Critical Response
+1 800 604 4810

News Desk

Curated cyber security news and updates from Critical Insight™.

Get your cyber security briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of Critical Insight, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cyber security, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Latest Cyber Security News Blast

Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 5-11-2021

Colonial pipeline attack ratchets up ransomware game
"Because the Colonial Pipeline is a significant energy artery of the United States, its strategic importance is such that the DarkSide group could not have been ignorant of the fact," Hamilton said. "Further, given this importance it is likely that this act was known to Russian government—either through direct communication or from intelligence gathering by the GRU and SRV."
https://www.techrepublic.com/article/colonial-pipeline-attack-ratchets-up-ransomware-game/
 
Criminal group originating from Russia believed to be behind pipeline cyberattack
DarkSide typically targets non-Russian speaking countries, the source said. The attack has led the White House to form an interagency working group over the weekend to prepare for various scenarios, including whether additional steps need to be taken to mitigate any potential impact on fuel supply, a White House official said Sunday.
https://www.cnn.com/2021/05/09/politics/colonial-pipeline-cyberattack-restart-plan/index.html
 
Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks
Four critical flaws, dubbed ProxyLogon, impact on-prem Microsoft Exchange Server 2013, 2016, and 2010. Patches, vulnerability detection tools, and mitigation instructions were made available in March, but it is still estimated that up to 60,000 organizations may have been compromised.
https://www.msn.com/en-us/news/technology/lemon-duck-hacking-group-adopts-microsoft-exchange-server-vulnerabilities-in-new-attacks/ar-BB1gzeK5
 
Report: Hacking attempts on healthcare agencies increased by more than 9,800% in 2020
A recent report from software firm VMWare Carbon Black estimates that its health care customers experienced a 9,851% increase in hacking attempts in 2020 compared to the previous year. And activity intensified with the COVID-19 pandemic, attempts spiking 87% from September to October.
https://www.ems1.com/cybersecurity/articles/report-hacking-attempts-on-healthcare-agencies-increased-by-more-than-9800-in-2020-ziTzDyHEwA26SSkQ/
 
New Medical ‘Right To Repair’ Legislation Endangers Patients
The bill [...] would force the manufacturers of complex medical devices—including MRI machines, ultrasound, CT scanners, and PET systems—to hand over confidential training materials and other service tools to unregulated third-party servicing businesses.
https://www.forbes.com/sites/sallypipes/2021/05/10/new-right-to-repair-legislation-endangers-california-patients/?sh=735642f7180c
 
Providers supportive of push to overhaul HIPAA, but air serious concerns about data privacy, timing
"We question the need for these changes, particularly at this time," the American Medical Association wrote in its letter to HHS Office of Civil Rights. [...] "We urge OCR to reconsider implementing a massive change to patient privacy laws in the midst of this transition," the group wrote.
https://www.healthcaredive.com/news/providers-supportive-of-push-to-overhaul-hipaa-but-air-serious-concerns-ab/599724/
 
Building Immunity to Cyber-Attacks
“A really perfect example would be a neighborhood chiropractor, flower shop or electrical supply center, and these small businesses – and they may not necessarily be a Mom and Pop, they might have 100 or 500 employees – they don’t have the data management practices and hygiene a big national corporation has. Everybody beat up on Equifax for their massive breach, but when you see these breaches [of small businesses], they have raised so much more risk of fraud on a per-member or per-credit union basis.”
https://www.cutimes.com/2021/05/10/building-immunity-to-cyber-attacks/
 
Ransomware gangs get more aggressive against law enforcement
Randy Pargman, who worked for the FBI for 15 years, said police departments need to do some "soul searching" about how they currently protect sensitive data such as background check files. He said many departments don't have the budget or staffing for sophisticated cybersecurity measures, but could still transfer sensitive files to external hard drives kept offline and used only when needed.
https://komonews.com/news/nation-world/ransomware-gangs-get-more-aggressive-against-law-enforcement
 
