Attacks, Threats, and Vulnerabilities
U.S. Pipeline Cyberattack Forces Closure (Wall Street Journal) The operator of the Colonial Pipeline, the main conduit carrying gasoline and diesel fuel to the U.S. East Coast, temporarily shut down all operations after discovering a cyberattack.
Cyberattack Forces Shutdown of Major U.S. Pipeline (SecurityWeek) A cyberattack has forced an operational shutdown of the Colonial Pipeline, the largest refined products pipeline in the United States.
Largest U.S. pipeline shuts down operations after ransomware attack (BleepingComputer) Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack.
Major U.S. Pipeline Crippled in Ransomware Attack (Threatpost) Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.
Cyberattack Forces a Shutdown of a Top U.S. Pipeline (New York Times) The operator, Colonial Pipeline, said it had halted systems for its 5,500 miles of pipeline after being hit by a ransomware attack.
Ransomware attack leads to shutdown of major U.S. pipeline system (Washington Post) The attack on top U.S. operator Colonial Pipeline appears to have been carried out by an Eastern European-based criminal gang
US invokes emergency powers after cyber-attack on fuel pipeline (the Guardian) Scramble to avoid shortages after Colonial Pipeline targeted in attack on US infrastructure
Ransomware Attack Shuts Down A Top U.S. Gasoline Pipeline (NPR) An attack shuts down Colonial Pipeline, a major transporter of gasoline along the East Coast. A security analyst says the event shows the vulnerability of key elements of the nation's infrastructure.
Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed (Reuters) Top U.S. fuel pipeline operator Colonial Pipeline shut its entire network, the source of nearly half of the U.S. East Coast's fuel supply, after a cyber attack on Friday that involved ransomware.
The Colonial Pipeline Hack Is a New Extreme for Ransomware (WIRED) An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure.
US pipeline company halts operations after cyberattack (ABC News) A U.S. energy company says a cyberattack forced it to temporarily halt all operations on a major pipeline that delivers roughly 45% of all fuel consumed on the East Coast
US Pipeline Company Halts Some Operations After Cyberattack (WBUR) A company that operates a major U.S. energy pipeline says it was forced to temporarily halt all pipeline operations following a cybersecurity attack. In a statement, Colonial Pipeline says the attack took place Friday and also affected some of its information technology systems.
US fuel supply company hit by ransomware, government steps in to restore services (Computing) Attackers also stole over 100 gigabytes of data from Colonial Pipeline's networks
Cyberattack forces closure of largest US refined-fuel pipeline (FOX 5 DC) Operator of the Colonial Pipeline, the leading fuel conduit to the East Coast, said it had temporarily halted operations after discovering the threat Friday.
Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down (The Hacker News) A major #ransomware #cyberattack forced Colonial Pipeline—the largest fuel pipeline operator in the United States—to shut down its entire network.
Colonial Hackers Stole Data Thursday Ahead of Shutdown (Bloomberg) Attackers stole nearly 100GB of data in two hours on Thursday. Theft followed by locking of computers and ransom demand.
Colonial Pipeline Was Silent For More Than A Day About Cyber Attack (Forbes) A best practice of crisis management is to keep those affected by a crisis informed about the situation. That does not appear to be the case in the aftermath of Friday's cyber attack on Colonial Pipeline and its decision to shut down a major source of fuel for tens of millions of people in the U.S.
7 Crisis Management Lessons From Colonial Pipeline’s Response To Cyber Attack (Forbes) Friday’s ransomware attack on Colonial Pipeline has created a crisis for the company and the country provides important lessons for business leaders on how to respond and manage crisis situations.
Oil gains after cyberattack forces shutdown of U.S. fuel pipelines (Reuters) Oil rose on Monday after major U.S. fuel pipeline operator Colonial Pipeline had to shut fuel pipelines due to a cyberattack, raising concerns about supply disruption and pump price increases.
