ransomware gangs like Clop, LockBit, and ALPHV (BlackCat).

What They Did: Increased attacks by 143% between Q1, 2022, and Q1, 2023, shifting from file encryption to data theft and extortion.

How They Did It: Utilized zero-day and day-one vulnerabilities, mass exploiting software like Fortra’s GoAnywhere and Progress Software’s MOVEit Transfer. Some conducted in-house research to find exploitable vulnerabilities or purchased exploits from gray-market sources.

Who's Affected: Mainly manufacturing, healthcare, financial services, and particularly small- and medium-sized firms. At least 611 organizations were attacked by Clop alone.

Why It Matters: The trend towards data theft over file encryption, exploiting vulnerabilities, and targeting smaller businesses signals a significant evolution in ransomware tactics, making them faster, less resource-intensive, and harder to detect.

Why it’s important to you

Stay Alert: Understand this shift in ransomware tactics, focusing on data theft and exploiting vulnerabilities.

Be Prepared: Smaller businesses are increasingly targeted; robust security measures and vigilance against zero-day and day-one vulnerabilities are essential.

Consider the Risk: With a high probability of a second attack within 3 months of the first, continuous monitoring and proactive defense strategies are key.

Summary

Who's Behind the Attacks: Unspecified attackers, tracked by Netskope Threat Labs.

What They Did: Achieved a 61-fold increase in traffic to phishing pages hosted on Cloudflare R2 from February to July 2023, targeting credentials of Microsoft, Adobe, Dropbox, and other cloud apps.

How They Did It: Utilized Cloudflare R2's free hosting service, protected pages with Cloudflare Turnstile's CAPTCHA, and used evasion techniques that load malicious content only when passed by another malicious referring site.

Who's Affected: Victims mainly in North America and Asia, especially in the technology, financial services, and banking sectors.

Why It Matters: The sophisticated use of evasion techniques, coupled with the abuse of legitimate cloud services, represents a significant evolution in phishing strategies, making detection and prevention more challenging.

Why it’s important to you

Stay Vigilant: Recognize new evasion techniques and patterns like pub-*.r2.dev in URLs.

Update Security Measures: Ensure security policies and tools are equipped to detect and block such advanced phishing attempts.

Educate Users: Encourage direct typing of URLs for important pages and inform users about the signs of these phishing pages.

⚖️ Regulatory Updates

Summary

Who's Behind the Concerns: The U.S. Chamber of Commerce.

What They Did: Urged the Securities and Exchange Commission (SEC) to delay the new cybersecurity rules by a year, warning of "severe consequences" for companies.

How It Affects Business: The new rules, set to take effect on Sept. 5, require public companies to disclose "material cybersecurity incidents" within four days. The Chamber of Commerce says the rules create "vague and unworkable" procedures and ignore key national security questions.

Why It Matters: The Chamber argues that the SEC prioritized speed over accuracy and ignored traditional deliberative processes. It also calls for clarity regarding the Department of Justice's role in determining whether a disclosure poses a national security risk.

Why it’s important to you

Be Informed: Understand the new cybersecurity rules and the concerns raised by the business community.

Prepare for Compliance: If the rules are not delayed, be ready to comply by the stipulated deadlines.

Consider the Broader Context: This issue reflects the broader tension between regulatory authorities and the business community under the current administration.

👀 Curated Finds

Summary

What's the Focus: Building a resilient and strong information security foundation to fight against hackers.

Key Essentials for CIOs:

  1. Create an Infosec Mission: Collaborate with CISOs to document the organization's commitment to information security initiatives and its overall IT governance strategy.

  2. Determine Roles and Responsibilities: Establish clear visions and infosec responsibilities with other officers like CISO, CSO, and chief risk officer.

  3. Form a Security Committee: Include members from various departments, not just IT and security professionals, to create a comprehensive security conversation.

  4. Grow through Specific Goals: Outline concrete goals, steps, deadlines, and hold everyone accountable. For example, understand specific work-from-home risks within three months and implement necessary systems within six months.

  5. Why It Matters: Information security has become complex and requires a formalized approach. Building in controls and resilience to absorb impacts is more realistic than aiming to stop all successful exploits. CIOs play a crucial role in preparing and minimizing the impact of security events.

Why it’s important to you

Stay Informed: Know the essential strategies to defend your organization against increasing cybersecurity threats.

Be Proactive: Implement these essentials to build resilience and strength in your information security program.

Think Strategically: Recognize that security requires leadership support, cross-department collaboration, and long-term planning. Act now to have control over strategies rather than reacting under pressure.

Summary

What's Happening: As the digital age continues to advance, the need for skilled cybersecurity professionals is growing, and the landscape of cybersecurity jobs is evolving. As we enter 2023, several crucial cybersecurity skills are emerging as highly in demand.

Top Cybersecurity Skills for 2023 and Beyond:

  1. Threat Hunting and Analysis: Proactive identification of potential threats by understanding hacker tactics, techniques, and procedures (TTPs).

  2. Cloud Security Expertise: Knowledge of unique challenges and solutions related to cloud infrastructure, such as container security and identity management.

  3. Zero Trust Architecture: Designing, implementing, and managing a security model that requires continuous verification and strict access controls.

  4. AI and Machine Learning Proficiency: Leveraging AI and ML algorithms to analyze data and identify patterns indicative of cyber threats.

  5. Incident Response and Recovery: Swift containment and mitigation of breaches, minimizing potential damage.

  6. IoT Security Skills: Understanding the unique vulnerabilities associated with IoT devices and developing strategies to safeguard them.

  7. Regulatory Compliance Knowledge: Grasping regulations like GDPR and CCPA to ensure compliance in the digital realm.

  8. Ethical Hacking and Penetration Testing: Identifying vulnerabilities within systems through real-world attack simulations.

  9. Cryptography Mastery: Understanding encryption algorithms, digital signatures, and secure key management.

  10. Soft Skills: Effective communication, teamwork, problem-solving, and the ability to translate complex technical concepts for non-technical stakeholders.

Why it’s important to you

Stay Ahead: Understand the top skills required in the cybersecurity field to remain competitive and effective in 2023 and beyond.

Invest Wisely: If you're a hiring manager, know where to invest in training and what to look for in potential candidates.

Prepare for the Future: Whether you're a seasoned professional or starting a career in cybersecurity, these skills will be vital for success in the coming years.

Please let me know if you have any comments or feedback by replying to this email or messaging me on twitter!

Thank you 🙏
Ali Abidi