|
CISA INSIGHTS
Informed by U.S. cyber intelligence and real-world events, each CISA Insight provides background information on particular cyber threats and the vulnerabilities they exploit, as well as a ready-made set of mitigation activities that non-federal partners can implement. This page is continuously updated to reflect new CISA Insights as they are made available.
https://www.cisa.gov/insights
The most consequential cyber-attack in history just happened. What now?
“Here’s where the Russian [Foreign Intelligence Service] ruined Christmas: the only thing you can do, if you want to be secure, is basically burn your network to the ground and start all over again.” [...] If there’s a silver lining to all this, Alperovitch said, it’s that the hackers seem to have only been interested in espionage. “If they had done something destructive,” he said, “we would be literally, probably, at war right now — and not a virtual one.”
https://www.latimes.com/world-nation/story/2020-12-23/the-most-consequential-cyber-attack-in-history-just-happened-what-now
US takes extra measures to secure COVID vaccine shipments
Who is behind the hacking program is unclear, but cybersecurity experts and officials suspect nations such as Russia, Iran and others of trying to steal information about the vaccines and other COVID treatments. If vaccine thefts do occur, “the impact on the global community will be much more far-reaching than the theft of a single shipment of vaccines,” Neumann said.
https://www.freightwaves.com/news/us-marshals-help-safeguard-covid-vaccine-shipments
Leaky Server Exposes 12 Million Medical Records to Meow Attacker
A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although it’s unknown how long the data was exposed for before that. It was traced back to Vietnamese tech firm Innovative Solution for Healthcare (iSofH), which provides software for electronic health records and hospital management to 18 medical facilities, including eight top-tier clinics.
https://www.infosecurity-magazine.com/news/leaky-server-12m-medical-records/
Guidance Offered on Data Disclosures During Pandemic
The Department of Health and Human Services' Office for Civil Rights said its new guidance gives examples of how organizations may disclose protected health information without patient authorization to an HIE for reporting to a public health authority. But as a matter of routine, covered entities' notice of privacy practices must reveal that PHI may be shared for public health purposes if the need arises.
https://www.govinfosecurity.com/guidance-offered-on-data-disclosures-during-pandemic-a-15648
Three cybersecurity myths that high net worth clients need to overcome
“The number of attempted or successful attacks against families have skyrocketed since February, because the bad guys know a lot of people working from home,” said Darren McGraw, president of Mechelsen Private Client. “A lot of bad guys know that home networks and home habits, and how we run our digital lives are laxer than when we’re in formal office work environments.”
https://www.insurancebusinessmag.com/us/news/high-net-worth/three-cybersecurity-myths-that-high-net-worth-clients-need-to-overcome-242466.aspx
Communication Issues Plague County after Ransomware Attack
In the letter delivered Sunday to Superintendent Darryl L. Williams , the Teachers Association of Baltimore County and the Council of Administrative and Supervisory Employees, which represents principals, assistant principals and others, said their members have “had enough” and demanded more information from school officials in the wake of the catastrophic ransomware attack that has crippled the school system since November.
https://www.govtech.com/security/Communication-Issues-Plague-County-After-Ransomware-Attack.html
Massive data breach may have been discovered due to 'unforced error' by suspected Russian hackers
FireEye was tipped off to the hackers' presence when they attempt to move laterally within the firm's network, according to the sources, a move that suggested the hackers were targeting sensitive data beyond emails addresses or business records. Whether that exposure was the result of a mistake by the attackers or because they took a calculated risk remains unclear, the sources said.
https://www.cnn.com/2020/12/23/politics/hack-unforced-error-discovery/index.html
White House activates cyber emergency response under Obama-era directive
The action is rooted in a presidential directive issued during the Obama administration known as PPD-41, which establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident. The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security.
https://www.cyberscoop.com/solarwinds-white-house-national-security-council-emergency-meetings/
Biden says the Pentagon isn't briefing his team on the suspected Russian cyberattack
"It is a grave risk, and it continues. I've seen no evidence that it is under control," Biden said in Wilmington, Delaware, of the sweeping cyberattack that has affected a number of federal government departments and agencies. "The Department of Defense won't even brief us on many things," he added, suggesting that limited cooperation from the Pentagon was hindering his understanding of the situation he would take charge of in just 29 days.
https://www.businessinsider.com/biden-pentagon-wont-brief-his-team-on-suspected-russian-hack-2020-12
Software Supply-Chain Attack Hits Vietnam Government Certification Authority
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's website ("ca.gov.vn") to insert a spyware tool called PhantomNet or Smanager.
