Pete Recommends – Weekly highlights on cyber security issues, July 11, 2021

Subject: Leaked infrastructure code, credentials and keys costing orgs an average of $1.2 million per year: 1Password
Source: ZDNet
https://www.zdnet.com/article/leaked-infrastructure-code-credentials-and-keys-costing-orgs-average-of-1-2-million-per-year-1password/

Organizations are losing millions of dollars in revenue each year due to leaked infrastructure code, credentials and keys, according to a new report from 1Password. 1Password’s report “Hiding in Plain Sight” said that on average, enterprises lose an average of $1.2 million each year due to leaked details, which researchers at the company called “secrets.” Researchers found that IT and DevOps workers leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code for easy access and to make things move faster.

The report features analysis from 1Password researchers as well as an April 2021 survey of 500 IT and DevOps workers in the US. For 10% of respondents who experienced secret leakage, their company lost more than $5 million. More than 60% of respondents said their organizations have dealt with secrets leakage.

In addition to the money lost, 40% said their organizations suffered from brand reputation damage and 29% said clients were lost due to the consequences of secrets that had been leaked.

Alarmingly, 77% of respondents said they still have access to a former employer’s systems and 37% said they had full access, highlighting one of the main reasons why secrets continue to be leaked.
Another factor contributing to the problem is the growing use of cloud applications, which 52% of IT and DevOps workers said made it harder to manage secrets.

Topic: IT Priorities


Subject: Capitol rioters who deleted social media posts of their involvement may have further incriminated themselves
Source: Insider via Yahoo
https://news.yahoo.com/capitol-rioters-deleted-social-media-060320292.html

At least 49 people charged in connection with the riots were accused of deleting incriminating content off their social media and phones, the AP found, but only a handful have actually faced charges for tampering with online content.

Experts told the AP, deleting the content shows how desperate the defendants were to manipulate evidence against them once they realized they were in legal trouble and that could make getting a plea deal or any other kind of leniency difficult.

“It makes them look tricky, makes them look sneaky,” said Gabriel J. Chin, who teaches criminal law at the University of California, Davis.

His lawyer, Harley Breite, however, argued that he never obstructed justice because he didn’t know when he shut the account down that it could be evidence.

“You can’t delete evidence if you don’t know you are being charged with anything,” Breite said.

Additionally, sometimes people who receive or see the now-deleted content will preserve it and send it to authorities. Metadata on content could also show if contents been altered.

“You can’t do it,” Joel Hirschhorn, a criminal defense lawyer in Miami who is not involved in Capitol riot cases told the AP. “The metadata will do them in every time.”

More: Capitol Riot


Subject: A Banking App Has Been Suddenly Closing Accounts, Sometimes Not Returning Customers’ Money
Source: ProPublica
https://www.propublica.org/article/chime#1072735

Chime, a “neobank” serving millions, is racking up complaints from users who can’t access their cash. The company says it’s cracking down on an “extraordinary surge” in fraudulent deposits. That’s little consolation to customers caught in the fray.

Marrero’s grievance is not unusual. Chime, which provides app-based banking services to an estimated 12 million customers, has according to experts been generating a high rate of complaints, with 920 filed at the Consumer Financial Protection Bureau since April 15, 2020. “For a company that most people have never heard of, I think that’s a lot of complaints,” said Lauren Saunders of the National Consumer Law Center.

Chime portrayed the customer complaints as largely driven by the company’s attempts to crack down on accounts that use fraudulently obtained unemployment insurance or federal stimulus payments.

For all of Chime’s Silicon Valley tech patina, one thing it’s not is an actual bank. Like others in its category, Chime is a digital interface that hands over the actual banking to, in this instance, two regional institutions, The Bancorp Bank and Stride Bank. Chime customers interact with the Chime app, but Bancorp and Stride, both of which are FDIC-insured, hold their money.


Subject: CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Source: CISA
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa

CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below.
CISA and FBI recommend affected MSPs:…CISA and FBI recommend MSP customers affected by this attack take immediate action to implement the following cybersecurity best practices. Note: these actions are especially important for MSP customer who do not currently have their RMM service running due to the Kaseya attack….
Resources:  CISA and FBI provide these resources for the reader’s awareness.  CISA and FBI do not endorse any non-governmental entities nor guarantee the accuracy of the linked resources.

Subject: The Older You Are, the More Likely You Are to Fall Victim to Cybercrime
Source: PC Magazine
https://www.pcmag.com/news/the-older-you-are-the-more-likely-you-are-to-fall-victim-to-cybercrime

Every year, the FBI’s Internet Crime Complaint Center (IC3) branch puts out an annual cybercrime report, a dense document on all the complaints it has received in the previous calendar year on various forms of cybercrime. It’s never a fun read. With complaints hitting an all-time high of 791,790 (up 45%), to the tune of $4.2 billion dollars lost to cybercrime, the 2020 report is the scariest yet. (It should send you scurrying to get a VPN and a password manager and to activate two-factor authentication.) The folks at Security.org have put out a report on the IC3 stats called the State-by-State Breakdown of Cybercrime in America. It also includes data from the Federal Trade Commission’s Consumer Sentinel Network.

Complaints in the report cover not only cybercrime but also ID theft and fraud, which don’t necessarily have to be digital but usually are. ID theft, in particular, hit the roof in 2020. Why? Thank COVID-19, of course. Not that this is too shocking, since complaints have been increasing steadily since 2016…


Subject: The Evolution of Cybercrime as a Service – Organizations need to add layers of security to defend against ever-increasing cyberattacks.
Source: CSO Online
https://www.csoonline.com/article/3624736/the-evolution-of-cybercrime-as-a-service.html

You’ve likely heard of software as a service (SaaS), infrastructure as a service (IaaS), and numerous other “as-a-service” platforms that help support the modern business world. What you may not realize is that cybercriminals often use the same business concepts and service models in their own organizations as regular, non-criminal enterprises. While this may have started several years ago, the tactic has continued to grow with today’s criminals taking advantage of easy-to-access solutions.

Cybercrime as a service follows the same path as most as-a-service business offerings. Talented criminals who’ve written successful malicious code have begun renting access to their own cybercrime “solutions” to lower-level criminals who either don’t have the resources or know-how to design, write, and execute cyberattacks on their own. Criminals provide the service for a cut – and that cut is growing, with some criminals receiving 10% to 20% of any profits made in an attack that uses their code.


Subject: The anatomy of a ransomware attack
Source: Washington Post
https://www.washingtonpost.com/technology/2021/07/09/how-ransomware-attack-works/?itid=sf_business-technology

Inside the hacks that lock down computer systems and damage businesses. “…To reconstruct the anatomy of a ransomware attack, The Post conducted its own data analysis and spoke with nearly a dozen cybersecurity experts, law enforcement officials, negotiators and victims. The Post used different examples to illustrate the components of how an attack happens. The resulting examination has five parts: the hackers, the hack, the negotiation, the payment and the aftermath…”

Subject: Identity Theft 101: Tips to Protect Yourself Against Identity Theft
Source: Law Technology Today
https://www.lawtechnologytoday.org/2021/06/identity-theft-101-tips-to-protect-yourself-against-identity-theft/

What identity theft comes down to is that your personal and confidential information ends up in the wrong hands and gets used without your permission for purchases and all kinds of fraudulent activities. The scary part is that most of us willingly make our personal information available online, and it is easy for cybercriminals to steal it. Considering that we all use technology and the internet nowadays, this could happen to anyone. On the up-side, though, identity theft can be prevented with some basic knowledge, planning, and awareness…
Posted in: Cybercrime, Cybersecurity, Financial System, Social Media