May 9, 2022
David Redekop

TWINN Security News May 09

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s talk about phishing. The number of successful phishing incidents continues to grow year after year. In 2020, there were 241,342 incidents reported to the FBI. In 2021, that number rose by 34% to 323,972. Why is it still on the rise? This reminds me of when William Sutton was asked why he robbed banks. His famously recorded response was “Because that’s where the money is.” The same would apply today, but if I were asked why phishing is still on the rise, it is because victims let it happen. The truth is that prevention is absolutely possible, but this story today illustrates why and how it still keeps on happening:

Man Convicted in Phishing Scam that cost U.S. DOD $23.5M. With transactions of this size, there are often sufficient road blocks that prevent the thief from getting away with it, but it’s the 5 and 6-figure thefts that are so often not recoverable.

Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’. What’s important to recognize here is that this need not happen. We do have mitigations that can match any threat level. It is possible and done on a regular basis that high value assets are protected with appropriate guard rails using Zero Trust principles.

Heroku to begin user password reset almost a month after GitHub OAuth token theft. The reason this is an important story for us to pay attention to is that a significant amount of apps on your phone are likely run by Heroku infrastructure. From a mobile device user’s point of view, this is a supply-chain attack you have no control over, but keep an eye out for more breach reports.

U.S. considers imposing sanctions on China’s Hikvision. For years we have protected client networks that use Hikvision equipment. By default, many of their products relay video feeds via China. That alone makes many westerners uneasy and it can be prevented, again using a Zero Trust approach and preventing the exfiltration. That is, if keeping this equipment running is even considered.

Google releases Indicators of Compromise (IoC) details. What’s interesting here is that very few of these domains even today are blocked by traditional threat intelligence. However, when you take a zero trust approach, 100% of these IOCs are disallowed, even before Google released them as IOCs.

Did you know?

LinkedIn Learning is a massive training resource that is highly structured. The best news is that most likely your local public library card gets you free access. Do a search for “Linked In Learning” + your library town name and you’ll find the starting point (e.g. London Public Library. And enjoy!

For a video version of this, see: