Cybersecurity Roundup August 2022

The Security Industry Has Lost a Pioneer 

Peter Eckersley, a co-founder of Let’s Encrypt and a contributing voice to the Electronic Freedom Frontier, has passed away. Losing a life battle to cancer, the world sadly lost Peter last week at the young age of 43. 

Peter was a computer scientist whose passion and research impacted data privacy, net neutrality, encryption, online security, and artificial intelligence development. As a driving force behind advanced internet encryption, Peter’s work with the Electronic Frontier Foundation led him to co-found Let’s Encrypt, Certbot and HTTPS Everywhere.

Peter’s work will live on through his research. His latest project was the founding of the AI Objectives Institute. An environment dedicated to building standards and practices around artificial intelligence’s impact on ethics, privacy, and online safety. 

Peter was dedicated to making technology safe for humanity. 

Additional information is available here.  

SSL.com Response:
SSL.com shares its condolences with the world. Peter’s work had a significant impact on internet security and privacy. SSL.com supports Peter’s work, taking into account his influence on privacy, encryption, and digital trust.

Los Angeles Unified School District Hacked 

Ransomware attacks are rising. Reports indicate that more than 71 million people were affected in 2021, with costs as high $18 billion in recovery costs. The numbers for 2022 already show a > 62% increase from last year, calculated on attacks that were reported. TechTarget has said that hackers are getting more sophisticated, and ransom demands are more organized. The most significant target is the Education-Research sector. 

The latest Government/Education ransomware attack that has gained attention is the Los Angeles Unified School District, the nation’s second largest school district. The attack appears to be the responsibility of the Vice Society, a known ransomware group with ties to Russia. 

The school district is assessing the damage and restoring services while working with the FBI on a response. The CISA and FBI previously warned that the Vice Society was active and targeting the education sector. 

The attack is a reminder that all agencies and organizations, government and commercial, are subject to cybersecurity threats and attacks.  Ongoing security monitoring, upgrading systems, and end-user vigilance are a few of the critical measures in slowing security breaches.  

SSL.com Response:
SSL.com provides a layer of cybersecurity trust, enabling multiple levels of encryption and validation as an integral part of a defense-in-depth architecture.  While the LA Unified network is extensive, diversified, and protected, the attack is an excellent example that a small crack in defensive measures can lead to a significant breach. SSL.com S/MIME Certificates (Secure/Multipurpose Internet Mail Extensions) can prevent phishing. The certificate confirms the identity of the sender while encrypting the contents of the email. The second preventative measure is the SSL.com Client Authentication certificates. It provides an additional layer of authentication and authorization and can be used with a Single Sign On initiative.  Further information on how our Digital Certificates contribute to defense-in-depth  can be found here.

There is Hidden Malware in Publicly Available Pictures From the James Webb Telescope

Security researchers discovered malicious malware hidden in the background of publicly available images from the James Webb Telescope. Dubbed the GO#WEBBFUSCATOR attack, legitimate space photographs are hiding intrusive and compromising malware code.

The malware is written in Golang, an open-source language developed by Google. Its characteristics are favored by hackers as Golang is large in size. Large files  tend to go undetected by many malware scanners. Golang also works well with Linux, MAC or Windows. 

SSL.com Response:
Hackers are getting more creative as cyber defense layers become more sophisticated and intelligent. While there is no guarantee that defensive measures can stop an attack, SSL.com is working closely with various national and international governmental agencies on a variety of PKI and Digital Certificate projects. 

Twilio and  Cloudflare Targeted in Massive Phishing Scheme

Twilio and Cloudflare, both respected industry organizations, reported that they were victims of a massive phishing campaign. The campaign stretched to over 130 other organizations, including Okta, a leader in authentication.

The attacks were successful because they were SMS-based, targeting employees with various spam messages and enticements to enter an authentication code as a response. The messages were convincing enough that many employees fell for the scheme, releasing a variety of credentials to the spammers. 

Once credentials were in the hackers hand, which included a variety of methods to satisfy two-factor authentication challenges, the hackers had free access to systems within the organization.  

The impact was severe. Unfortunately, it proved that the best security software and next-gen firewalls were only minor obstacles.  Social engineering was the culprit. 

SSL.com Response:
Security policies and ongoing training are critical components of a security architecture. A layered approach provides the best protective shell, as long as there is continuing end-user security education and training. SSL.com is a vital ingredient in a defense-in-depth architecture.  In addition, our email S/MIME Certificate provides encrypted and authenticated communications for both private and public entities. Their use promotes email vigilance amongst users. Our Client Authentication Certificate provides an alternative to two-factor authentication and can be used as an integral part of a Single Sign On initiative. Their use promotes controlled access, shielding sensitive data and digital assets from malicious actors.

SSL.com Reminders

OV & IV Code Signing Key Storage Requirements are Changing

With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. Initially, the change date was November 1, 2022. This date has been put on hold with a later date to be assigned. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service.    Additional information on this change can be found on the  CA/Browser Forum website. Learn more about the SSL.com eSigner solution: https://www.ssl.com/esigner/  

Organizational Unit Field for SSL/TLS Certificates is Being Deprecated

August 1, 2022, SSL.com discontinued the use of the Organizational Unit field. This is in response to new guidelines ratified by the CA/Browser Forum. Learn more about this announcement:  https://www.ssl.com/article/organizational-unit-ou-field-to-be-deprecated-by-ssl-com/