Colonial Is Just the Latest Energy Asset Hit by Cyber-Attack (Bloomberg) A cyber-attack has never taken down a U.S. fuel pipeline quite as big as the Colonial Pipeline. It’s the nation’s largest gasoline, diesel and jet fuel system and a critical source of fuel supply for the U.S. Northeast.
Russian criminal group suspected in Colonial pipeline ransomware attack (NBC News) The group, known as DarkSide, is relatively new, but it has a sophisticated approach to extortion, sources said.
A Cyber Attack Shut Down U.S.'s Largest Fuel Pipeline Network (Rolling Stone) Ransomware is believed to have caused the outage
The Colonial Pipeline ransomware attack: seurity industry reactions. (The CyberWire) Colonial Pipeline disclosed Saturday that it has been the victim of a ransomware attack. The company said that "On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring." There's been considerable comment from the security industry on the incident. We summarize below what we've heard.
Pipeline Hackers Say They're 'Apolitical,' Will Choose Targets More Carefully Next Time (Vice) "Our goal is to make money, and not creating problems for society," the statement continues.
“Into The Mind of An IoT Hacker | Protect Your IoT Networks & Devices” - RSA Conference 2021® (Check Point Software) By now, we’ve probably all heard the stories around cyber criminals and their successful cyber attacks on companies by infiltrating their connected IoT
Ransomware in an Industrial World | Dragos (Dragos | Industrial (ICS/OT) Cyber Security) Ransomware has become one of the most common methods of profit for cybercriminals – and a major cause of disruption. Jason Christopher and Dave Bittner share their thoughts
SolarWinds Says Russian Group Likely Took Data During Cyber-Attack (Bloomberg) Company says fewer than 100 clients were compromised in hack. SolarWinds lays out three possible explanations for breach.
SolarWinds: Hackers Accessed Our Office 365 Since Early 2019 (CRN) Hackers persistently accessed SolarWinds’ internal systems, Microsoft Office 365 environment and software development environment for months before carrying out their vicious cyberattack.
SolarWinds says fewer than 100 customers were impacted by supply chain attack (The Record by Recorded Future) Texas-based software firm SolarWinds downgraded the number of customers impacted by its 2020 supply chain attack from 18,000 to less than 100.
Joint advisory: Further TTPs associated with SVR cyber actors (NCSC) The NCSC, CISA, FBI and NSA publish advice on detection and mitigation of SVR activity following the attribution of the SolarWinds compromise.
NCSC, CISA publish new information on Russia’s Cozy Bear (ComputerWeekly.com) New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics.
Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say (CyberScoop) After pulling off a sweeping breach of U.S. government networks last year, Russia’s SVR foreign intelligence agency has been scanning the internet for a vulnerability in Microsoft software previously exploited by Chinese spies, British and American security agencies said Friday.
Russian state hackers switch targets after US joint advisories (BleepingComputer) Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.
Further TTPs associated with SVR cyber actors (NCSC) Use of multiple publicly available exploits and Sliver framework to target organisations globally
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader (Morphisec) Morphisec Labs identified a new crypter, Snip3, a highly evasive RAT loader that can bypass detection-centric security tools.
DNS Flaw Can Be Exploited for DDoS Attacks (BankInfo Security) Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that attackers could used to carry out distributed denial-of-service attacks
Malspam Campaign Uses Hancitor to Download Cuba Ransomware (GovInfo Security) Attackers have co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and
Microsoft Discovers 25 Critical Vulnerabilities in IoT Security Affecting Google, Amazon, Samsung, and Other Devices, SDKs and Libraries (CPO Magazine) Microsoft Section 52 research team discovered 25 critical vulnerabilities affecting various internet of things (IoT) and operational technology (OT) devices.
Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage (Native News Online) On April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information.
City of Tulsa hit by ransomware over the weekend (The Record by Recorded Future) The city of Tulsa, Oklahoma, one of the 50 largest cities in the US, has been hit by a ransomware attack over the weekend that affected the city government's network and brought down official websites.
Albioma : Information on a cyber attack (GlobeNewswire) A "ransomware" type virus attack was detected on Albioma's IT network on Tuesday, 4 May.
