Cyber Security News

News Insights: Cyber espionage campaign targets renewable energy companies
A story in Bleeping Computer reveals that a large-scale cyber-espionage campaign is targeting primarily renewable energy and industrial technology organizations.
Is The War On? Malware Hits Ukrainian Organizations
https://www.oodaloop.com/briefs/2022/01/15/microsoft-reports-on-destructive-malware-targeting-ukrainian-organizations/
NCSC sounds alarm over Russia-backed hacks
The UK’s National Cyber Security Centre (NCSC) has joined key international partners in warning operators of critical national infrastructure (CNI) – such
Tenable’s Jill Shapiro on Federal Cybersecurity Funding in 2022
The Infrastructure Investment and Jobs Act has passed, allocating a billion dollars for cybersecurity for state, local, tribal and territorial
Facebook Hosted Surge of Misinformation and Insurrection Threats in Months Leading Up to Jan. 6 Attack, Records Show
Facebook groups swelled with at least 650,000 posts attacking the legitimacy of Joe Biden’s victory between Election Day and the
news
From Illusive: Preventing BlackMatter Ransomware from Encryption of Available Remote Share
  https://illusive.com/resources/threat-research-blog/preventing-blackmatter-ransomware-from-encryption-of-available-remote-share/
News Insights: Ransomware attack affected websites of 5,000 schools
Last week, a ransomware attack on Finalsite compromised the websites of 5,000 schools nationwide. This attack is just the latest
NEWS!
Research Insights: Netskope Cloud and Threat Spotlight:
Netskope has released the Netskope Cloud and Threat Spotlight: January 2022, disclosing new research highlighting the growth of malware and
NEWS!
News Insights: FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure
Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups. At a time when US-Russian
NEWS!
News Insights: FBI warns US defense industry about attacks by FIN7 cybercriminal group
Bleeping Computers recently reported that the The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash

Cyber Security News

Why track cyber security news? Cyber security is a world unto itself. It’s a profession, an IT discipline and now a major industry. Companies, consumers and governments are spending billions of dollars a year on cyber security. Security also pervades many areas of life that have little to do, seemingly, with cyberspace. Thus, to keep up with the world in general, it’s helpful to stay aware of news that relates to cyber security.

For example, the dispute between the US government and Huawei is at once about international trade, national security, telecom industry competition… and cybersecurity. Security is a root issue with Huawei, given the suspicions about the company’s connections to the Chinese Communist Party (CCP). However, the company’s size, reach and technological innovation push the matter to the forefront of US-China relations.

cyber security newsOr, take consumer cyber risks. We cover cyber security news that deals with consumers’ exposure to cybercrime and fraud. Consumers are increasingly at risk for identity theft, credit card and other malfeasance at the hands of cyber criminals. The articles we curate on this subject come from law enforcement publications, mainstream media and specialized blogs.

Public policy is now being influenced (or should be) by cyber security news. Policy makers should be aware of how cyber security affect their jobs and constituents’ lives. For instance, the “smart city” is both an innovation and a threat. Using IoT sensors and advanced data analytics to improve municipal services is a great idea. However, the smart city also exposes government data to breach.

This is particularly urgent given the relatively insecure technologies (e.g. Chinese-made sensors) used for the smart city and the wireless connectivity that make it all possible. Add malicious nation-state actors to the mix, such as the ones currently paralyzing American cities with ransomware, and one can see the potential danger.

 

News Insights: Cyber espionage campaign targets renewable energy companies

A story in Bleeping Computer reveals that a large-scale cyber-espionage campaign is targeting primarily renewable energy and industrial technology organizations. It has been discovered to be active since at least 2019, targeting over fifteen entities worldwide.

https://www.bleepingcomputer.com/news/security/cyber-espionage-campaign-targets-renewable-energy-companies/

News Insights:

According to Bryson Bort, CEO & Founder, SCYTHE (www.scythe.io), “This is similar to the targeted credential theft attack as seen in the breach of the Florida water plant in 2020. The underlying goal depends on the nation-state actor involved. If it’s Russia, then it a further example of iterative intelligence against our critical infrastructure and possibly putting “levers” in place in anticipation of conflict (Ukraine weighs heavy on the mind). On the other hand, if it’s North Korea, then it could be the reconnaissance phase for future ransomware attacks. Renewables are the fastest growing energy segment which means they’re a target for financially motivated attacks.”

