In this week’s Cyber Blurbs Roundup, we take a look at the White House’s official response to the historic SolarWinds attack, the problems over at Clubhouse, and the issue with IoT devices.
US Sanctions Russia over Cyber Attacks
About five months and one administration change later, we’ve reached the next chapter in the catastrophic saga otherwise known as the SolarWinds attack.
For months, cybersecurity experts expressed their beliefs that state-sponsored Russian actors were behind the SolarWinds attack that exposed more than 250 federal agencies. On Thursday, April 15, U.S. President Joe Biden certified that position by announcing a series of sanctions against Russian individuals and assets.
“Treasury will target Russian leaders, officials, intelligence services, and their proxies that attempt to interfere in the U.S. electoral process or subvert U.S. democracy,” said Treasury Secretary Janet Yellen (h/t The Verge). “This is the start of a new U.S. campaign against Russian malign behavior.”
The sanctions also include penalties against 32 individuals accused of attempting to influence the 2020 presidential election.
News of the sanctions comes just a few days after SolarWinds revealed the financial burden associated with investigating the attack. The company says it has spent about $18 million to investigate and remediate the incident, hiring cybersecurity company CrowdStrike Holdings, Inc. and security firm KPMG to assist in the investigation.
SolarWinds said it expects that number to grow.
"We expect to incur significant legal and other professional services expenses associated with the Cyber Incident in future periods," it told Reuters.
Clubhouse Dealing with Privacy Issues
Fast-growing social media platform Clubhouse was recently under a spotlight, initially accused of being the victim of a cyber attack.
“... wait, what’s Clubhouse? Is it like TikTok? I just got an Instagram.”
Glad you asked, curious reader.
Launched in April 2020, Clubhouse is a platform for audio-driven forums. Hosts can create rooms to facilitate live discussions, with “listeners” often being defaulted to muted participants who can request (but not necessarily be granted) speaking privileges.
Conversations. They rebranded and digitized conversations.
The platform is invitation-only, so don’t think you’ll be able to spy on your kids just yet, folks.
Anyway, earlier this month the platform was initially said to have been the victim of a data breach, with the data of 1.3 million users becoming available in a hacker forum online. That, after some clarification, is not the case — but the actual circumstances aren’t all that great either. Truth is, Clubhouse was not the victim of a cyber attack, as accurately stated by company CEO Paul Davison.
That’s mostly because a motivated-enough individual wouldn’t actually need to “hack” the application in order to retrieve user data. As it turns out, user data is publicly available and can be accessed by anybody with a user account or via the app’s API.
“The way the Clubhouse app is built lets anyone with a token, or via an API, to query the entire body of public Clubhouse user profile information, and it seems that token does not expire,” said senior information security researcher Mantas Sasnauskas of CyberNews, the outlet that originally reported the findings.
Available user data includes a User ID, Name, Username, Twitter handle, Instagram handle, along with a few other surface-level details.
“This should not only be reflected in the [Terms of Service], but also in the technical implementation of the app, making it harder for anyone to scrape user data. Having no anti-scraping measures in place can be seen as a privacy issue,” Sasnauskas told CyberNews.
Tis but a drop in the bucket compared to the recent events over at Facebook and LinkedIn, which featured a combined 1 billion users seeing their data hit the web earlier this month.
Loads of IoT Devices at Risk
Security professionals Forescout Research Labs recently disclosed a series of DNS vulnerabilities that stand to affect more than 100 million IoT devices, according to TechRadar.
“Well it’s a good thing I don’t have any IoT devices — I don’t even know what those are!”
Not so fast, folks. Unfortunately for those hyper-focused on securing their home network, IoT (internet of things) devices have become fairly commonplace in the world of not just consumer electronics, but also home appliances.
For those unfamiliar, an IoT device is essentially any consumer, enterprise, or industrial device that operates through the internet. In 2021, that list can include things like your refrigerator, security cameras, audio speakers, printer, television, and basically any device that has “smart” capabilities.
Daniel dos Santos, research manager at Forescout Research Labs, says patching the recently discovered vulnerabilities (dubbed NAME:WRECK) is of utmost importance, noting that hackers would be capable of disrupting vital infrastructures.
“NAME:WRECK is a significant and widespread set of vulnerabilities with the potential for large scale disruption,” dos Santos said in a press release (h/t TechRadar). “Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up to date patches for any devices running across these affected IP Stacks.”
What can you do about it? Keep your eyes peeled for updates to all of your home devices and cross your fingers that the bad guys don’t exploit the issues first.