|
New nation-state cyberattacks
Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor. [...] Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
Ryuk Ransomware: Now with Worming Self-Propagation
“Ryuk looks for network shares on the victim IT infrastructure. To do so, some private IP ranges are scanned: 10.0.0.0/8; 172.16.0.0/16; and 192.168.0.0/16,” according to a recent ANSSI report. “Once launched, it will thus spread itself on every reachable machine on which Windows Remote Procedure Call accesses are possible.”
https://threatpost.com/ryuk-ransomware-worming-self-propagation/164412/
Cybersecurity firm Qualys likely latest victim of Accellion hacks
Yesterday, the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm Qualys. The leaked data includes purchase orders, invoices, tax documents, and scan reports. [...] The Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server is assigned to Qualys. Qualys has since decommissioned the FTA device, with Shodan showing it was last active on February 18th, 2021.
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-likely-latest-victim-of-accellion-hacks/
1 in 5 Americans had a healthcare provider affected by cyberattacks, report finds
- Sixty-one percent of consumers said they are more worried about ransomware taking their healthcare provider offline and affecting their care than they were last year.
- Twenty-seven percent of consumers said that if their provider were the victim of a cyberattack that exposed their health record, they would consider switching to a new provider.
https://www.beckershospitalreview.com/cybersecurity/1-in-5-americans-had-a-healthcare-provider-affected-by-cyberattacks-report-finds.html
MITRE launches ransomware support hub for hospitals and health systems
It also offers a well-stocked resource library that's searchable and can be filtered for the materials that might be the most useful. The tools are drawn from MITRE’s own expertise, from government sources and from provider best practices. The goal is to convene a variety of resources in a single accessible and intuitive location[.]
https://www.healthcareitnews.com/news/mitre-launches-ransomware-support-hub-hospitals-and-health-systems
IBM Report: Attacks on Healthcare, Manufacturing and Energy Doubled in 2020
“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time[.] [...] “Attackers’ victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries.”
https://www.hstoday.us/industry/ibm-report-attacks-on-healthcare-manufacturing-and-energy-doubled-in-2020/
Will Your Insurance Policies Step in After a Cyber-Attack?
During the 2017 global NotPetya cyber-attack, many affected organizations ended up incurring losses not covered by their insurance portfolio because of exclusions and clauses in their policies. Often, the financial repercussions were in the hundreds of millions of dollars. A famous example is the financial and tangible impacts incurred by the pharmaceutical giant, Merck.
https://securityboulevard.com/2021/03/will-your-insurance-policies-step-in-after-a-cyber-attack/
Developing Unique Partnerships to Defeat the Cyber Threat
Cyber criminals are also taking a page out of the nation-state hacker playbook. In this regard, they’re sometimes breaching the systems of managed service providers. Through just one intrusion they can then access the networks of hundreds of potential victims. [...] In the end, it doesn’t matter whose action kicks cyber criminals off their networks and platforms, or which agency took down the criminals’ infrastructure.
https://www.fbi.gov/news/speeches/developing-unique-partnerships-to-defeat-the-cyber-threat-abbate-bccs-030321
Why Global Power Grids Are Still So Vulnerable to Cyber Attacks
“Essential state infrastructures like power grids and nuclear reactors have been and will continue to be a target of cyber attacks because modernization allows internet connectivity, which makes them vulnerable. It’s almost a natural instinct of hackers, especially the state-sponsored ones, to attack energy infrastructure because they can easily disrupt national security.”
https://www.bloomberg.com/news/articles/2021-03-03/why-global-power-grids-are-still-so-vulnerable-to-cyber-attacks
New Education Fund to Invest in Women in Cybersecurity Careers
The Last Mile Education Fund invests in striving under-resourced, under-represented students in high-demand technology and engineering fields with an abundance approach, helping them persist to graduation by providing critical financial support to overcome obstacles for which assistance is less available like housing, food, transportation, healthcare and internet access.
https://www.prweb.com/releases/new_education_fund_to_invest_in_women_in_cybersecurity_careers/prweb17761379.htm
GAO Report Highlights Need for Centralized Cyber Leadership
The report also says a lack of centralized leadership at the White House hinders the government's ability to address cybersecurity. And while the 2021 National Defense Authorization Act included a provision to reestablish the position of national cyber director at the White House, the Biden administration has not yet nominated anyone for that position.
https://www.bankinfosecurity.com/gao-report-highlights-need-for-centralized-cyber-leadership-a-16103
Protecting the Information Space in Times of Armed Conflict
Where should the protective bounds of international humanitarian law extend with regards to effects and side effects of digitized information warfare? What are, or what should be, the limits of disinformation campaigns, “fake news,” deep fakes, and the systematic manipulation of a given information space in times of armed conflict?
https://www.justsecurity.org/75066/protecting-the-information-space-in-times-of-armed-conflict/
North Korea is the most isolated country on the planet, but it still finds ways to steal billions of dollars
Over the years we've seen a heavier focus on cyber-enabled financial crime that benefits North Korea's nuclear weapons. That includes hacking of cryptocurrencies like Bitcoin and more distribution of malware. There was the WannaCry cyber attack, there was the online bank heist in 2016 of a Bangladesh bank.
https://www.businessinsider.com/how-north-korea-uses-hacking-and-cryptocurrency-to-avoid-sanctions-2021-3
JUST IN: Mumbai Incident Spotlights China's Cyber Capabilities
After recent border clashes between Chinese and Indian troops, power outages knocked out crucial functions, including hospitals, transportation systems and the stock market in Mumbai. [...] These types of offensive cyber operations require the United States to seriously evaluate whether China is trying to send a message about its military strength, said retired U.S. Navy Vice Adm. T.J. White, former commander of U.S. Fleet Cyber Command and the U.S. Tenth Fleet.
https://www.nationaldefensemagazine.org/articles/2021/3/3/mumbai-incident-spotlights-chinas-cyber-capabilities
Hackers, nation-states, target US black community to commit fraud, sow division
“Our last election showed all the imperfections we have as Americans, and the dark side of the cyber world is here to exploit our divisions. Blacks, as with other underserved communities, are particularly vulnerable. Adversarial nation states will exploit and manipulate our differences, and those of us most vulnerable will suffer the most.”
https://www.scmagazine.com/home/security-news/cybercrime/hackers-nation-states-target-us-black-community-to-commit-fraud-sow-division/
Virginia governor signs comprehensive data privacy law
The law will go into effect in 2023 and applies to all businesses that control or process the proposal data of at least 100,000 consumers, derive more than 50 percent gross revenue from the sale of personal data or process the personal data of at least 25,000 consumers.
https://thehill.com/policy/technology/541290-virginia-governor-signs-comprehensive-data-privacy-law
Google claims it will stop tracking individual users for ads
We continue to get questions about whether Google will join others in the ad tech industry who plan to replace third-party cookies with alternative user-level identifiers. Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.
https://arstechnica.com/gadgets/2021/03/google-claims-it-will-stop-tracking-individual-users-for-ads/
Inside ‘TALON,’ the Nationwide Network of AI-Enabled Surveillance Cameras
The cameras, which are sold to law enforcement, homeowners associations, and businesses, can automatically record when a "non-resident" vehicle drives into a community, and alert police to cars on a hotlist. Communities have created "virtual gates" around their neighborhoods, with cameras capturing each vehicle driving in and out of the area. Through a program called TALON, this little-known company is allowing police officers to track cars—and by extension, specific people—outside of their own jurisdictions.
https://www.vice.com/en/article/bvx4bq/talon-flock-safety-cameras-police-license-plate-reader
|
