Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?

Why do I care? 

The agriculture sector is highly vulnerable to cyber-attacks given its low downtime tolerance, insufficient cyber defenses, and far-reaching ripple effects of disruption. Potential cyber attacks on this industry could induce things like a slowdown in production, shipping delays, loss of economic value or supply shortages.  

So now what? 

For executive leadership, now is an opportune time to evaluate your accepted business risks. That means taking the time to understand how interconnected your agriculture operations are to your corporate offices. Could you function as a business should a ransomware attack affect you? What investments have you made to build resiliency in your operations? These are incredibly difficult questions to answer. Use the catalyst of global events to invest in technology and more importantly, people, to help you find those answers. Be proactive, and train for climatic events like a cyber attack. 

 

Top security headlines from the week

As many as 1,900 users of encrypted messaging app Signal could have had their login authentication codes stolen as part of a recent data breach against Twilio. Twilio is a popular gateway other web platforms use to send SMS or voice messages. Signal began notifying users this week of the issue, with one victim saying the attackers used the Twilio access to re-register a new device associated with the user’s phone number, allowing them to send and receive messages from their Signal app. Cloudflare was also a target of the phishing attack, with actors sending users phony text messages warning them their login had been changed, sometimes even contacting the target’s family members. (The Verge, Ars Technica) 

Some of the world’s top security experts, hackers and defenders unveiled new research at the Black Hat and DEF CON conferences last week. The slate of talks, presentations and exhibits brought to light several high-profile vulnerabilities, including two severe issues in the Zoom video conferencing app. Other heavily discussed topics include the spread of disinformation and election security. In a more lighthearted demonstration, one researcher even showed a way to jailbreak the Linux system on a John Deere tractor to play the video game “Doom” on its center console. (Politico, The Guardian, The Verge) 

The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks from the Zeppelin ransomware, specifically against critical infrastructure. Threat actors are buying into the ransomware-as-a-service to spread the malware, using SonicWall firewall and remote desktop protocol vulnerabilities to initially breach targeted networks, according to a new CISA advisory. Zeppelin has a new multi-encryption tactic. Once the malware is on a victim’s network, it executes the ransomware multiple times and creates different IDs and encrypted file extensions so the victim can’t simply use one decryption key to return their files. (ThreatPost, CISA) 

Can’t get enough Talos? 

Upcoming events where you can find Talos 

Most prevalent malware files from Talos telemetry over the past week