Hub Weekly Digest: Microsoft Warns of Phishing, Houston Port Targeted, Colonial Pipeline Resurfaces, and the Quad Takes on 5G Chip Supply Chain
HUB Security’s weekly digest covers top stories happening around the world related to cyber attacks, threats and global cybersecurity news.
Join our webinars on the most relevant cybersecurity topics trending in 2021 — stay up to date via our LinkedIn and Twitter.
HUB Security’s upcoming webinar ‘The Future of Encryption’ taking place October 7th. We are thrilled to host a panel of subject experts, including Thomas Stengel, Paul Starrett, Marc Kaplan, Natalie Kilber, Maëva Ghonda, and Alon Saban to discuss current and future challenges in quantum security. Register here.
Microsoft Warns of a Large-scale Phishing-as-a-service Operation
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.
The tech giant said it uncovered the operation during its investigation of a credential phishing campaign that used the BulletProofLink phishing kit on either on attacker-controlled sites or sites provided by BulletProofLink as part of their service. The existence of the operation was first made public by OSINT Fans in October 2020. (Source)
Port of Houston Target of Suspected Hack
A major U.S. port was the target last month of suspected nation-state hackers, according to officials. The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.”
Cybersecurity and Infrastructure Security Agency Director Jen Easterly initially disclosed that the port was the target of an attack at a Senate committee hearing Thursday morning. She said she believed a “nation-state actor” was behind the hack, but did not say which one. (Source)
New Research Shows Women, Minorities Are Hacked More Often Than Others
Lower-income and vulnerable populations are disproportionally affected by cybercrime, according to a new survey, which uncovered that demographics play a big role in how often individuals are targeted.
The survey results released Monday (from Malwarebytes, Digitunity and Cybercrime Support Network) suggest that minority groups and those with lower incomes and lower education levels are more likely to fall victim to a cyberattack, and some groups are far more likely to encounter online threats.
For instance, more women receive text messages from unknown numbers that include potentially malicious links than men (79 percent compared with 73 percent). And almost half (46 percent) of women said they have had their social-media accounts hacked, compared with 37 percent of men. (Source)
Colonial Pipeline Rejects Responsibility for Hack’s Gas Pump Hit
Colonial Pipeline Co. isn’t responsible for a ransomware attack’s ripple effects on consumers who saw higher prices at gas pumps, the company argued in a federal court filing. Colonial doesn’t sell directly to the people who sued over the hack and it doesn’t set the price for the oil it transports, according to its brief filed Sept. 20 in the U.S. District Court for the Northern District of Georgia.
In May, a ransomware attack against the pipeline interrupted the U.S. East Coast’s supply of gasoline, driving up prices and setting off shortages at pumping stations. The proposed class action alleges that the Colonial Pipeline failed to fulfill its duty to gas buyers to protect its infrastructure from Russia-linked cybercriminals. Along with damages, the suit is seeking a court judgment ordering Colonial to boost its cybersecurity. (Source)
Quad Alliance Joins Hands to Secure Semiconductor, 5G Tech Supply Chains
Prime Minister Narendra Modi joined US President Joe Biden, Japanese Prime Minister Yoshihide Suga and Australian Prime Minister Scott Morrison in calling for “close cooperation on supply chains with allies and partners who share our values” with an aim to enhancing “security and prosperity” of the four partner nations and to “strengthen capacity to respond to international disasters and emergencies”. The agreement comes at a time when there is a global shortage of semiconductors.
