Unian reports that Ukraine’s SBU security service says it’s been under distributed denial-of-service attack for “several days.” SBU representatives told Ukrayinska Pravda that the attack is “obviously” connected with Russia’s ongoing hybrid war against Ukraine.
The attack against secure file sharing service provider Accellion has been attributed to the FIN 11 and Clop ransomware gangs. FireEye’s Mandiant unit, which has been working with Accellion to respond to the incident, says that exploitation began in mid-December, and that victims began receiving extortion notices in January. It appears to have been a pure extortion campaign: the CLOP ransomware itself seems not to have been deployed. FireEye has remarked in the past that FIN 11’s successes have been predicated more on volume than technical sophistication.
Accellion has issued guidelines for its customers to help protect themselves against further damage from the compromise of its FTA service. In particular, the company recommends that FTA customers migrate to the company’s Kiteworks service.
SolarWinds’ still relatively new CEO Sudhakar Ramakrishna will appear before a Congressional committee investigating Solorigate this week, according to the Washington Post. His public statements foreshadow the testimony he’s believed likely to give. FCW reports that he told a Center for Strategic and International Studies virtual meeting yesterday that what happened to SolarWinds could have happened to anyone. He’s also advocated, Nextgov says, incentivizing risk information sharing with some protection against liability.
The US Department of Homeland Security has announced a range of intentions intended to further President Biden’s call for improved cybersecurity.