This Week In Security - 03/09/2020
Website Insecurities Surface as Let’s Encrypt Revokes 3 Million Certificates
The non-profit certificate authority project, Let’s Encrypt, has withdrawn over 3 million TLS security certificates after discovering a bug in its certificate authority code. The incident will relieve millions of websites of their HTTPS status and means that businesses will have to apply for a new certificate.
In the meantime, “users will experience websites that say they have a security problem”, which will interrupt their usual services and potentially lead to a loss of trust.
The bug, nestled away in the Certificate Authority software, Boulder, “impacted the way its software checked domain ownership before issuing certificates”, resulting in potential vulnerabilities that “could open the door for a malicious attacker to take control of a TLS certificate on a website, allowing the hacker to eavesdrop on web traffic and gather sensitive data”.
While some are saying news of the bug came in plenty of time for them to address the issue, others are saying that, despite Let’s Encrypt’s prompt response to the situation, many of the affected clients face uncertainty.
The incident comes shortly after Let’s Encrypt issued its one billionth domain-validation certificate and publicly celebrated what it described as “a milestone for user privacy and security”.
Leading Economist Predicts Global Cyberwar in 2020
Professor of Economics at the New York University’s Stern School of Business, Nouriel Roubini, has predicted that 2020 will be the year of cyberwar. Roubini is famous for having accurately predicted the 2008 housing crisis, so there’s every reason to believe him when he says, “we’ll have the first global cyber warfare this year”.
According to Roubini, countries that the US has imposed sanctions against, namely China, Iran, Korea, and Russian “cannot respond to us with conventional power, because we are stronger”. Instead, Roubini suggests, “the only way they can respond is cyber”.
Roubini expects the initial attacks to occur during the US presidential elections in November and anticipates a plethora of fake news, deep fakes, and misinformation. As a result, Roubini says, whoever loses the election is likely to hit back, saying the elections were rigged. If Trump finds himself on the losing end and “says it’s rigged, there are going to be militias in the streets of Washington with guns”, Roubini continued.
Others remain unconvinced by “Dr. Doom” as they call him, saying his predictions unfounded, but are they? He’s also forecast that Trump will lose the election, global equities will plummet, and that coronavirus will mean “a recession for China”.
Global Collaboration Needed to Fight Networked Cybercrime
Last week, LexisNexis released its latest cybercrime report, covering the last six months of 2019. Its findings revealed a steady increase networked cybercrime, with criminals working in “hyperconnected, global networks” that evade national borders and move freely from one industry to the next.
The director of fraud and identity at LexisNexis Risk Solutions, Rebecca Moody, said that, as cybercrime becomes more globally connected, so businesses need to embrace “a shared view of risk that can operate acres channels, across industries, and across country borders”.
Moody went on to say that the tools are already in place to help businesses fight against organized cybercrime with innovations like “behavioral biometrics, consortium-based data sharing, bot data management, and risk intelligence signals” looking like promising weapons in the global fight against fraud. Now it’s up to businesses to use these tools collaboratively and “prevent the evolving nature of fraud”.
The World Economic Forum (WEF) echoed these sentiments in its Global Risks Report 2020, which, according to one reporter, indicates that “global leaders must commit to taking action [and embrace] … more collaborative approaches to tackling cyber threats”.
According to the WEF, however, the “fractures within the global community appear to only be widening”.
Software Giants Release Free Remote Work Tools As Coronavirus Continues
As the coronavirus continues its reign of global terror, more companies are being forced to adapt to a remote work environment, and the software giants are lending a hand.
Quarantined workers might be under house arrest but Cisco, Google, and Microsoft are doing their level best to maintain some level of productivity by releasing free tools so they can at least stay connected.
The multinational technology company, Cisco, is giving away 90 days of free access to its collaboration platform, Webex, to non-Webex customers while expanding its free Webex capabilities to existing customers. Meanwhile, Google has promised to roll out free access to its Hangouts Meet video-conferencing capabilities to help employees affected by the spread of COVID-19 to “reliably meet face to face, even if employees are not in the same location.”
Microsoft has jumped on the bandwagon with a six-month free trial of its premium Microsoft Teams package that was originally “designed to enable hospitals, schools, and businesses in China to get up and running quickly on Microsoft Teams”. It will also be rolling out an update that will increase the free version’s capabilities.
Many believe the coronavirus outbreak “could act as a catalyst accelerating adoption of technologies that enable remote workers”.