Categories


Authors

BTH News 04October2020

BTH News 04October2020

This Week In Cybersecurity

This week on Between the Hacks, it’s Cybersecurity Awareness Month, potentially steep fines for paying a ransom, a New Jersey hospital pays a ransom to prevent sensitive data leakage, a warning about election misinformation, and a tool to test website privacy.


Happy Cybersecurity Awareness Month!

Read how Between The Hacks will be sharing information throughout the month of October about how you can “Do Your Part. #BeCyberSmart.”

Also, you won’t miss a single post from Between The Hacks if you subscribe to the Official Between the Hacks Mailing List (It sounds very official because it is).


Photo by AndreyPopov/iStock / Getty Images

Treasury Dept Warns of fines For Paying ransom

Last Thursday, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to warn that financial institutions, cyber insurance firms, and companies that facilitate payments on behalf of victims may be violating OFAC regulations and could face steep fines for paying the ransom.

“Those that run afoul of OFAC sanctions without a special dispensation or “license” from Treasury can face several legal repercussions, including fines of up to $20 million” reports KrebsOnSecurity.

The Cybersecurity & Infrastructure Security Agency (CISA) encourages organizations to review the OFAC Advisory for more information and to reference CISA’s Ransomware page for how to report and protect against ransomware attacks. Additionally, Tripwire shares an overview of the CISA and MS-ISAC guide to responding to a ransomware attack.


New Jersey hospital paid ransomware gang $670K to prevent data leak

university-hospital.png

Speaking of ransomware, “University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info.”, reports BleepingComputer.

The attack occurred after a UHNJ employee was tricked with a phishing scam and provided their network login credentials. The attack came from a ransomware operator known as SunCrypt, who publicly posted 48,000 UHNJ documents before a hospital representative contacted them to begin negotiations. Only two UHNJ servers were encrypted so the ransom payment was made to prevent further disclosure of sensitive patient data. After the ransom was paid, SunCrypt told journalist, Dissent Doe, “We don’t play with people’s lives.  And no further attacks will be carried against medical organizations even in this soft way.”


Vote american presidential elections button background.jpg

Election Misinformation Warning

This week the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a public service announcement (PSA), “to raise awareness of the potential threat posed by foreign-backed online journals that spread disinformation regarding the 2020 elections.”

The PSA states that foreign intelligence services have been known to use websites and fake academic journals to disseminate misleading or unsubstantiated information.

“Such sites could be employed during the 2020 election season in an attempt to manipulate public opinion, increase societal divisions, cause widespread confusion, discredit the electoral process, and undermine confidence in U.S. democratic institutions.” The FBI and CISA share the following recommendations to prevent the consumption and dissemination of misinformation.

Recommendations

  • Seek out information from trustworthy sources, verify who produced the content, and consider their intent.

  • Rely on state and local election officials as the authoritative sources of information about how elections are conducted in their jurisdictions.

  • Verify through multiple reliable sources any reports about problems in voting or election results, and consider searching for other reliable sources before sharing such information via social media or other avenues.

  • Report potential election crimes—such as disinformation about the manner, time, or place of voting—to the FBI.

  • If appropriate, make use of in-platform tools offered by social media companies for reporting suspicious posts that appear to be spreading false or inconsistent information about election-related problems or results.


Tip of the Week

blacklight.png

Blacklight WEbsite security Test

A few days ago I was listening to the funny and informative Smashing Security podcast by Graham Cluley and Carole Theriault. Their guest host for this episode was Dave Bittner from the Cyberwire podcast.

Dave talked about a tool that we, as consumers, can use to test the privacy of a website. The tool is named Blacklight and it is a self-described real-time website privacy inspector.

To test a website, just go to the Blacklight page and enter the URL of the site you want to test. Within a few seconds you will see the Blacklight Inspection Report that shows things like ad trackers, third-party cookies, session recording services, keystroke captures, Facebook Pixels and Google Analytics’ “remarketing audiences” feature. You may also see a list of ad-tech companies that the website interacts with.

Why use this tool?

  1. Test websites that you use to see if they are sharing information about you or your browsing.

  2. Test on websites that you own to see if they are leaking data about your website’s visitors.

I think many bloggers and website owners will be surprised at what their site is sharing. Keep in mind that a lot of website owners are just using a web hosting service and are likely not aware if their website is sharing data with social media sites and advertisers since the website’s content management system (CMS) is prepackaged so the website owner can just create content and not mess too much with the design and structure of the website.

Running Blacklight against Between The Hacks showed a few interesting things.

  1. Data was being sent to Twitter. I removed my Twitter feed from the site and it came up clean!

  2. It showed that BTH was capturing user keystrokes. WHAT?!?! Now that sounds bad. I’m still looking into this but at first glance, it seems that the page where you can subscribe to Between The Hacks or send feedback, is using this feature to help auto-populate fields like your name and email address. I’ll spend some time testing and tweaking it this week.

  3. Ad-tech interaction: The report showed interaction with Adobe and Alphabet (Google).

    1. The Google one wasn’t a surprise. I added Google analytics to this website years ago. I actually don’t really use it much since I get analytics from my web hosting provider and my CDN, but I’ll review and consider removing it.

    2. The Adobe one has me a bit baffled at the moment. It showed that information was being sent to typekit.net which is now called Adobe Fonts so I assume this is font-related. Looks like another fun puzzle to solve!


Picture of the Week

Have I Been Pwned?

Have I Been Pwned?

Cybersecurity Awareness Month

Cybersecurity Awareness Month