This week, Montana TV stations hit by cyber attack, Ransomware crisis in US schools, a deep dive into Phobos Ransomware, Cybersecurity salary survey reveals variance across industries and geolocations in 2020, and Ring smart camera claims they were not hacked!! In the expert commentary, we welcome Paul Asadoorian, CTO and Founder of Security Weekly, to discuss why you should be careful who you do business with!
Visit https://www.securityweekly.com/hnn for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor's Page
The latest in Ransomware
https://www.krtv.com/news/montana-and-regional-news/several-montana-tv-stations-hit-by-cyberattack -- Montana TV Stations
https://securitytoday.com/articles/2019/12/16/new-orleans-becomes-latest-city-to-suffer-ransomware-attack.aspx?admgarea=ht.businesscontinuity -- New Orleans (ryuk likely).
https://www.darkreading.com/threat-intelligence/ransomware-crisis-in-us-schools-more-than-1000-hit-so-far-in-2019/d/d-id/1336634 -- pretty much all the skools
https://healthitsecurity.com/news/ransomware-attacks-double-in-2019-brute-force-attempts-increase -- and the hospital
https://healthitsecurity.com/news/ransomware-costs-on-the-rise-causes-nearly-10-days-of-downtime -- can you be down for 10 days?
https://blog.malwarebytes.com/threat-analysis/2019/07/a-deep-dive-into-phobos-ransomware/ -- phobos and dharma, but mostly I want to talk about Ransomware as a service.
https://content.govdelivery.com/attachments/USDHSFACIR/2019/07/31/file_attachments/1257654/Ransomware%20Statement.pdf -- so some recommendations? Well, all this seems to have a common problem.
https://vantaylor.house.gov/uploadedfiles/digital_one_pager.pdf -- is this bill something? Well, we need to do something. Look, only about 8 percent of the 90kl government entities in the US, utilize MS-ISAC and CISA. Well, that's great and all but telling a school district that relies on Mr. Clark, the English Classics instructor, to go read up on MS-ISAC alerts and use CISA hardening on the servers probably isn't going to cut it.
https://vantaylor.house.gov/uploadedfiles/bill_text_strengthening_state_and_local_cybersecurity_defenses_act.pdf -- the actual bill. HR 5394
Salary Surveys https://www.securitymagazine.com/articles/91398-cybersecurity-salary-survey-reveals-variance-across-industries-and-geolocations-in-2020 -- Where to go to make the big bucks? Is that PhD really going to be worth it?
Crime and Punishment
https://securitytoday.com/articles/2019/12/17/orbitz-and-expedia-settlement-data-breach.aspx?admgarea=ht.businesscontinuity -- so, is a 110k fine, going to bring Orbitz around? https://www.securitymagazine.com/articles/91412-more-than-60-of-all-leaked-records-exposed-by-financial-services-firms -- but the real breaches are over in the financial services sector. Sure, Orbitz, has your information but the bank? Well, they have everything. 60% of all leaked records were over here.
Meanwhile, in the drone swarm...
https://newyork.cbslocal.com/2019/12/14/ring-smart-cameras-password/ -- how could we not talk about Ring. But it wasn't their fault, right?
https://www.securitymagazine.com/articles/91431-the-new-security-achilles-heel -- the idea of "gestalt" computing is increasingly driving the end of the "perimeter". Does this mean that we have to push down do a different level of management in order to have a chance?
https://www.zdnet.com/article/predictions-2020-cloud-computing-sees-new-alliances-and-new-security-concerns/ -- predictions for 2020, is it skynet?
/* These are mine
Cloud security will be even more critical as we move more services into cloud native environments. This means more buy ups of security services by the big players.
Alibaba may well exceed Google in the massive global cloud. I mean do you really trust google more than Alibaba? Really?
Ransomware as a service is going to continue to pummel public and private interests.
More global crackdowns on internet information sharing in both what you get to see, and what they can share.
More IoT exposures due to firmware weaknesses lead to greater effect. */
Undercover FBI agents were able to stream pirated content, thanks to a completely illegal streaming operation call JetFlix. This is not like some of the pirated streaming sites out there (that my friends tell me about). JetFlix gave the appearance of a completely legit streaming service, charging $9.99 / month and made available just about any TV show and Movie on the planet. Some of the facts in the articles are really interesting:
I have to admit, I did not even consider that such a service existed and am excited about this idea, however, after reading this story I am hesitant. I have, like many, a large collection of CDs, Tapes and Vinyl records. I ripped them manually, a painstaking process. Murfie was a service that did this for you, stored all of your media, and allowed you to download and stream your own content (I'd immediately look for session handling bugs because imagine having access to everyone's media! But that would be wrong, and illegal). But suddenly, Murfie went out of business, cease all communications with customers, and did not send everyone their media back. Some interesting things:
|[caption id="attachment_210" align="alignleft" width="120"] Doug White - Professor[/caption]|
|[caption id="attachment_210" align="alignleft" width="120"] Paul Asadoorian - Founder & CTO[/caption]|