This Week in Cyber: The Year of Cryptomining?
This Week in Cyber takes a look at a few of the top news stories across the industry for the week of Jan. 10. Plus, get a peek at what’s coming up on the Data Connectors Community calendar.
Is 2022 the year of cryptomining? Signs, so far, point to yes. Users everywhere were buzzing over the addition of a cryptomining component in Norton 360 software over the last week. The news has landed in some mainstream publications, where authors are citing public outrage over the addition, including Wired magazine which says “you should absolutely not do this,” as it is an environmental drain and a potential security risk. There’s also the inherent hypocrisy involved; this software should seek to prevent cryptomining from threat actors rather than cashing in on it.
For a quick definition, ExtraHop defines cryptomining as the process where a user’s computing resources are used to mine cryptocurrencies like Bitcoin or, in the case of Norton 360, Ethereum. Threat actors have been known to do this surreptitiously uses a systems CPU and sometimes GPU to perform complex mathematical calculations that result in long alphanumeric strings called hashes.
And as for the cash payouts, Norton is keeping 15% of all earnings.
Once is chance, twice is coincidence… Krebs on Security is reporting that fellow virus scanner software Avira followed in Norton’s footsteps, putting some 500 million users’ PCs to work in the old Ethereum mines. Similar backlash has ensued. The question remains: is there space for cryptomining within security software offerings?
The cover-up is the crime. Remember back in 2016 when Uber fumbled 56 million users’ and drivers’ data? Then-security chief Joseph Sullivan is racking up charges for the behind-the-scenes coverup, most recently three counts of wire fraud to previously filed felony obstruction and misprision charges, according to a statement from the Department of Justice.
The lesson for CSOs everywhere? Don’t make six-figure deals with hackers in exchange for their silence; don’t attempt to cover up a data leak from the people it affects, and definitely don’t try to hide it from the feds in the Federal Trade Commission.
Log4january updates? CISA Director Jen Easterly gave her thoughts on the status of the end-of-the-year fire drill we all experienced in 2021, saying that most government agencies here in the US are in the clear from log4shell vulnerabilities, in part due to vigilant cybersecurity engineers. However, the reach of this thing is so massive, we’ll be living with it for a long, long time.
Ten days into 2022, how are your resolutions going? If you started this year with a goal of reading more, you’re in luck. The Data Connectors Holiday Reading List is still live and ready for your consumption. https://info.dataconnectors.com/holiday-reading-list-2021 Get access to white papers and analyst reports that will keep you sharp in the new year.
On the road again. The Data Connectors team is starting the year in the Grand Canyon state, with an all-star lineup at its Phoenix Cybersecurity Conference on Wednesday, Jan. 12. We’re joined by Dr. Jonathan D.T. Ward, a world-renowned expert on China and Russia, who will be sitting down and taking audience questions in a Fireside Chat format.
Phoenicians (and other locals) can catch their local Secret Service Supervisory Special Agent Ingrid Rush, as well as FBI Special Agent Suzanne Allen, plus an all-star panel discussion titled “What Your Left Out of Your 2022 Cybersecurity Plan (And How to Fix It).”
This session will be followed up with another Cybersecurity Conference out in Salt Lake City on Jan. 27, as well as the SouthWest Virtual Cybersecurity Summit on Feb. 2-3.
Before you go… Don’t lose your seat at the CyberConnect Web Briefing on Jan. 20, where a panel of CISOs will be discussing the topic, “Automating Risk Management at Scale for the Modern CISO.” This is a can’t-miss discussion, particularly in a world after log4j.