 

Saryu Nayyar, CEO and Founder, Gurucul (she/her) said, “While the attack itself is deemed “unsophisticated”, this is a perfect example of an elaborate industrial espionage campaign targeting multiple sectors to disrupt or steal data from a specific industry. While simple, this phishing attack is difficult to defend, however, with a next generation SIEM that supports behavioral analytics supported by adaptable machine learning models, the abnormal communications to suspicious domains can immediately be prioritized for security teams to investigate and determine if a real threat exists. If the campaign is indeed purported by proponents of the fossil-fuel industry, it is indeed unfortunate. Renewable energy companies need to invest more in cloud-native analytical security solutions to protect themselves against this type of threat, but also nation state threat actors looking to steal intellectual property for their own energy programs.”

Is The War On? Malware Hits Ukrainian Organizations

Is The War On? Malware Hits Ukrainian Organizations

NCSC sounds alarm over Russia-backed hacks

The UK’s National Cyber Security Centre (NCSC) has joined key international partners in warning operators of critical national infrastructure (CNI) – such as telecoms networks, energy suppliers and utilities, transport operators, and logistics and distribution specialists, to be on their guard against intrusions into their systems originating from malicious actors linked to the Russian state.

https://www.computerweekly.com/news/252511934/NCSC-sounds-alarm-over-Russia-backed-hacks

Tenable’s Jill Shapiro on Federal Cybersecurity Funding in 2022

The Infrastructure Investment and Jobs Act has passed, allocating a billion dollars for cybersecurity for state, local, tribal and territorial governments (SLTTs). In this video from our sister organization, the Cyber Policy Institute, Jill Shapiro, Senior Director of Government Affairs at Tenable Security discusses the best use of the cyber funding for SLTTs. She explores the federal government’s role in helping SLTTs secure infrastructure and mitigate unique threats to their governments as well.

To watch the video, visit https://youtu.be/dtG1TnEkflw

Jill has been with Tenable since 2018, where she advocates for safe cybersecurity policies to close the cybersecurity gap. Jill is a longstanding advocate of cyber investments in state, local, tribal and territorial governments. She offers a unique perspective on the implementation of funding for cybersecurity now that the Infrastructure Investment and Jobs Act has passed.

 

 

Facebook Hosted Surge of Misinformation and Insurrection Threats in Months Leading Up to Jan. 6 Attack, Records Show

Facebook groups swelled with at least 650,000 posts attacking the legitimacy of Joe Biden’s victory between Election Day and the Jan. 6 siege of the U.S. Capitol, with many calling for executions or other political violence, an investigation by ProPublica and The Washington Post has found.

The barrage — averaging at least 10,000 posts a day, a scale not reported previously — turned the groups into incubators for the baseless claims supporters of then-President Donald Trump voiced as they stormed the Capitol, demanding he get a second term. Many posts portrayed Biden’s election as the result of widespread fraud that required extraordinary action — including the use of force — to prevent the nation from falling into the hands of traitors.

https://www.propublica.org/article/facebook-hosted-surge-of-misinformation-and-insurrection-threats-in-months-leading-up-to-jan-6-attack-records-show?utm_source=sailthru&utm_medium=email&utm_campaign=majorinvestigations&utm_content=river&fbclid=IwAR21NPf7lE1RZWRBVDeRLjuWJeJ_x3oq-xJtClcNomzmjbsfqA3hLOk4KSk

 

From Illusive: Preventing BlackMatter Ransomware from Encryption of Available Remote Share

 

Preventing BlackMatter Ransomware from Encryption of Available Remote Share

News Insights: Ransomware attack affected websites of 5,000 schools

Last week, a ransomware attack on Finalsite compromised the websites of 5,000 schools nationwide.

This attack is just the latest on schools nationwide, responsible for interrupting remote learning, and compromising the data of educational institutions.

News Insights:

According to Ric Longenecker, CISO at Open Systems:

“Schools continue to be ransomware attack targets, as illustrated by the recent Finalsite attack. With so many educational institutions continuing to rely on remote learning, these organizations – which have a wealth of data, including addresses, banking and credit card details, medical information and Social Security numbers – are particularly attractive to bad actors.

Although it seems that Finalsite and the thousands of schools that use its software escaped the attack without their data being compromised, this event highlights the need for schools to increase their cybersecurity efforts and decrease their attack surfaces. Schools can take these important steps by working with a managed detection and response (MDR) solution provider.