Cyberattack knocks out RPI computer systems (Times Union) Rensselaer Polytechnic Institute informed students and faculty on Friday that it is...
Massive hack exposes emails from top Lightfoot officials (Chicago Sun-Times) The emails were posted online on April 19 by Distributed Denial of Secrets, a nonprofit whistleblower group similar to WikiLeaks, and include tens of thousands of emails from city officials.
Ransomware gangs get more aggressive against law enforcement (Star Tribune) Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime.
Thousands of Tor exit nodes attacked cryptocurrency users over the past year (The Record by Recorded Future) For more than 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency-related sites.
Trends
Chaos means cash for criminals and cybersecurity companies (SiliconANGLE) The pandemic not only accelerated a shift to digital, it highlighted a rush of cybercriminal sophistication, collaboration and chaotic responses from virtually every major company on the planet.
Ransomware gangs have leaked the stolen data of 2,100 companies so far (BleepingComputer) Since 2019, ransomware gangs have leaked the stolen data for 2,103 companies on dark web data leaks sites.
It's not just Scripps. Ransomware has become rampant during pandemic (San Diego Union-Tribune) Scripps uses equipment known to be a favorite vector for attacks in 2020
Most insurers, banks saw cybercrimes grow during past year (PropertyCasualty360) While the rate of cybercrimes was growing, budgets for IT, fraud and risk departments were cut by more than a quarter.
96% of US users opt out of app tracking in iOS 14.5, analytics find (Ars Technica) Some of the first data on user behavior exceeds advertisers' worst fears.
Marketplace
Calgary-based cybersecurity firm iON boosts reach with acquisition of Wirefire (Calgary Herald) Calgary-based iON United has forged ahead in accelerating the evolution of Canada’s cybersecurity industry with the acquisition of Vancouver, B.C.-based…
Beware the gold rush: The risk of a cyber investment surge (SC Media) Crises begets demand which begets a terrific business opportunity.
Cyber insurers now demanding firms have MFA, says Canadian broker (IT World Canada) Multifactor authentication is increasingly being demanded as a price of cyber insurance, a Vancouver insurance broker says
Leidos wins position on US DIA SITE III contract vehicle (Army Technology) Leidos has secured a position on a multiple-award task order contract supporting intelligence missions from the US Defense Intelligence Agency.
Bishop Fox Appoints Veteran Human Resources Executive as New Vice President of Team People (Bishop Fox) Bishop Fox announces the appointment of MD Porcello as vice president of team people. Porcello brings decades of human resources experience.
Kimber Garrett of Axis Security Featured on CRN’s 2021 Women of the Channel List (Axis Security) Axis Security, the leader in Zero Trust Network Access (ZTNA), today announced that CRN®, a brand of The Channel Company, has named Kimber Garrett, Senior Director of North American Channels and Alliances for Axis Security, to the highly respected Women of the Channel list for 2021.
Semperis Announces Jim Doggett as Chief Information Security Officer, Adding to the Company’s Star-Studded Executive Team (Semperis) We protect the world’s largest and most complex environments from cyberattacks, data breaches, and operational errors. Read our press release "Semperis Announces Jim Doggett as Chief Information Security Officer, Adding to the Company’s Star-Studded Executive Team" to learn more.
Products, Services, and Solutions
CrowdStrike & Google Cloud Extend Strategic Partnership to Deliver Across Hybrid Cloud Environments (CrowdStrike) CrowdStrike & Google Cloud announced product integrations that will deliver customers defense-in-depth security across hybrid cloud environments.
This Android App Promises To Wipe Your Phone If Cops Try To Hack It (Forbes) KoreLogic’s app detects forensic searches by Cellebrite devices used widely by global law enforcement.
Juniper Networks offers path to ease SASE transition (ComputerWeekly.com) New cloud-based portal is designed to help customers transition seamlessly and securely to a secure access service edge architecture by safeguarding users, applications and infrastructure amid network transformation.
