CyberJudicata Weekly Debrief (4/6–10)
This week's Weekly Debrief covers several interesting topics, including CISA/NCSC's joint cyber threat update, Zoom's cybersecurity practices, cyberattacks increasing amid COVID-19, law firm data security, and State's looking to CCPA for how to handle data privacy legislation.
"A growing number of cyber criminals and other malicious groups online are exploiting the COVID-19 outbreak for their own personal gain, security officials in the UK and USA have revealed. A joint advisory published today (April 8, 2020) by the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) shows that cyber criminals and advanced persistent threat (APT) groups are targeting individuals and organizations with a range of ransomware and malware."
"Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. The app has skyrocketed to 200 million daily users from an average of 10 million in December — along with a 535 percent increase in daily traffic to its download page in the last month — but it's also seen a massive uptick in Zoom's problems, all of which stem from sloppy design practices and security implementations."
"As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention."
"An inter-governmental law enforcement organization, INTERPOL, the International Criminal Police Organization, has cautioned that it has detected a significant increase in cyber-attacks against hospitals around the world that are engaged in the COVID-19 response. Attacks that could 'directly lead to deaths.'"
Link to PDF.
"The new coronavirus has forced many state legislatures to suspend their sessions or shift focus away from anticipated data privacy legislation. 'There was a significant tide of activity in many states,' Glenn Brown, of counsel at Squire Patton Boggs in Atlanta, said. New Jersey, for example, has the New Jersey Disclosure and Accountability Transparency Act floating through the Legislature, which would require a business to get consent from consumers before selling their personal data."
"In the wake of increased and intensified data breaches, legislators are moving to protect their constituents. On June 28, 2018, California passed the most comprehensive consumer privacy law in the United States today, the California Consumer Privacy Act of 2018 (CCPA)."
. . .