Cyber News Roundup: Foreign VPNs and Botnets…the Latest Threats

Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.

This week in local cyber news, Cyber Oregon sponsor Palo Alto Networks acquired Portland-based Twistlock for $410 million, according to an article in Portland Business Journal. Malia Spencer writes that Palo Alto Networks will add Twistlock’s technology, which is focused on securing IT infrastructure tools such as containers and serverless functions, to its Prisma cloud security product. 

Be leery of foreign VPNs, urges Senator Wyden

In other news, you may have heard of virtual private networks (VPNs), which allow you to create a secure connection to another network over the internet. Yet, a new cybersecurity concern about VPNs has surfaced from the Department of Homeland Security (DHS), cautioning that foreign VPNs are a threat to data security and national security. The head of the DHS’s cybersecurity division says that VPNs, particularly ones made in authoritarian countries, are a big concern outlined in a letter responding to Senator Ron Wyden, who had expressed concern about VPN security. 

According to the Cyberscoop article, “Open-source reporting indicates nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes,” says Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA). “Even with the implementation of technical solutions, if a U.S. government employee downloaded a foreign VPN application originating from an adversary nation, foreign exploitation of that data would be somewhat or highly likely. This exploitation could lead to loss of data integrity and confidentiality of communications transmitted over the application.” 

Says Wyden, “DHS has confirmed my fears: that using Chinese or Russian VPN services is essentially just taking your private data, wrapping it in a bow and then sending it directly to foreign spies in Beijing or Moscow. U.S government employees should not be using these apps, and I hope that DHS will take steps to prohibit their use on government-issued smartphones.”

The Emotet botnet is behind malicious URLs

You know what a VPN is, but what about a botnet? According to Norton, a botnet is a string of connected computers coordinated together to perform a task. Botnets can maintain a chatroom or taking control of your computer. There are illegal and malicious botnets that can gain access to your computer through some piece of malicious coding. The latest botnet attack is the Emotet botnet, which drove 61% of malicious payloads in the first half of this year. In a Proofpoint report, covered in the TechRepublic article, cybercriminals are increasingly trading malicious attachments for malicious URLs as an attack vector. The report found that malicious URLs in emails outnumbered malicious attachments by five to one – because of the Emotet botnet. “It is critical that organizations implement a people-centric security approach that defends and educates its most targeted users and provides protection against socially-engineered attacks across email, social media, and the web,” says Sherrod DeGrippo, senior director of Threat Research and Detection for Proofpoint.

Proofpoint offers these tips to keep your organization secure:

1. Assume users will click

Social engineering is one of the most popular ways for cybercriminals to launch email attacks, the report noted. Train employees and seek out solutions that can identify these types of threats, which seek to exploit the human factor. 

2. Build a robust email fraud defense

Business email compromise (BEC) attacks are on the rise, and are often difficult to detect. Make sure any solutions you use have classification capabilities and blocking policies. 

3. Protect your brand reputation and customers

Make sure you are fighting attacks over all mediums, including social media, email, and mobile—particularly those that attempt to harm your brand. 

4. Train users to spot and report malicious email

Regular user training and simulated attacks can teach employees to identify attacks, and can help organizations identify who might be the most vulnerable, the report noted.

Centralizing cybersecurity, time for a federal cybersecurity agency?

Should we have a federal cybersecurity agency? An article in CSO Online outlines all the reasons why this makes sense. Sam Bocetta writes how the U.S. is vulnerable to cyberattack because the government lacks central leadership on defense mechanisms and strategies. Currently, there are cybersecurity divisions within various agencies, including the Federal Bureau of Investigation, the Department of Defense, the Department of Homeland Security, and various intelligence groups such as the CIA and the NSA. Bocetta says that as governments try to tackle the breadth of cybersecurity, the question becomes how best to manage threats and organize defenses. 

“Cybersecurity has become a center of focus across the globe for both governments, private companies, and individual citizens.” Bocetta believes that spreading out the cybersecurity responsibility is not an efficient strategy, especially because it is hard to keep groups organized and focused on emerging threats. 

Cyber Oregon partner blog of interest