Updated: Aug 14, 2020
This week has proven to be another interesting week for cyber security. This week's digest will take you through; new reports on the effect COVID-19 on cyber security, more news of the July 15th Twitter attack, the politically driven decision by Trump to ban TikTok, the Black Hat 2020 virtual event and the increasing opportunities for women in cyber.
1. Interpol released an August cybercrime report which analyses the effect COVID-19 has had. Key findings from the report showed that in the period January to April, that there were 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs all related to COVID-19 which were detected by an Interpol private sector partner. The report also identified phishing to be the primary threat with 56% of COVID-19 inflicted cyber threats compared with 36% malware and ransomware and 22% malicious domains. Interpol warns that these threats are set to continue to rise.
2. The court hearing for the July 15th Twitter hack was conducted through Zoom, although it was cut short by the event being “zoom-bombed”. Last week 3 were charged with the Twitter hack, including the 17-year-old Graham Clarke. The 17-year-old was charged with 30 felony charges, including one count of fraudulent use of personal information with over $100,000 or 30 or more victims. It was revealed that the 3 criminals conducted a targeted a phone spear-phishing attack on Twitter employees. The notice for the hearing allowed the public to see the Zoom meeting time, ID number and no password, meaning that virtually anyone could participate in the hearing. Settings to prevent participants from using their own audio and video were not enabled, which allowed uninvited users to interrupt the hearing. Surprisingly, the court hearing had not enabled the settings to prevent the interruption, with security experts calling the “zoom bomb” predictable. Let's take a closer look into this week's events.
3. Earlier in the week, it was revealed that Microsoft was planning on buying the video-sharing app TikTok to relieve national security concerns from countries outside of China. There were concerns that the app could allow the Chinese government to spy on global users. However, it has been revealed that President Trump has told US firms to stop business with TikTok and parent company WeChat. Many argue that the ban is a part of Trump’s political agenda due to the heightened tension between the US and the Chinese government over various issues, including trade disputes.
4. This week the 23rd Black Hat USA security event was held virtually. During the Black Hat event, Blackberry released a new tool for reverse engineering PE files. The tool is named PE tree, which is a Python-based app for Linux, Mac and Windows, which allows reverse engineering and analysis of the internal structure of PE files. Also at Black Hat, an Oxford University researcher showed how cyber criminals can gain access to sensitive information on corporate networks with just home television equipment. The research demonstrated that security vulnerabilities in satellite broadband communications allowed the interception of unencrypted web traffic.
5. Google and WiCyS have partnered to create a training program to help women receive the right tools to boost their cyber security careers. The opportunity will allow 100 women the chance to advance their careers in the next 1.5 years through a skills development program. According to a 2019 report only 24% of the cyber security workforce is made up of Women. The program is an example of how innovative companies can lead the way in increasing diversity in cyber security, enabling new talent.