An experienced MDR provider combines AI technology and human know-how to assess threats and speed up effective mitigation of attacks before they spread and impact students, faculty and parents. A better MDR provider goes beyond detection and response to actual reduction of the attack surface and increase of the school’s security maturity, to prevent future breaches.”

Photo by Produtora Midtrack from Pexels

Research Insights: Netskope Cloud and Threat Spotlight:

Netskope has released the Netskope Cloud and Threat Spotlight: January 2022, disclosing new research highlighting the growth of malware and malicious payloads delivered by cloud apps. The analysis identified trends in cloud attacker activities and data risks from 2021 compared to 2020.  Report Highlights:

 

  • Google Drive emerges as the top app for malware downloads, taking over that spot from Microsoft OneDrive, while the percentage of malware downloads from cloud apps increased from 46%, peaked at 73% and plateaued at 66%.
  • Emotet copycats continue to abuse Microsoft Office documents, which continue to represent one-third of all malware downloads, compared to one-fifth of all malware downloads prior to Emotet.
  • More than half of managed cloud app instances are targeted by credential attacks, while the sources of such attacks shift from a few heavy hitters to a more decentralized attack.
  • Employee attrition leads to data exfiltration, as one out of very seven users take data with them when they leave using personal app instances.
  • Cloud adoption continues to rise, with the rising popularity of Cloud Storage apps attracting abuse by both attackers (for malware delivery) and insider threats (for data exfiltration).

Research Insights:

According to Garret Grajek, CEO, YouAttest:  

“The fact that more than half of the managed cloud attacks are still password/credential hacks shows how important identity is – not just devices but on cloud resources. The attackers love new deployments and new configurations – because they know that these new sites are often hastily assembled and lack true security and identity governance. That is why it is imperative that enterprise deploy the same principles of #least privilege (NIST 800-53 rev 5, PR.AC-6) to ensure that the identities and the managing identities in the cloud are not overloaded with privileges and thus making the hackers job easier.”

 

Saryu Nayyar, CEO and Founder, Gurucul (she/her):

“This informative report highlights the need for cloud-native solutions that seamlessly monitor for, detect and accelerate response against known and unknown or emerging malware that targets cloud infrastructure regardless of vendor. Based on the report, the most effective solution for combating these emerging threats requires a combination of behavioral-based security analytics combined with an understanding of identity, access and entitlements to prevent credential-based attacks. Using this approach offers a much-needed layer of data-loss prevention (DLP) already incorporated into specific next generation SIEMs and can alert security teams both earlier in the kill chain and with an unprecedented level of context and automation to prevent loss.”

News Insights: FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure

Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.

At a time when US-Russian diplomatic tensions are high amid another round of talks on security concerns between the nations recently concluding, the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency today released a joint advisory on how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.

https://www.darkreading.com/threat-intelligence/fbi-nsa-cisa

 

News Insights:

According to Tim Helming, Security Evangelist at DomainTools:

“There is good guidance here from the agencies (CISA, NSA, FBI) though it’s tempting to look at it as motherhood-and-apple-pie: the vast majority of owners and operators of critical infrastructure are well aware of the threats, and are also cognizant of many of the fundamental steps toward hardening their assets against these threats. Many in the critical infrastructure community take an ‘assume breach’ posture already, based on what we know about the capabilities of these actors. Procedures and tools to improve asset visibility and vulnerability management, identity and access management, log management, ingress and egress filtering, anomaly detection, and behavioral analytics are all recognized as fundamental necessities, and it’s safe to say are being actively improved, to a greater or lesser extent, in the majority of installations.

So why did CISA et al issue the advisory? In part, because if they weren’t on record doing so and a compromise were confirmed, it would have been a glaring gap. It also gives owners and operators facing resource constraints more support in their requests, and it’s important not to underestimate how important that can be.”

News Insights: FBI warns US defense industry about attacks by FIN7 cybercriminal group

Bleeping Computers recently reported that the The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices to deploy ransomware.

https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/

News Insights:

Purandar Das, Co-founder and CEO of Sotero, an encryption-based security solutions company, said, “This seems like a step back in terms of attack sophistication. In a time when attacks are being executed leveraging third part and open-source software components this seems like a step back in to a bygone era where the attack depended on a human failure or event to start. It may have been an attempt to capitalize on lowered guards when everyone is focused on talking about the more sophisticated attacks. Regardless, this demonstrated that the attackers will leave no avenue unexploited. It also demonstrates the potential for pay off’s that the attackers are willing to invest in USB drives and physical mailing costs.”

 

Privacy Policy