WhatsApp backtracks on its threat — won’t deactivate accounts for not accepting new policy (TNW | Plugged) WhatsApp said today that it won’t delete or deactivate your account if you don’t accept its privacy policy that’s rolling out on May 15.
The Facebook-owned chat app had originally introduced the updated privacy policy in January through a p
Fortinet extends security fabric to secure and accelerate 5G (ITP) The Fortinet Security Fabric protects 5G ecosystems, integrates SASE and provides Zero Trust access with the new FortiGate 7121F
SaltDNA Announce Product Series: Feature Focus (SaltDNA) The series will take place on the last Thursday of every month at 3PM UK time.
Technologies, Techniques, and Standards
5 Things We’ve Learned About Multi-Cloud Security (Meritalk) As agencies undertake return-to-the-office planning, most agree work will look different.
Manufacturers Need an Active Cybersecurity Posture | Technology | Manufacturing Global (Manufacturing Global) Manufacturers Need an Active Cybersecurity Posture Article page | Manufacturing Global
How Much Energy Does Bitcoin Actually Consume? (Harvard Business Review) It’s a trickier question than you might think.
Mission resilience: Adapting defense aerospace to evolving cybersecurity challenges (Atlantic Council) While aerospace presents inherently distinct challenges from other spaces, defense organizations could look to the private sector and adapt commercial practices to implement the principles of resilience.
Design and Innovation
Want better AI for the DOD? Stop treating data like currency (C4ISRNET) The Project Maven team lost months of time waiting for partner organizations to release data from archives or grant access to data streams. A former leader on the project proposes another path.
DIU looking for new multifactor authentication tool (Defense News) The Pentagon's Silicon Valley outreach arm has unique cybersecurity needs because of its network infrastructure.
TulsaLabs to Collaborate with GTX Corp to Develop Blockchain Authentication and Security for its NFC Supply Chain Tracking Solutions (GlobeNewswire) TulsaLabs, a division of AppSwarm, Corp. (OTC: SWRM), to develop blockchain solutions around GTX Corp's Near Field Communication (NFC) technology and GPS human and asset tracking platform; (OTC: GTXO) (“GTX” or the “Company”), a pioneer in the field of wearable GPS human and asset tracking systems and a supplier of Health and Safety medical supplies and devices, announces collaboration with “GTX.”
Research and Development
Granholm says cyber R&D is a priority at DOE (FCW) The agency chief said is refocusing the Energy Department's Office of Cybersecurity, Energy Security, and Emergency Response on providing grid operators with threat intelligence and response capabilities.
Academia
Western Sydney University taps Sydney resellers to back Cybersecurity Aid Centre (CRN Australia) Secolve, Emergence, Gridware and DCEncompass named partners.
Legislation, Policy, and Regulation
The Lawless Realm (Foreign Affairs) Governments must take a more concerted approach to taming cyberspace.
China announces new measures to tackle unhealthy content in cyberspace (CGTN) China has launched a new initiative to tackle unhealthy online content and practices, the Cyberspace Administration of China (CAC) announced at a press conference on Saturday.
How the US and EU can counter digital threats together (Atlantic Council) The United States should develop a strong collaborative relationship with the European Union in the digital and information sphere.
The US Needs to Impose Costs on China for Its Economic Warfare (Defense One) The linchpin of a more effective deterrence is developing a more effective way to hurt the Chinese Communist Party if it will not stop hurting the United States.
The SolarWinds hack pokes holes in Defend Forward (Observer Research Foundation) In December 2020, the cybersecurity company FireEye discovered a cyber espionage campaign, compromising dozens of government and private organisations in the US.
Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough? (New York Times) A hack of a major pipeline, the latest evidence of the nation’s vulnerabilities to cyberattacks, prompted questions about whether the administration should go further.
'Jugular' of the U.S. fuel pipeline system shuts down after cyberattack (POLITICO) The infiltration of a major fuel pipeline is "the most significant, successful attack on energy infrastructure we know of."