https://thehackernews.com/2020/12/software-supply-chain-attack-hits.html
Japanese Companies Fall Victim To Unprecedented Wave of Cyber Attacks
According to international security firm CrowdStrike, a survey of 2,200 security departments at major companies in 13 countries found that just over half of 200 Japanese companies, ranging from the automotive, aviation, and finance sectors, reported ransomware cyber attacks in which 33 companies paid an average sum of 123 million yen ($1.17 million) to criminal networks in order to prevent the leak of password-protected data.
https://thediplomat.com/2020/12/japanese-companies-fall-victim-to-unprecedented-wave-of-cyber-attacks/
Cyber-Attack on European Court of Human Rights
The European Court of Human Rights has fallen victim to a cyber-attack after publishing a ruling regarding the fate of an incarcerated Turkish political leader. [...] The attack came shortly after the Court published a grand chamber ruling on December 22 demanding that Turkey release the former leader of the pro-Kurdish Peoples’ Democratic Party (HDP), Selahattin Demirtas, immediately.
https://www.infosecurity-magazine.com/news/cyberattack-on-european-court-of/
ACLU sues FBI for information about its encryption-cracking skills
The ACLU says the bureau should come clean about what its Electronic Device Analysis Unit (EDAU) is using “to unlock and decrypt information that is otherwise securely stored on cell phones.” The group filed a Freedom of Information Act lawsuit Monday in a San Francisco federal court. [...] The ACLU says, in essence, that any request for encryption backdoors might be a moot point, given the powers the EDAU already seems to possess. The lawsuit cites court papers and other public documents that hint at the unit’s existing capabilities.
https://www.cyberscoop.com/aclu-fbi-encryption-lawsuit/
The Biden administration can change the world with new crypto regulations
We want the most innovative crypto and blockchain companies to be built and to grow here in the U.S., where they can create value and opportunities for U.S. citizens. Similar to the early days of the internet, we don’t know what the industry will look like in 5-10 years, but with flexible frameworks the opportunity is massive. There’s a big opportunity for the Biden administration to influence new policies and new legislation and provide clear guidance that will accelerate innovation in fintech and crypto for many generations to come.
https://techcrunch.com/2020/12/23/the-biden-administration-can-change-the-world-with-new-crypto-regulations/
Google, Cisco, others wake up to threat from ‘cyber-mercenary’ NSO Group
Several tech giants filed an amicus brief in support of WhatsApp’s legal action against Israeli firm NSO Group, which develops and sells spyware and hacking tools. [...] Filed by Google, Microsoft, Cisco, GitHub, LinkedIn, VMware, and the Internet Association (which represents companies like PayPal, Amazon, and Twitter), the brief holds that granting NSO immunity would pave the way for a growing private cyber-surveillance industry to further exploit technological vulnerabilities in violation of US law.
https://www.trtworld.com/magazine/google-cisco-others-wake-up-to-threat-from-cyber-mercenary-nso-group-42617
Ransomware: Attacks could be about to get even more dangerous and disruptive
For example, what if ransomware gangs could hit many different organisations at once in a coordinated attack? This would offer an opportunity to illicitly make a large amount of money in a very short amount of time – and one way malicious hackers could attempt to do this is by compromising cloud services with ransomware. "The next thing we're going to see is probably more of a focus on cloud. [...] The destructive nature of ransomware could also see it exploited by hacking operations that aren't purely motivated by money.
https://www.zdnet.com/article/ransomware-why-these-attacks-could-get-even-more-dangerous-and-disruptive/
Emotet Returns to Hit 100K Mailboxes Per Day
The old version would not give any visible response after macros were enabled, which may make the victim suspicious. The new version creates a dialog box saying that “Word experienced an error trying to open the file.” This gives the user an explanation why they don’t see the expected content, and makes it more likely that they will ignore the entire incident while Emotet runs in the background.”
https://threatpost.com/emotet-returns-100k-mailboxes/162584/
US Department of Homeland Security warns American business not to use Chinese tech or let data behind the Great Firewall
Once it’s done scaring readers, the document suggests businesses “should minimize the amount of at-risk data being stored and used in the PRC or in places accessible by PRC authorities” and “acquire a thorough understanding of the ownership of data service providers, location of data infrastructure, and any tangential foreign business relationships and significant foreign investors.”
https://www.theregister.com/2020/12/23/dhs_warns_us_businesses_dont_use_china_tech/
|
