To help you keep up with the increased volume and pace of this year’s cybersecurity news, SWK has put together this quick summary of a couple of the top stories from August to September 2021. While at the time of this writing the infrastructure bill remains hotly debated, it has made clear that cyber space will be considered an important part of public safety initiatives, from the federal level down to the municipal. Additionally, research by different firms into dark web markets revealed a thriving ecosystem filled with generally cheap prices for sensitive data.
Continue reading below to learn more, and to see how this news may affect you:
Infrastructure Bills & Cybersecurity
While the final version of the bipartisan infrastructure bill will differ considerably from initial proposals between the Biden administration, the Senate and the House, there is no doubt that it will include significant funding for cybersecurity. A sizable portion of these funds will go towards the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which is ostensibly the top government watchdog for network security concerns. However, a few other agencies will also receive monies (under the current proposal) earmarked strictly for investment into various cybersecurity initiatives as well as general enforcement operations.
The purpose of much of this funding is to follow through with the executive order issued by the Biden administration earlier in 2021, which called for renewed focus on cybersecurity. Infrastructure is seen under this EO as one of the most vulnerable areas to cyber threat (as evidenced by the Colonial Pipeline hack, among many others), and thus the capital this bill would direct towards each agency included is meant to help those institutions better secure their critical public-facing utilities. Despite this, several observers (and even an inspector general) have commented that CISA requires major overhauls in thinking and must commit to significantly greater actions to address past shortcomings.
Breach Reporting & Security Incentives
An integral part of the bill’s language are the stipulations for increasing cyber awareness, starting with millions devoted to establishing resource and training programs that will better equip, educate and prepare both individuals and organizations against cyber threats. These include a $25 million multi-factor authentication (MFA) campaign, $50 million expansion of the Crossfeed dashboard, another $50 million to develop a Multi-State Information Sharing and Analysis Center, and several other initiatives. However, there are still follow-up proposals being submitted to Congress to expand upon these efforts further to bring more incentives to report a breach and enforce other cybersecurity best practices.
Dark Web Data for Sale
Separate studies by IBM and research firm Privacy Affairs revealed an in-depth look of the wide availability of stolen data on the collection of anonymous websites called the dark web, and the pricing tiers dividing each category of exposed credentials. The dark web represents the parts of the Internet that cannot be indexed, and many users come here simply to seek privacy from tracking, while others visit to actively engage in illicit activity. Hackers make up a sizable chunk of the latter, and cybercriminals have created fairly open marketplaces to trade information, malware toolkits and data.
Cheap Access to Stolen Files
The Privacy Affairs study compiled a price index of the stolen data categories, for everything from hacked account passwords to credit card and bank information. Interestingly enough, credit details were one of the cheaper options available ($14 – $30), while account credentials could cost more than an actual subscription. The answer to this potentially lies in some of the more expensive items on the dark web – forgeries, which require a significant amount of more identify theft, and skill, to get past basic security controls.
Enterprise Cloud Security
IBM’s threat intelligence division, X-Force, conducted their own study into the dark web focusing on how it impacted cloud security for enterprises, which have migrated to cloud-hosted environments at significant rates. They not only found ransomware toolkits tailored for these types of systems, but also the stolen credentials of almost 30,000 cloud-based accounts for prices starting at “a few dollars.” Many of the vendors of the illicit data even offered a warranty on access that was no longer available to the stated account up to two weeks after sale.
1 Million Stolen Credit Cards Leaked for Free
Another report released in August by firm Cyble brought to light a massive data dump of 1 million stolen credit card details, but what was truly extraordinary was that they leaked for no charge at all. A cybercriminal market on the dark web called AllWord.Cards offered up the information for free as a teaser for their services, reinforcing the easy availability of this type of data online.
Telegram as the New Dark Web
In yet another report, this time by Cyberint and Financial Times, an investigation uncovered signs that the app Telegram could become the next cybercrime ecosystem and even replace the dark web. Telegram is an open-source app launched in 2013 and designed to provide strong encryption and privacy – unfortunately, this has allowed some bad actors like jihadists, white supremacists and cybercriminals to message each other on the platform freely. The report highlighted an increase in the amount of stolen data being trafficked on the app, although it seems it is still a secondary channel to dark web forums for the time being.
Contact SWK Technologies to Learn How to Protect Yourself
2021 has proven to be as much of a year of significant change as 2020 was one of substantial disruption, and cybersecurity has rightfully risen to top of mind for institutions both public and private. Don’t let your business fall behind and be exposed to cyber threats – reach out to SWK today to discover where and how you can protect your systems and data.
Contact SWK Technologies to learn how to take advantages of the latest cybersecurity solutions and practices to protect your business from cyber threats.