ISA is committed to keeping the security community up to date with the latest cybersecurity news.
“Female Trailblazers in Cybersecurity” roundtable
Response has been outstanding for ISA Cybersecurity’s live virtual roundtable: Female Trailblazers in Cybersecurity on August 25 at 1:00 p.m. EDT. Held in partnership with CyberArk and Tenable, the event brings together leading women in cybersecurity to address today’s pressing industry issues by highlighting women’s vital roles through powerful stories. Register today for this must-see event! All registrants will receive a link to the recorded presentation.
Google to launch anti-phishing feature in Chrome browser
Google will test a new feature in an upcoming version of their Chrome web browser that they hope will reduce the risk of phishing and website spoofing. The experiment will be rolled out on desktop versions of Chrome 86, expected to be released in October 2020.
The trial will involve hiding all parts of the web address except the domain name in the address bar of the browser. Currently, if you look at your address bar, the entire Uniform Resource Locator (URL) or web address of the site you’re visiting is visible. In the trial, however, select Chrome users will only see the domain name as a default setting. For example, instead of seeing the address “https://isacybersecurity.com/latest-cybersecurity-news-24-08-2020”, you would simply see “https://dev-isacybersecurity.pantheonsite.io” using Chrome 86.
The experiment was driven by the results of a study conducted by Google engineers and the University of Illinois. “We showed participants a mix of real and obfuscated URLs and found that they are able to correctly identify real URLs 93% of the time, but are misled 60% of the time when faced with obfuscated URLs,” according to the published results of the study. It is hoped that by only showing the domain name, fake websites will be easier to spot, thereby giving users an opportunity to avoid falling for cyberattack.
The new feature will be rolled out to a random selection of users of the new browser upon release. Users who prefer to see the full URL can override the new setting by right-clicking on the URL and selecting “Always show full URLs” from the pop-up menu, or can simply hover their cursor over the address bar.
A development version of the new browser is available from Google today for those interested in previewing the new feature.
ESG releases two new cybersecurity surveys
Research firm Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) recently released two timely surveys of interest to cybersecurity professionals. The first, entitled “The Life and Times of Cybersecurity Professionals 2020”, strives to tap into the psyche of IT personnel, and can provide thought-provoking insights for managers of those team members. The report addresses such issues as career development, training, and job satisfaction. The second report entitled “The Impact of the COVID-19 Pandemic on Cybersecurity” provides an analysis of organizational response to the pandemic. Areas in which surveyed companies did well, and found continuing challenges, are outlined. The top three lingering challenges remain 1) securing work-from-home system configurations, 2) providing secure network access, and 3) monitoring traffic.
Ransomware strikes four Canadian courier operations
On August 19, a ransomware attack hit the four Canadian courier divisions of TFI International, just two days after the transportation and logistics company raised some $290 million (CDN) in a share offering. The attack affected operations of Canpar Express, ICS Courier, Loomis Express, and TForce Integrated Solutions (formerly ATS Retail Solutions), according to notices posted on the couriers’ websites and on Canpar’s Facebook page.
By August 24, the Canpar and Loomis websites were running, but the ICS and TForce sites were still down. “We continue to meet most customer shipping needs and we are not aware of any misuse of client information. Out of an abundance of caution we want to make our clients aware of the incident, should you be experiencing any issues,” according to the announcement.
The nature and full extent of the attack and recovery strategies have not been disclosed.
New “DarkSide” ransomware hitting Canada
A new ransomware outfit named “DarkSide” is now launching attacks on a number of high-profile targets, conducting extortion operations that have reportedly generated at least one million-dollar (US) payout already. The first attacks were reported around August 10, about the same time that DarkSide issued a darkweb press release announcing their launch.
“We are a new product on the market, but that does not mean that we have no experience and we came from nowhere. We received millions of dollars profit by partnering with other well-known cryptolockers. We created DarkSide because we didn’t find the perfect product for us. Now we have it,” claim the organizers. They go on to advise that they will not target health care, government, education, or non-profits, but will exclusively focus on companies that the cybercriminals believe can afford to pay their ransoms, based on the victims’ net incomes.
A report by BleepingComputer outlines further details of the mechanics of the malware, which appears to bear many similarities to established ransomware operations like REvil and GandCrab.
DarkSide is thought to have hit a major Canadian target over the weekend. A publicly-traded company based in Toronto appears to have been victimized, according to an unconfirmed report in IT World Canada. Data including employee files, finance and payroll records and business plans that appear to belong to a global asset management firm have been posted on DarkSide’s website.