Cybersecurity

Analysis

Recently uncovered software flaw ‘most critical vulnerability of the last decade’ (The Guardian, December 10, 2021)
Former CYBERCOM Leader Urges Collective Defense Against Cyber Threats (Nextgov, November 8, 2021)
China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying (August 26, 2021): ” “There is a long-term project underway,” said Kiersten Todt, who was the executive director of the Obama administration’s bipartisan commission on cybersecurity and now runs the Cyber Readiness Institute. “We don’t know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success.””
The Curious Omission in Russia’s New Security Strategy (Defense One, August 25, 2021): Russia reclassifies traditional cyber security by subdividing it into two branches of Information Security: The first is technical security, which is what is typically grouped into the cybersecurity sector; and the second is related more to information and ‘truth’, as captured in assumed election interference and other efforts to influence public opinions and ideas.
Survey: Nearly 3 in 4 Organizations Suffered Data Breaches Due to Phishing (NextGov, August 3, 2021): ” The 2021 Insider Data Breach Survey polled 500 IT leaders and 3,000 employees in the U.S. and U.K. across the financial services, health care and legal fields. It suggests a correlation between the increase in remote work and increased risk organizations face securing their networks, with 53% of IT leaders surveyed reporting an increase in incidents caused by phishing.”
Ransomware’s suspected Russian roots point to a long detente between the Kremlin and hackers (Washington Post, June 12, 2021): The ransomware hackers suspected of targeting Colonial Pipeline and other businesses around the world have a strict set of rules. First and foremost: Don’t target Russia or friendly states.
Ransomware is a national security threat and a big business — and it’s wreaking havoc (Washington Post, May 15, 2021): The attack that led Colonial Pipeline to shut down its 5,500-mile pipeline, causing fuel shortages throughout the southeastern United States, underscored that the ballooning ransomware wave isn’t just about money. Targeting the private businesses that run much of the economy also threatens national security.
Why National Cyber Defense Is a ‘Wicked’ Problem (Defense One, May 11, 2021): “Vulnerable supply chains, sloppy security, and a talent shortage made events like the Colonial Pipeline ransomware attack and the SolarWinds hack all but inevitable.”

Cybercrime

CISA Encourages Mitigations in Face of OnePercent Group (NextGov, August 26, 2021): “The Cybersecurity and Infrastructure Security Agency shared an FBI flash report on the group which provides insight into the extent of the ransomware business ecosystem.”
The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’ (The Wall Street Journal, June 10, 2021): An Eastern European group known as Ryuk has hit at least 235 facilities, raking in more than $100 million
JBS says it paid $11 million ransom after cyberattack (CNN Business, June 8, 2021): “The ransom was paid after most of the company’s facilities had come back online, JBS said.”
Ransomware attacks are closing schools, delaying chemotherapy and derailing everyday (Washington Post, June 5, 2021)
Hackers behind JBS ransomware have new extortion tactic (Fox Business, June 5, 2021): “Conventional ransomware involves breaching a computer network, then encrypting valuable data so it is no longer accessible by a victim organization. The attackers then demand a ransom in return for a decryption key. Double extortion goes further by tacking on threats to leak the data. This is meant to increase the pressure on victims to pay the ransom. In some cases, the data leak is a separate ransom, so the victim is being extorted for two payments. Triple extortion expands the reach to customers, partners and other third parties related to the initial breach in an effort to extort even more money.”
Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom (Wall Street Journal, 5/19/2021): ” The operator of the Colonial Pipeline learned it was in trouble at daybreak on May 7, when an employee found a ransom note from hackers on a control-room computer. By that night, the company’s chief executive officer came to a difficult conclusion: He had to pay. “
When Companies Fail to Pay, Ransomware Gangs Email Their Customers (PC, 4/6/2021)
Half a billion Facebook users’ information posted on hacking website, cyber experts say (CNN, 4/5/2021)

Infrastructure Risks

CISA Shares Details About Ransomware that Shut Down Pipeline Operator (February 19, 2020)Download

