Dive into the latest in cybersecurity with The Daily Decrypt:

1. The Risks of Google Search for Software: Uncover the dangers of malicious ads on Google leading to compromised software downloads. Original article at Krebs on Security.
2. NRC’s Network and Software Security Push: Learn about the Network Resilience Coalition’s recommendations for enhancing network and software security. Full details on Dark Reading.
3. Microsoft’s Test Account Security Blunder: Explore how a hacked Microsoft test account with admin privileges led to a significant security breach. Complete story at Ars Technica.

Join us as we delve into these critical topics, providing you with essential insights and updates in the realm of cybersecurity. #CyberSecurityAwareness #TechNews 🎙️🔐 Thanks to Jered Jones for providing the music for this episode. Find him on Spotify here: https://open.spotify.com/artist/37xLl4KR8hJ5jBuS8zYjQN?si=W75mgw68SsmCb7Zfu5ESeg

Transcript

Announcer: Welcome to the Daily Decrypt, the go-to podcast for all things cybersecurity. Get ready to decrypt the complexities of cyber safety and stay informed. Today is January 29th, 2024. Here’s your host, d0gesp4n. d0gesp4n: Good morning and welcome back to The Daily Decrypt. Today, we’ll be discussing malicious software ads, network and security standards, and some new information that came to light from the Microsoft breach we reported a few weeks ago. So, let’s dive in. First and foremost, I want to discuss this concerning issue highlighted in a recent article by Krebs on Security, titled “The Risk of Encountering Malicious Ads on Google When Searching for Software.” This issue is intriguing to me. As someone in tech, when searching for software on the Internet, it’s alarming how threat actors are exploiting Google’s ad system to trick users into downloading harmful versions of popular software. Google is trying to combat this, but it’s a challenging task. These actors are paying for ads, placing their malicious software high in popular searches. This threat is pervasive and can affect anyone, from seasoned IT sysadmins to regular users seeking, for instance, a free version of Microsoft Office. While the article mainly focuses on desktop software, the risk extends to mobile apps, especially on platforms like Android, which have looser restrictions than Apple’s App Store. Users might easily stumble across spyware or keyloggers. The article reports that cybercriminals are creating ads that appear legitimate, ranking above legitimate software sources. A notable example is a fake free CAD website that led users to download compromised software. This discovery was made by researchers who monitored such behavior over the past few years. They found that a malicious site, free-cad-us.org, is part of a network of over 200 domains hosted at a single IP address, mimicking popular software like Microsoft Office and other open-source alternatives (possibly OpenOffice or LibreOffice – please correct me in the comments). These domains are part of a large-scale deceptive operation, distributing malicious versions of legitimate software. Google has removed billions of bad ads, but the challenge persists. It’s increasingly difficult to vet every ad. In summary, the key is vigilance. Pay attention to domain names – a slight alteration in a familiar name could be a red flag. Take your time and don’t rush into downloading software, especially when under pressure. Moving on, let’s discuss the latest recommendations for better network and software security, as reported by Dark Reading. These recommendations were issued by the Network Resilience Coalition (NRC), which was established in July 2023 by the Center for Cybersecurity Policy and Law. The NRC, comprising network operators and IT vendors like AT&T, Cisco, Fortinet, Juniper Networks, Palo Alto Networks, VMware, and Verizon, aims to improve cyber resilience. The highlighted white paper delves into software development and lifecycle management, a significant issue for both open source and closed source projects. The NRC’s recommendations align with the Biden administration’s executive order on security by design and default. They advocate for software development methodologies to match the NIST Secure Software Development Framework (SSDF) and support the Oasis Open’s End of Life (EOL) and End of Support (EOS) initiative for standardized communication about software end-of-life details in a machine-readable format. This is about transparency, giving users an idea of what’s under the hood without revealing too much. The growing dependency on open source software in both private and public sectors necessitates this transparency. The NRC’s efforts to promote robust security practices across all sectors are commendable. Lastly, let’s revisit the Microsoft breach. The attackers, known as Midnight Blizzard, infiltrated Microsoft’s network through password spraying and escalated their access by exploiting weak credentials in a legacy non-production test account without Multi-Factor Authentication (MFA). This oversight, a common risk when creating accounts with extensive privileges for testing, led to a significant breach. The attackers then registered an application, granting them full access to Exchange Online and enabling them to read mailboxes. This incident highlights the importance of administrative diligence in monitoring and approving application accesses in Microsoft 365 environments. Microsoft’s transparency in sharing details about this breach is commendable. It underscores the necessity for collective growth and enhanced security measures across the industry. That’s all for today’s episode. Let us know your thoughts on the content or if you have questions about the topics we’ve covered. Have a great day, and we’ll talk to you tomorrow.