Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view.Full Bio

 

Tech Friday with Dave Hatter - October 29th 2021 - SPONSORED BY INTRUST IT

China-linked hackers attack cellular networks:

  • China linked hackers have attacked mobile carriers across the globe
  • The attackers used specialized tools that have been called some of the most sophisticated yet seen to steal calling records and text messages
  • CrowdStrike named the attackers LightBasin and said they have been active since at least 2016
  • CrowdStrike Senior Vice President Adam Meyers said "I've never seen this degree of purpose-built tools"
  • Myers said the attackers had connections to China including cryptography using Pinyin phonetic versions of Chinese language characters and techniques used in previous Chinese attacks
  • Meyers did not accuse the Chinese government of directing the attacks
  • The Chinese US embassy did not respond to questions from Reuters
  • The US Cybersecurity and Infrastructure Security Agency (CISA) said it was aware of the CrowdStrike report and would continue to work with carriers
  • "This report reflects the ongoing cybersecurity risks facing organizations large and small and the need to take concerted action," an official said through a spokesperson."Common sense steps include implementing multifactor authentication, patching, updating software, deploying threat detection capabilities, and maintaining an incident response plan."
  • The findings underscore the vulnerability of major networks providing the backbone for communications and help explain the increasing demand for strong, end-to-end encryption that the networks - and anyone with access to those networks - cannot decipher.

Facebook whistleblower Frances Haugen to address UK parliament next week:

  • Next week, former Facebook data scientist Frances Haugen will answer questions from UK lawmakers working on legislation to rein in social media companies
  • Damian Collins, the lawmaker who chairs the committee, said "This is a moment, sort of like Cambridge Analytica, but possibly bigger in that I think it provides a real window into the soul of these companies"
  • She will address parliamentary committee working on draft legislation to crack down on harmful online content in the UK
  • Haugen's comments could help lawmakers "improve" the legislation
  • Haugen recently testified in the US Senate earlier this month regarding the danger she claims the company poses
  • The concerns she raised included harming children, inciting political violence and fueling misinformation
  • Haugen cited internal documents she exfiltrated before leaving her job
  • According to the documents, Facebook prioritized profits over safety. It also hid research from investors and the public
  • Facebook CEO Mark Zuckerberg disputed Haugen’s portrayal of the company. He claimed a false picture is being painted
  • Zuckerberg did agree on the need for updated internet regulations
  • Haugen told US lawmakers a federal regulator is needed to oversee the tech titans like Facebook. This is currently in the works in the UK and the EU
  • The UK's online safety bill calls for a regulator that would hold companies responsible for removing harmful or illegal content
  • The UK committee wants to hear more about the data tech have collected, which Haugen's documents refer to
  • Coincidentally, Haugen is testifying the same day that Facebook release's its latest earnings

Candy giant hit with ransomware just prior to Halloween:

  • Ferrara Candy, makers of Nerds, Laffy Taffy, Now and Laters, SweetTarts, Jaw Busters, Nips, Runts and Gobstoppers was hit with a ransomware attack weeks Halloween, one it's biggest holidays
  • Ransomware attacks are increasingly common. Colonial Pipeline, JBS, Gigabyte, and CNA Financial are a few high-profile attacks this year
  • The US Treasury as reported that 2021 ransomware payouts are trending towards exceeding the combined payouts from the entire past decade!"
  • Ferrara reported October 9th that they "disrupted a ransomware attack" that encrypted data on some of their systems
  • Ferrara told ZDNet: "Upon discovery, we immediately responded to secure all systems and commence an investigation into the nature and scope of this incident. Ferrara is cooperating with law enforcement, and our technical team is working closely with third-party specialists to restore impacted systems as expeditiously fully and as safely as possible"
  • Ferrara did not say if it paid a ransom or what ransomware group attacked their systems
  • Danny Lopez from Glasswall, said probably not a coincidence that attackers hit a candy company's supply chain just before Halloween to increase the likelihood of payment
  • Chris Clements from Cerberus Sentinel said this is just another example that show every company needs to plan for cybersecurity attacks
  • "By doing so, cybercriminals can make any service disruptions and restoration delays maximally painful to their victim to further coerce them to pay the extortion demand rather than attempt to restore systems or data themselves." - Clements
  • The best solution to resolve a ransomware attack ransomware is a solid backup that can recover the unencrypted data and get systems back online
  • Solid cybersecurity practices such as good password hygiene, hardened systems, user training and advanced anti-virus software can greatly reduce the likelihood of a successful ransomware attack
  • Most experts warn against paying a ransom, and per U.S. Treasury guidance from last year, depending on where the money is going, it may be illegal. Talk to your attorney and cyber insurance company before paying a ransom
  • Paying a ransom may increase your likelihood of additional ransomware attacks
  • Ransomware attacks now typically include a "double threat", the theft of data before it's encrypted as further leverage to incentivize the victim to pay the ransom. So if you refuse to pay, they threaten to release your data on the Internet. This has happened several times including a school district in Nevada where student data was leaked
  • Here are some additional tips from the Cybersecurity and Infrastructure Security Agency (CISA):Stop Ransomware | CISA

Sponsored Content

Sponsored Content