Utilities Face Growing Global Cyber Threat Landscape (NextGov, October 28, 2021): “A cybersecurity firm focused on industrial cybersecurity is tracking 15 groups, 11 of which are targeting utilities.”
NYC’s Subway Operator and Martha’s Vineyard Ferry Latest to Report Cyberattacks (Wall Street Journal, June 2, 2021)
U.S. Pipeline Shutdown Exposes Cyber Threat to Energy Sector (The Wall Street Journal, May 9, 2021)
No restart yet for pipeline shut by cyberattack; gasoline prices climb (Politico, May 9, 2021)
Someone Tried to Poison a Florida City by Hacking Into the Water Treatment System, Sheriff Says (CNN, 2/8/2021)
Water-Supply Hack Should Be a Wake-Up Call, Experts Say (Defense One, 2/10/2021)

Cyberwar

Russian invasion of Ukraine could redefine cyber warfare (January 28, 2022): “Ukraine was beset by attacks earlier this month when hackers defaced and disabled more than 70 government websites, and Microsoft discovered malware planted in Ukrainian government systems that could be triggered at any moment.”
How Taiwan is trying to defend against a cyber ‘World War III’ (CNN, July 23, 2021): ” Taiwan’s head of cybersecurity told CNN Business this month that it is using dramatic measures to guard against technological vulnerabilities — including employing roughly two dozen computer experts to deliberately attack the government’s systems and help it defend against what Taiwanese authorities estimate are some 20 million to 40 million cyberattacks every month.”

United States Should Expect Increasing Cyberattacks from Iran, Experts Say (January 13, 2020)Download

Mitigating Cyber Risk

US Partnering with Israel to Counter Ransomware, Regulate FinTech (NextGov, November 16, 2021)
Why Aren’t We Taking This Simple Step to Prevent Ransomware? (Government Executive, August 6, 2021): “In the world of cybersecurity, we’re still in the mid-’80s. And we’re in the middle of a growing public safety crisis.”
Here’s how to check your phone for Pegasus spyware using Amnesty’s tool (The Verge, July 21, 2021): ” Amnesty International — part of the group that helped break the news of journalists and heads of state being targeted by NSO’s government-grade spyware, Pegasus — has released a tool to check if your phone has been affected. “
Opinion: The US Desperately Needs a Civilian Cybersecurity Corps (Defense One, July 12, 2021): “Bipartisan legislation aims to augment the National Guard’s cyber reservists, but a wholly civilian component could be larger and more flexible.”
Nextgov Cloud Security (Nextgov, March 2021): This is an industry guide on how to improve cloud computing.
New Laws Are ‘Probably Needed’ to Force US Firms to Patch Known Cyber Vulnerabilities, NSA Official Says (Defense One, June 25, 2021): “The vast majority of cyber attacks exploit known vulnerabilities that could be fixed by patching older software and replacing older computing gear. But that costs money, and legislation will likely be needed to force companies to make these fixes soon — before the kind of AI-powered tools used by Russia and China become commonplace among smaller-scale hackers, said Rob Joyce, who leads the National Security Agency’s Cybersecurity Directorate.”
How to be prepared for a ransomware attack: Check your data and backups (Tech Republic, June 22, 2021)
US Companies Won’t Pay to Prepare for Cyber Attacks. Congress Must Step In (Defense One, June 21, 2021): “Recent events make clear that corporate America needs a legislative push to improve its cybersecurity posture.”
What is Zero Trust? A Model for More Effective Security (CSO, 1/16/2018)

