Stay in the know with “The week in cybersecurity news,” a weekly report on all the industry headlines released every Friday. Sign up to get the report in your inbox every week.

Watchdog says cryptocurrency scams are increasing

Britain’s Financial Conduct Authority (FCA), a U.K-based watchdog, announced this week that it has seen a rise in reports of cryptocurrency investment scams.

According to the story in Reuters, malicious actors are using celebrity images and prestigious London addresses to legitimize scam websites falsely promising high returns on investments.

Read the full story here.

New browser extension helps consumers validate ICOs

Forbes reported this week on the launch of a browser call Uppward, which helps consumers validate Initial Coin Offerings.

According to the article, over 80% of ICOs in 2017 were scams. To increase trust in the crypto space, Sentinel Protocol created Uppward. The browser extension provides warnings for suspicious websites and verifies addresses for Telegram, wallets, and URLs.

The browser extension is powered by a threat intelligence database being built by a community of “Sentinels” — security experts and organizations, as well as white hat hackers.

To learn more, read the article in Forbes.

How to use a security roadmap to get buy-in from the C-suite

Well-planned security expenditures help the organization protect its reputation and avoid cyber breach costs. Still, it’s hard for cyber security leaders to get buy-in from executives for action.

An article this week from DarkReading advises creating a security roadmap to persuade the C-suite to commit financial resources to protecting the organization’s digital assets. Here’s how to do it:

  • Create a security structure with four “distinct towers:” 1) security oversight, 2) information risk, 3) security architecture and engineering, and 4) security operations.

  • Assess risks, assets and resources: Prioritize the assets that require the most protection.

  • Update your information security policy: Provide guidance for these high-risk assets by updating your existing security policies.

  • Identify and deploy newly required controls: Implement new controls that limit access to high-risk data to specific people using a phased approach that aligns with your organization’s software development life cycle.

  • Educate your employees, executives, vendors, and customers: Explain how to comply with new security policies and then hold frequent training sessions to boost awareness and keep teams accountable.

Read the full article here.

4 reasons your organization needs cyber insurance

In today’s digital environment, organizations often fall one step behind while trying to keep up with the tactics used by cyber criminals. This makes cyber attacks an inevitable consequence for which organizations must be prepared.

Part of planning for these virtual threats involves purchasing cyber insurance to ensure that your organization will have the financial means to recover in the wake of an attack.

This week’s blog from Stratus Cyber looks at the four reasons your organization needs cyber insurance, including that your data is likely already compromised and general liability insurance doesn’t cover cyber attacks.

Read the full story here.

1,000+ government officials in Australia use the password “Password123”

According to a security audit released this week by the Western Australia government, 1,464 government officials in the region used the notoriously weak password, “Password123.

The audit found that 26% of the region’s 234,000 government employees have weak passwords, with over 5,000 using some form of the word “password.” Many employees were storing passwords in Word documents and spreadsheets as well.

This story highlights the ongoing laxness in passwords used to access critical information and the danger it causes. According to a 2017 data breach report from Verizon, 81% of hacks were caused by stolen or weak passwords.

Read the full story here.

Election security: States to spend $138 million improving election cybersecurity as hacking continues

The U.S. Election Assistance Commission announced Tuesday that 41 states would collectively be spending $137.9 million improving cybersecurity for elections. The funds make up part of the $380 million appropriated in March this year for Help America Vote Act (HAVA) grants.

The announcement came at the same time that Microsoft said it had thwarted attacks on websites for political groups and the U.S. Senate. The malicious efforts were led by the APT28 hacking group linked to Russian military intelligence.

The group created fake websites that appeared to be associated with the Senate, the Hudson Institute (a group investigating corruption in Russia), as well as pro-democracy nonprofit International Republican Institute (IRI). The apparent goal of the sites would have been to obtain login details that could be used to access political information.

Microsoft also announced this week that it’s offering free cybersecurity tools to U.S. political candidates, campaign offices, and associated groups.

Read more in The Washington Post article here.

The FBI is also investigating a cyber attack on the congressional campaign for David Min, a Democratic House of Representatives candidate for California. He lost the primary in June.

According to the story in Reuters, hackers infected the computers of Min’s campaign manager and finance director with keystroke logging software that went undetected by standard antivirus products.

In other news:

  • The recent attempted hack on the Democratic National Committee’s voter database was reported as a false alarm on Thursday. The Michigan Democratic party and volunteer white hat hackers had been performing penetration testing on the voter file.

  • A lawsuit pending in federal court is attempting to force Georgia to switch to paper ballots for the 2018 midterm elections. The plaintiffs — election integrity activists — have claimed that the electronic election systems are too prone to hacking.

  • Facebook announced this week that it had uncovered a global disinformation campaign on its platform which originated from Iran. The efforts date back to 2011. Twitter removed 284 accounts for “coordinated manipulation” after the story’s release.

FTC warns consumers about bitcoin scam targeting men

The Federal Trade Commission published a blog this week warning consumers about a Bitcoin blackmail scam that is targeting men.

According to the post, the scammers have been sending messages to men demanding Bitcoin payments in exchange for keeping quiet about alleged affairs. Read the full post here.