The Good, the Bad and the Ugly in Cybersecurity – Week 4

With the U.S. 2020 election behind us and a new administration now in place, the good news this week is the announcement of four new appointments to federal cybersecurity positions and $10 billion in spending plans to help beef up the nation’s cybersecurity.

Rob Joyce has been picked by the Biden administration to be the next NSA Cyber Director, while Anne Neuberger, who formerly spearheaded the NSA’s effort to counter Russian election interference, has been tapped for a new position as Deputy National Security Adviser for Cyber and Emerging Technology. Michael Sulmeyer has also been named for the National Security Council’s position of Senior Director of Cyber, though it’s unclear as yet what his duties will be.

On Wednesday, Avril Haines was approved as Director of National Intelligence. Haines, who in 2013 became the first woman to serve as Deputy Director of the CIA, has spoken previously on the need for better basic cybersecurity training as well as better coordination on cybersecurity across the public and private sectors. In her confirmation hearing this week, Haines pointedly stated that “When it comes to intelligence, there is simpy no place for politics, ever”.

The good news for cyber continued with the announcement of ambitious plans to spend $9 billion to help CISA and GSA complete and modernize cybersecurity and IT projects. A further $1 billion has been earmarked for several projects including hiring additional cybersecurity experts and improving CISA’s ability to provide monitoring and incident response across federal agencies.

The Bad

Researchers this week disclosed details of a long-running phishing campaign that not only stole victims’ credentials but left them stored on public-facing internet sites for anyone else to discover and use.

Thought to have begun in August 2020, the campaign lured victims with fake Xerox (or Xeros) scan notifications that led to a spoofed Office 365 login page. Scraped credentials were then uploaded to legitimate but compromised websites and stored as text files. Apparently unknowing or uncaring, the attackers who set up the infrastructure failed to mark the text files in a way that would prevent them from being indexed by search engines. Consequently, the stolen credentials could easily be found by anyone through a simple internet search query.

Aside from this apparent carelessness, the campaign was sophisticated enough to bypas MS Office 365 Advanced Threat Protection and harvested credentials from over a thousand corporate employees. Due to the public nature of the stored credentials, the researchers were able to offer a breakdown of industries targeted:

  • Construction 16%
  • Energy 10.7%
  • IT 6%
  • Healthcare 4.5%
  • Real Estate 4.3%
  • Manufacturing 4.3%
  • Education 2.8%
  • Transport 2.4%
  • Finance 2.1%
  • Retail 2.1%

The Ugly

Data belonging to around 2 million Premium members of popular adult chat and streaming platform MyFreeCams has been stolen and sold on a hacker forum, reports confirmed this week. The stolen data includes usernames, email addresses and passwords in clear text.

The hacker, who apparently used an SQL injection attack, offered batches of 10,000 user records at a time for $1500 in Bitcoin and promised to only sell each batch once, meaning buyers were guaranteed to get unique data. The wallet used by the criminal to receive funds had amassed just over $22,000 from 49 transactions before being emptied.


Source

Buyers of the data could use it to potentially extort users or gain access to other accounts that used the same password via credential stuffing attacks.

For their part, MyFreeCams confirmed the attack was genuine and had already notified affected users and reset their passwords. They also say the vulnerability that made the attack possible had been rectified and that no credit card details had been compromised by the breach. However, it is not clear at this point in time whether the hackers obtained details of other MyFreeCams users along with Premium members, so all users are advised to change their passwords. The site, ranked 619th most visited website on the internet and 335th most visited site in the U.S., receives over 70 million visitors each month.