Massive hack exposes emails from top Lightfoot officials
DDoSecrets ultimately posted the voluminous collection of emails after realizing they contained information “the public should know,” Martinez said. “In light of the killing of Adam Toledo, we have decided to publish a cache of emails from the City of Chicago and the Chicago Police Department,” DDoSecrets noted in a post announcing the release.
https://chicago.suntimes.com/city-hall/2021/5/7/22403816/email-hack-lori-lightfoot-jones-day-susan-lee-ddosecrets-lucy-parsons-cpd-police-wikileaks
 
City experiencing difficulties due to ransomware attack
The city of Tulsa’s information and security teams are working to address technical difficulties as a result of an apparent ransomware attack. In a statement released by the city on Saturday, no private resident information was compromised, though individuals will experience delays in network services.
https://tulsaworld.com/news/city-experiencing-difficulties-due-to-ransomware-attack/article_683c0b42-b048-11eb-8196-f3dfb1d4d2ee.html
 
Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?
The order, drafts of which have been circulating to government officials and corporate executives for weeks and summaries of which were obtained by The New York Times, is a new road map for the nation’s cyberdefense. [...] Violators would risk having their products banned from sale to the federal government, which would, in essence, kill their viability in the commercial market.
https://www.nytimes.com/2021/05/09/us/politics/biden-cyberattack-response.html
 
NIST and CISA Release Guidelines for Organizations and Vendors To Defend Against Software Supply Chain Attacks
The agencies also recommended using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks. [...] They also advised software vendors to implement the software development life cycle (SDLC) in their business processes.
https://www.cpomagazine.com/cyber-security/nist-and-cisa-release-guidelines-for-organizations-and-vendors-to-defend-against-software-supply-chain-attacks/
 
The TSA Should Regulate Pipeline Cybersecurity
As I have argued before, after two decades of trying to make a voluntary partnership with industry work, this incident demonstrates that neither thoughts, prayers, nor information sharing is sufficient. It is time for the federal government to exercise its existing authority to regulate the cybersecurity of pipelines.
https://www.cfr.org/blog/tsa-should-regulate-pipeline-cybersecurity
 
How North Korean APT Kimsuky Is Evolving Its Tactics
Between August and October 2020, CloudDragon launched a supply chain attack against a firm in the Korean cryptocurrency industry. Attackers went after a hardware wallet surface, which typically specializes in security but needs software to assist with blockchain on the Internet. Attackers created a malicious version of its management software and deployed it to the official website.
https://www.darkreading.com/operations/how-north-korean-apt-kimsuky-is-evolving-its-tactics/d/d-id/1340956
 
The US Needs to Impose Costs on China for Its Economic Warfare
The United States has failed to sufficiently deter China’s long-running campaign of cyber-enabled economic warfare. Beijing violated the Obama-era bilateral deal to cease economic espionage and then shirked the Trump-era agreement intended to recoup economic losses from its unfair trade practices. There are several components to a better deterrence policy, and it is time to find effective ways to impose costs on Beijing.
https://www.defenseone.com/ideas/2021/05/us-needs-impose-costs-china-its-economic-warfare/173884/
 
Hackers who shut down pipeline: We don’t want to cause “problems for society”
DarkSide claims to avoid targets in medical, education, nonprofit, or governmental sectors—and claims that it only attacks "companies that can pay the requested amount" after "carefully analyz[ing] accountancy" and determining a ransom amount based on a company's net income. Digital Shadows believes these claims largely translate to "we looked you up on ZoomInfo first."
https://arstechnica.com/information-technology/2021/05/major-ransomware-attack-cripples-gas-pipeline-on-us-east-coast/
 
Computer Chips Are the New Toilet Paper
Most people need toilet paper and computer chips every day, and yet we rarely think about either of them. [...] Computer chips aren’t so disposable, but they are equally essential as electronic brains for products like smartphones, cars, airplanes and most modern appliances. Chip shortages have stalled new car manufacturing, made rental cars harder to find and complicated business even for the dog washing industry.
https://www.nytimes.com/2021/05/07/technology/computer-chip-shortages-toilet-paper-pandemic.html

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo