Welcome to Fall 2021! We’re trying to curate some of the week’s privacy and cybersecurity news to keep you up-to-date:
CONTI RANSOMWARE ON THE RISE — Another week, another US agency joint advisory on ransomware. The Cybersecurity & Infrastructure Security Agency (CISA), the FBI and the National Security Agency issued a joint advisory that there’s been an “increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations.” The advisory includes indicators that a Conti hack has occurred and suggests organizations --- tell me where you’ve heard this before --- update their software security, including application of patches, require multi-factor authentication and implement network segmentation to help prevent attacks.
WATCH OUT FOR SMISHING -- First, what is “smishing?” Simply, it is malware delivered through a text message, otherwise known as SMS, and it is becoming a common attack vector. More here. It also has been elevated in importance with employees using mobile devices to communicate in the WFH era. The latest is that the bad guys are taking advantage of interest in Covid-19 vaccine booster shots by targeting Android users in the US and Canada. Security researcher (and solutions provider) Cloudmark is reporting today on this attack in a blog post. According to Cloudmark, the bad actors are sending text messages about “Covid regulations and the third dose of Covid vaccines” to trick users into downloading a string of malware known as TangleBot. The malware allows hackers to control and access contact information, texting and phone capabilities, call logs, and the device’s camera and microphone. An alert to your remote workforce to be aware might be in order before the weekend.
REPORT ON EU-U.S. PRIVACY SHIELD AND TRANSATLANTIC DATA FLOWS -- While companies are rushing to meet next week’s Standard Contractual Clauses deadline, this week the U.S. Congressional Research Service released a report on Privacy Shield and trans-Atlantic data flows, including options for Congress to facilitate these data flows and a potential enhanced Privacy Shield. The CRS report also considers whether comprehensive U.S. national privacy legislation (aligned with GDPR?) would “provide some level of certainty to EU businesses and individuals” and “provide sufficient safeguards and guarantees” for U.S. adequacy. It might help to provide some level of certainty to US businesses as well …..
SPEAKING OF CONGRESS – The Senate Committee on Commerce, Science, and Transportation has (finally) scheduled its first hearing on privacy of this 2021 session. Committee Chair Senator Maria Cantwell (D-WA) has scheduled a hearing on Wednesday, September 29 on “Protecting Consumer Privacy.” The hearing will examine the need for a comprehensive privacy law, better safeguarding of consumer privacy rights, and creating a privacy bureau of the Federal Trade Commission.