TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, check out a Tenable poll about dealing with vulnerabilities without patches. And did LockBit 3.0 make a comeback in May? Maybe – or maybe not. And much more!
Dive into six things that are top of mind for the week ending June 21.
1 - FTC: TikTok may have broken the law
TikTok, already in hot water with the U.S. federal government over privacy and security concerns, may face even deeper troubles soon.
The U.S. Federal Trade Commission (FTC) said this week that it has “reason to believe” TikTok is violating or will soon violate federal law. As a result, the FTC has referred a complaint against the social media giant and its parent company ByteDance to the Justice Department.
“Although the Commission does not typically make public the fact that it has referred a complaint, we have determined that doing so here is in the public interest,” the FTC said in a statement.
The FTC’s probe of TikTok dates back to 2019, when ByteDance and its now shuttered service Musical.ly settled with the FTC over allegations they had violated the Children’s Online Privacy Protection Act (COPPA).
This year, President Biden signed a bill into law that would ban TikTok from the U.S. unless ByteDance sells its U.S. TikTok operations by Jan. 19, 2025. ByteDance is challenging the law in a U.S. appeals court.
For more information about privacy and security concerns around TikTok:
- “Is TikTok a National Security Risk?” (The New York Times)
- “Majority of Americans say TikTok is a threat to national security” (Pew Research Center)
- “TikTok Ban Raises Data Security, Control Questions” (Dark Reading)
- “FTC investigating TikTok over privacy and security” (CNN)
- “How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat” (Associated Press)
VIDEO
The data security concerns surrounding social media app TikTok (The Financial Times)
2 - French cyber agency: Nobelium / Midnight Blizzard is spying on European governments on Russia's behalf
The nation-state cybercrime group Nobelium, also known as Midnight Blizzard, is a major threat to the national security of France and of European countries in general, France’s cybersecurity agency warned this week in a report.
Specifically, Nobelium is launching cyber espionage attacks on behalf of Russia’s intelligence agency against government and diplomatic targets in France and elsewhere in Europe, according to the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI).
“Most of Nobelium campaigns against diplomatic entities use compromised legitimate email accounts belonging to diplomatic staff, and conduct phishing campaigns against diplomatic institutions, embassies and consulates,” reads ANSSI’s report.
In recent years, Nobelium, also known as CozyBear and APT29, has attacked French and European embassies, foreign affairs ministries and government agencies, as well as private-sector targets including Microsoft.
“ANSSI has observed a high level of activities linked to Nobelium against the recent backdrop of geopolitical tensions, especially in Europe, in relation to Russia’s aggression against Ukraine,” the report reads.
For more information about Nobelium / Midnight Blizzard:
- “CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action” (Tenable)
- “US says Russian hackers stole federal government emails during Microsoft cyberattack” (TechCrunch)
- “Microsoft says Russia-backed Midnight Blizzard accessed its source code” (SC Magazine)
- “SolarWinds hack explained: Everything you need to know” (TechTarget)
3 - How do orgs handle unpatched vulnerabilities? Check out this Tenable poll
For security teams and vulnerability management pros in particular, it’s a critical issue: One of your organization’s software vendors decides not to patch a vulnerability, for whatever reason. For example, maybe the product in question is entering its end-of-life phase and the vendor won’t issue patches for it anymore. Whatever the case, the question remains: What does your organization do?
At several recent Tenable webinars, we asked attendees whether they have a policy for this type of situation. Check out what they said!
(466 webinar attendees polled by Tenable, June 2024)
For more information about detecting, prioritizing and fixing vulnerabilities, check out these Tenable resources:
- “Risk-Based Vulnerability Management: Understanding Vulnerability Risk with Threat Context and Business Impact” (guide)
- “The State of Vulnerability Management” (white paper)
- “What Is VPR and How Is It Different from CVSS?” (blog)
- “What is Cloud Vulnerability Management?” (guide)
- “You Can't Fix Everything: How to Take a Risk-Informed Approach to Vulnerability Remediation” (blog)
- “Verizon DBIR: Hackers feasting on unpatched vulnerabilities” (blog)
4 - Survey: Cybersecurity tops IT investment priorities among industrial and manufacturing orgs
For the fourth straight year, cybersecurity ranked as the number-one priority for technology investments in the industrial and manufacturing sector.
