Daily Digest (12/15)

Treasury and Commerce Departments Hit in Global Cyberespionage Campaign; Over 85,000 MySQL Databases Sold on Dark Web; Apple Begins Applying New Data-Privacy Labels; Calif. to Join Google Antitrust Lawsuit.

Treasury and Commerce Departments Hit in Global Cyberespionage Campaign 

The U.S. Treasury and Commerce Departments have been compromised in a supply-chain attack on SolarWinds, a security provider that helps the federal government and a range of Fortune 500 companies monitor their IT networks. 

The Homeland Security Department’s cybersecurity unit issued an emergency directive Sunday calling on all federal civilian agencies to scour their networks for compromises, The Associated Press reports.  

“Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” the U.S. Cybersecurity and Infrastructure Security Agency advised.

The government has not publicly identified who might be behind the hacking, but three of the people familiar with the investigation said Russia was believed to be responsible for the attack, Reuters reports.  

The attacks also were linked to a recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts. 

Hackers broke into the National Telecommunications and Information Administration’s office software, which is Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources told Reuters.  

Sources (all links external): 

More Than 85,000 MySQL Databases Sold on Dark Web 

More than 85,000 MySQL databases have been put up for sale on a dark web portal for $550 per database. 

The portal has been part of a database ransom scheme that has been going on since the start of the year, ZDNet reports.  

Cybercriminals have hacked into MySQL databases, downloading tables, deleting original versions and leaving ransom notes behind, which instruct server owners to contact the attackers to get their data back.

While initial ransom notes asked victims to contact the attackers by email, the hackers also automated their DB ransom scheme on the dark web.

Victims who accessed the hacker sites were asked to enter a unique ID, found in the ransom note, before being presented with the page auctioning their data. 

Apple Begins Applying New Data-Privacy Labels

Apple said Monday that it had started rolling out new privacy labels on apps for users to see before they were downloaded from its App Store. 

Apple announced the labels, designed to quickly communicate information about several categories of data collection, at a developer conference in June, Reuters reports. 

The company required tech developers to provide label information last week as part of the review process for releasing or updating apps. 

The labels would be introduced after developers have submitted their apps for approval to Apple.  

Apple also required disclosures of when apps gathered data for what it deemed was the “tracking” of users across unrelated apps or websites, Reuters reports. 

Calif. to Join Google Antitrust Lawsuit

California intends to join the Justice Department in its antitrust lawsuit against Google. 

Democratic State Attorney General Xavier Becerra filed the motion Friday to join the case in federal court, The Associated Press reports.

“Google’s anticompetitive behavior has unlawfully maintained the company’s monopoly on internet search and search-based advertising at the expense of consumers,” Becerra said. 

The case, filed in federal court in Washington, alleged that Google used billions of dollars collected from advertisers to pay phone manufacturers to ensure that Google was the default search engine on browsers. The lawsuit claimed the practice hurt consumers and stifled smaller rivals. 

Eleven states, all with Republican attorneys general, joined the federal government in the suit in October, AP reports. California would be the first Democratic state to announce its intention to join the case. 

— By DPN Staff