Cybersecurity Response

The ‘most serious’ security breach ever is unfolding right now. Here’s what you need to know. (Washington Post, December 20): “Much of the Internet, from Amazon’s cloud to connected TVs, is riddled with the log4j vulnerability, and has been for years”
DHS warns of critical flaw in widely used software (CNN, December 11, 2021): “The vulnerability is in Java-based software known as “Log4j” that large organizations, including some of the world’s biggest tech firms, use to configure their applications.”
Cybersecurity Is One of Five Pillars in State’s Modernization Initiative (NextGov, October 27, 2021): “In addition to creating two new positions to handle international cyber and emerging tech issues, Secretary of State Antony Blinken is calling for a 50% increase in the department’s IT budget.”
U.S. Recovered $6 Million In Cyberattack Ransom Payments From Hackers (Forbes, November 8, 2021)
A ransomware gang shut down after CyberCom hijacked its site and it discovered it had been hacked (Washington Post, November 2, 2021): “Cybercom’s action was not a hack or takedown, but it deprived the criminals of the platform they used to extort their victims — businesses, schools and others whose computers they’d locked up with data-encrypting malware and from whom they demanded expensive ransoms to unlock the machines, the officials said.”
States Weigh Bans on Ransomware Payoffs (Route Fifty, July 23, 2021): ” At least three states—New York, North Carolina and Pennsylvania—are considering legislation that would ban state and local government agencies from paying ransom if they’re attacked by cybercriminals. A similar bill in Texas died in committee earlier this year. “
Biden Goes After China’s Cyber Attackers (Defense One, July 19, 2021): ” U.S. officials announced new measures aimed at exposing and disrupting China’s government-sponsored cyber criminal activities, including enlisting key NATO and other allies to reveal new details about the methods by which some massive cyber attacks have affected thousands of government and private networks in the United States, and how to protect against them. “
Agencies Unveil Plans to Fight Ransomware—Including Paying for Tips (NextGov, July 15, 2021)
How A New Team Of Feds Hacked The Hackers And Got Colonial Pipeline’s Ransom Back (NPR, June 8, 2021): “During a press conference Monday, top federal law enforcement officials explained that the money was recovered by a recently launched Ransomware and Digital Extortion Task Force, which had been created as part of the government’s response to a surge of cyberattacks.”
Feds recover millions from pipeline ransom hackers, hint at U.S. internet tactic (NBC News, June 7, 2021): “The FBI was able to seize control of DarkSide’s proceeds by gaining access to a central account holding about 63.7 bitcoins, worth around $2.3 million, Deputy Director Paul Abbate said.”

State Sponsorship

Pegasus spyware used to hack U.S. diplomats working abroad (Washington Post, December 3, 2021)
What China’s Vast New Cybersecurity Center Tells Us About Beijing’s Ambitions (Defense One, July 23, 2021): ” A new report by Georgetown University’s Center for Security and Emerging Technology (CSET), together with an interactive map of satellite photos, examines the NCC — formally, the National Cybersecurity Talent and Innovation Base.”
Biden Administration Blames Hackers Tied to China for Microsoft Cyberattack Spree (Wall Street Journal, July 19, 2021): ” Four Chinese nationals were indicted over separate hacking activity; dozens of nations condemn Beijing’s state-sponsored hacking.”
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses (NY Times, July 18, 2021): ” Data leaked to a consortium of news organizations suggests that several countries use Pegasus, a powerful cyberespionage tool, to spy on rights activists, dissidents and journalists. “
Biden delivers a warning to Putin over ransomware attacks (Politico, July 9, 2021): ” President Joe Biden warned Russian President Vladimir Putin on Friday that the United States will “take any necessary action” to defend critical American infrastructure following a massive ransomware attack by suspected Russian cybercriminals.”
The Incredible Rise of North Korea’s Hacking Army (The New Yorker, 4/19/2021)

Government Programs

DHS Launches Portal to Recruit—and Retain—Cybersecurity Talent (GovExec, November 16, 2021): “

The moment of truth is here for a new hiring system that promises to address gaping cybersecurity shortages by redefining “merit.”

“

The White House Is Deciding Whether to Support a Bureau of Cyber Statistics (NextGov, August 2, 2021): ” The creation of both the Bureau of Cyber Statistics—which would serve as a repository of data on cybersecurity incidents to inform risk-based decision-making—and the National Cyber Director’s office were recommendations of the Congressionally mandated Cyberspace Solarium Commission, of which Inglis was a member.”
Opinion: The US Needs a Department of Cybersecurity (Defense One, August 2, 2021): ” Biden and Congress should fundamentally reorganize its disparate efforts into a centralized Department of Cybersecurity. This new department should have the mandate to organize the big-three triad—people, tech and processes—into a cohesive structure.”
CISA Offers Vulnerability Disclosure Platform for Civilian Agencies (Nextgov, July 30, 2021): “The platform will provide triage and administrative services while allowing CISA to monitor agencies’ progress resolving reports from security researchers.”
White House Asks CISA, NIST to Set Cybersecurity Performance Goals for Critical Infrastructure Operators (Defense One, July 28, 2021): ” The goal is to set comprehensive expectations for cybersecurity across all sectors of critical infrastructure at a time when private companies might be more inclined to meet them, a senior administration official told reporters Tuesday. “
NEW EXECUTIVE ORDER – White House Aims To Beef Up Nation’s Cybersecurity After Pipeline Hack (Defense One, May 12, 2021): “A new executive order shifts how the government buys software and gives consumers visibility into products’ security features.”