That’s according to a survey of more than 200 senior IT decision makers from industrial and manufacturing organizations conducted by IoT Analytics, a market research firm focused on IoT applications, platforms, hardware and connectivity.
In addition to ranking first as technology investment priority, cybersecurity is also a major concern for original equipment manufacturers (OEMs) developing connected IoT products. Cybersecurity is also a critical factor for buyers of enterprise IoT products.
(Source: IoT Analytics, June 2024)
To get more details, read IoT Analytics’ article “Top 5 enterprise technology priorities: AI on the rise, but cybersecurity remains on top.”
For more information about IoT cybersecurity:
- “What Is IoT Cybersecurity?” (CompTIA)
- “Top 12 IoT security threats and risks to prioritize” (TechTarget)
- “Cybersecurity for the IoT: How trust can unlock value” (McKinsey)
- “What is IoT Security?” (TechTarget)
- “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (Tenable)
5 - Report: LockBit bounced back in May – or did it?
LockBit 3.0 ranked first among ransomware attackers in May, as overall ransomware activity reached its highest levels ever. That’s according to the “Monthly Threat Pulse” report for May from the NCC Group’s Global Threat Intelligence team.
Global ransomware attacks spiked 32% compared with April 2024, helped by an apparent resurgence of LockBit 3.0, which was responsible for 37% of attacks. LockBit 3.0’s attack volume skyrocketed 665% compared with April.
However, the report leaves the door open for the possibility that LockBit 3.0 may be exaggerating the number of attacks it’s responsible for. LockBit 3.0’s operations and infrastructure have been disrupted this year by cybersecurity agencies from multiple countries.
“It’s possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signaling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organization,” Matt Hull, NCC Group’s Global Head of Threat Intelligence, said in a statement, adding that the picture will become clearer in the coming months.
Other insights from the report include:
- The industrials sector ranked first among ransomware targets, receiving 30% of attacks in May.
- South America experienced a significant increase in ransomware attacks, with a 60% increase compared with April.
- The ransomware groups Play and RansomHub ranked second and third in attacks in May.
For more information about ransomware trends:
- “Ransomware Insights and Trends: 2024” (Security Week)
- “2024 Trends & Predictions Series: Ransomware” (SANS Institute)
- “Ransomware Payments Exceed $1 Billion in 2023” (Chainalysis)
- “FBI has thousands of LockBit decryption keys, urges victims to reach out” (Tenable)
6 - CISA: Best practices for network access security
How can organizations effectively protect their hybrid networks from cyberattacks? The new “Modern Approaches to Network Access Security” publication aims to answer that question.
Issued jointly this week by cybersecurity agencies from the U.S., Canada and New Zealand, the 12-page document argues that relying on virtual private networking (VPN) and remote access to secure networks is no longer sufficient.
Instead, the cybersecurity agencies recommend that organizations consider adopting zero trust, secure service edge (SSE) and secure access service edge (SASE), which they say provide better visibility of network activity and stronger protections.
“Additionally, this guidance helps organizations to better understand the vulnerabilities, threats, and practices associated with traditional remote access and VPN deployment, as well as the inherent business risk posed to an organization’s network by remote access misconfiguration,” reads a statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
In addition, the publication offers network-security best practices including:
- Adopt a centralized management solution as well as network segmentation.
- Develop, update and practice IT and operational technology (OT) incident response plans.
- For public-facing assets, run automated vulnerability scans and disable unnecessary operating-system applications and network protocols.
- Adopt strong identity and access management (IAM) security with phishing-resistant multi-factor authentication (MFA)
- Adopt a principle of least privilege for user access.