FMCSA Issues Emergency Declaration to June 8 Due to Pipeline Cyberattack (Transport Topics) The Federal Motor Carrier Safety Administration is providing emergency relief from hour-of-service regulations to motor carriers and drivers assisting operations linked to refined petroleum supply chains in the East Coast in the wake of a cyberattack against Colonial Pipeline.
US passes emergency waiver over fuel pipeline cyber-attack (BBC News) The US acts to keep fuel flowing after its largest pipeline was hit by a ransomware cyber-attack.
Ransomware Attackers Up Ante as White House Vows Crack Down (Bloomberg) Colonial Pipeline latest in a series of brazen cyber-attacks. Cryptocurrency, ‘safe havens’ among obstacles for prevention.
U.S. Federal Agencies Unite to Mitigate Ransomware Menace (MSSP Alert) The U.S. Department of Homeland Security (DHS), the Department of Justice (DOJ) and Congressional members unite in war vs. ransomware attacks.
Cryptocurrency fuels ransomware payments. Without regulation, it could get worse (Banking Dive) The rapid ascent of crypto, like other emerging technologies before it, has far outpaced the federal government's ability to regulate it.
The Cybersecurity 202: Biden's new CISA director will confront a host of complex challenges (Washington Post) The next leader of the nation's top cybersecurity agency will inherit a bevy of crises.
DHS pushes to hire 200 cyber pros (GCN) Department of Homeland Security launched its 60-day workforce sprint with an aggressive campaign to hire 200 cyber personnel by July 1.
Commentary: Supply chain restrictions on China actually hurt American companies (Fortune) Geopolitics is infecting U.S. government thinking on China, supply chains, and semiconductors, writes Huawei USA's security chief.
China expresses concern, regrets India keeping out Huawei, ZTE from 5G trials (ETTelecom.com) China has rebutted strongly to Indian government’s decision to bar Chinese telecom gear vendors from participating in 5G trials, a move which is un..
America Needs Competitive Intelligence (Defense One) Agencies ought to be thinking about how to bring U.S. capabilities to bear on adversaries’ vulnerabilities, in competition as well as in conflict.
US considers boost to security aid for Ukraine, says Blinken (Defense News) Secretary of State Antony Blinken says the U.S. will consider Ukraine’s expected request to buy American missile defense systems and other weaponry in the wake of a Russian military buildup on its border.
Litigation, Investigation, and Law Enforcement
How GRU Sabotage and Assassination Operations in Czechia and Bulgaria Sought to Undermine Ukraine (bellingcat) Data reveals that the 2014 explosions at an arms depot in Czechia were part of a longer-term GRU operation aimed at disrupting arms sales to Ukraine.
Bulletproof hosting admins plead guilty to running cybercrime safe haven (BleepingComputer) Four individuals from Eastern Europe are facing 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entities.
The Covid Crime Indes 2021 (BAE Systems) With 75% of banks and insurers experiencing cyber crime losses due to pandemicrelated crimes, BAE Systems Applied Intelligence looks at how pandemicrelated fraud and cyber crime are delivering a new blow to financial institutions.
Robinhood Data Breach Suit Trimmed, But Still In Play (Law360) Robinhood customers who say their accounts were hacked can pursue some of their claims against the popular stock-trading platform, including allegations that Robinhood maintained lax security measures, a California magistrate judge found.
Menswear Co. Bonobos Tries To Duck Data Breach Suit (Law360) Menswear company Bonobos is trying to shake a proposed class action over a data breach that affected 7 million of its online customers, saying customer phone numbers and emails don't constitute sensitive information.
Group of 44 AGs urge Facebook to abandon 'Instagram Kids' plans (SeekingAlpha) A group of 44 state/territory attorneys general is urging Facebook (FB) CEO Mark Zuckerberg to abandon plans to launch a version of Instagram for children under 13
White House acknowledges mysterious health attacks occurred in US, reviewing intel on incidents (ABC News) Dozens of U.S. officials have been affected, but there's still no known cause.