General Worldwide activity:

1st: Yes, It’s Time to Ditch LastPass

Overview: For the security service’s 25.6 million users, though, the company made a worrying announcement on December 22: A security incident the firm had previously reported (on November 30) was actually a massive and concerning data breach that exposed encrypted password vaults — the crown jewels of any password manager — along with other user data. The details LastPass provided about the situation a week ago were worrying enough that security professionals quickly started calling for users to switch to other services. Now, nearly a week since the disclosure, the company has not provided additional information to confused and worried customers. LastPass has not returned WIRED’s multiple requests for comment about how many password vaults were compromised in the breach and how many users were affected. The company hasn’t even clarified when the breach occurred.

Breakdown: Everyone in security tries to get everyone they know to use a password manager, and LastPass was a great affordable option in the past. With this breach, the way LP has handled sharing info and the tech issues behind it all has proven it’s now a bad choice. There is the option in LastPass to migrate out all of your info, do so sooner rather than later! Look into other options, point people to still using those instead of the same bad password for everything, and find a new favorite one for yourself.

2nd: APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Overview: Microsoft’s decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. Weaponized Office documents delivered via spear-phishing emails and other social engineering attacks have remained one of the widely used entry points for criminal groups looking to execute malicious code.

Breakdown: The attack and defense cycle continues forward with a change in tech. Microsoft makes a change to help defend against attacks and the APT groups find a new or different vector to deliver their malicious payloads. This will probably move into a new primary method for phishing attacks into 2023, wanted to make everyone familiar with the general process so you are aware if you see anything related to this kind of activity.

3rd: Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

Overview: A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws “allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN,” the researcher, who goes by the name Matt, disclosed in a technical write-up published this week.

Breakdown: With all of the home automation and “smart devices” as presents for various family members during the holiday season, this is a perfect reminder of the dangers inherent in IOT devices with always-on microphones and cameras. At the very least, these devices should be run on a separate wi-fi network within your home, so any flaws are not available for abuse as attacks on your entire home network. I personally do not use any of these devices because of the constant release of vulnerabilities along with the potential for the always-on tech to be abused as well by the manufacturer themselves.

4th: Cyber highlights in the $1.7 trillion government spending bill

Overview: President Joe Biden on Thursday signed a $1.7 trillion federal spending bill that includes a significant funding increase for the Cybersecurity and Infrastructure Security Agency (CISA). The bipartisan legislation boosts the agency’s budget by roughly $313 million, for a total of $2.9 billion. That is a 12% increase over fiscal year 2022 and 15% more than the White House sought for the Homeland Security Department’s cyber wing. The bill allocates more than $1.7 billion for cybersecurity efforts, including the “protection of civilian federal networks that also benefit” state, local, tribal and territorial government networks. It also grants CISA $46 million for “threat hunting and response capabilities” across those systems.

Breakdown: CISA has made significant progress in helping the U.S. Federal government and their various agencies improve overall cyber hygiene across the board, as well as a great influence on general risk levels across the internet in general for private companies. Great to see more funding being provided to CISA and to Homeland Security to keep making progress in 2023.

5th: How Cyber Command has ‘built and rebuilt’ its strategy around cyberspace operations

Overview: After 23 years in the Marine Corps, Sanger retired last month as the command’s deputy general counsel. The Record spoke with Sanger, now a cybersecurity board advisor for companies Cowbell and Batten, about his time at CYBERCOM, how the processes around cyber operations have changed, and what the future should hold for the U.S. in cyberspace.

Breakdown: On the flip side of the public facing agencies covered above in the funding bill, we have the U.S. Cyber Command pursuing attacks against the country from a military perspective. It is always interesting to get an inside look at their behavior, thoughts around APT groups and general internet based criminal activity.

Contact Us

contact@hunterstrategy.net

Our Website

Top five Cyber Threat Intel stories of the week: 12/26 to 12/30/2022

General Worldwide activity:

Written by James Beal