Dateline Houston, Texas, to Linden, New Jersey: Colonial Pipeline's ransomware incident.
Colonial Pipeline remains offline after ransomware attack (Security Magazine) Colonial Pipeline, which operates the biggest gasoline conduit to the East Coast, said it has no estimate on when it could restart the 5,500-mile pipeline that it shut Friday after a cyberattack. The company took systems offline to contain the threat, temporarily halting all pipeline operations and affecting some IT system. In a statement, the company said the Colonial Pipeline operations team is developing a system restart plan, and while their mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational.
Largest U.S. fuel pipeline remains mostly closed days after cyberattack with no timeline for reopening (CNBC) Colonial Pipeline said it learned Friday that it "was the victim of a cybersecurity attack" and has since shut down 5,500 miles of pipeline.
FBI: Colonial Pipeline was hit with Darkside ransomware (The Record by Recorded Future) The U.S. Federal Bureau of Investigation confirmed on Monday that the attack that shut down one of the country’s largest pipelines over the weekend was caused by Darkside ransomware.
Shedding Light on the DarkSide Ransomware Attack (Security Intelligence) The recent cyber attack on a major U. S. oil pipeline has shed light on the vulnerabilities operational technology networks face today. IBM X-Force takes a look at the evolving ransomware threat.
Hacking collective DarkSide are state-sanctioned pirates (Quartz) The group behind the Colonial Pipeline hack operates in much the same way as the privateers who terrorized the seas in the golden age of piracy in the 17th and 18th centuries.
Cyber Sleuths Blunted Pipeline Hack, Choked Data Flow to Russia (IT Pro) A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyber-attacks against Colonial Pipeline.
Colonial Pipeline Cyberattack: What Security Pros Need to Know (Dark Reading) As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
What we know about the pipeline ransomware attack: How it happened, who is responsible and more (CNN) One of the largest US fuel pipelines remained largely paralyzed Monday after a ransomware cyberattack forced the temporary shutdown of all operations late last week -- an incident that laid bare vulnerabilities in the country's aging energy infrastructure.
Ransomware hit on major U.S. pipeline is work of criminal gang (MSN) DarkSide cultivates a Robin Hood image of stealing from corporations and giving a cut to charity.
Here’s what we know about DarkSide ransomware (Intel471.com) DarkSide ransomware has been thrust into the international spotlight after an incident that shut down a major fuel pipeline in the United States.
US pipeline attackers appear to have bitten off more than they can chew (iTWire) The affiliate of ransomware operator DarkSide, the Windows malware that was used to attack the US Colonial Pipeline Company, appears to have taken on a target that was outside the parameters set down by the operator, judging from a statement made by the operator on its site on the dark web. DarkSide...
Colonial Pipeline shutdown highlights need for better OT cybersecurity practices (CSO Online) Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.
How to hack a pipeline: Colonial attack puts energy cybersecurity in spotlight (Financial Post) 'Once someone gains access to the SCADA network they have access to every device on the network'
Ransomware attack shuts down Colonial Pipeline fuel supply (Malwarebytes Labs) Ransomware has struck a massive blow against the US, taking down its largest fuel supply pipeline at the weekend.
Colonial Pipeline Targets Recovery From Ransomware Attack by End of Week (SecurityWeek) Colonial Pipeline Company hopes to have its massive pipeline back to normal operational service by the end of the week after ransomware attack triggered systems to be take offline.
Who’s Really Behind the Colonial Pipeline Cyberattack? (Intsights) When news of a ransomware attack on a national asset such as an oil pipeline makes the rounds — as it has in the case of the Colonial Pipeline cyberattack — the first conclusion is usually that this was the result of a nation-state attack.
Here's the hacking group responsible for the Colonial Pipeline shutdown (CNBC) DarkSide makes ransomware hacking tools, but only largely goes after for-profit companies from English-speaking countries.
IAITAM: Key U.S. Pipeline “Ransomware” Attack Reflects Weak Infrastructure IT Asset Management, More Hacks Expected (BusinessWire) More high-profile infrastructure attacks are likely to follow the hack of the Colonial Pipeline and a key part of the problem is weak IT Asset Management...
FBI Suspects Criminal Group With Ties to Eastern Europe in Pipeline Hack (Wall Street Journal) DarkSide, a relatively new ransomware organization, says it has no connection to foreign governments.
US fuel pipeline hackers 'didn't mean to create problems' (BBC News) The US has relaxed rules on fuel transport after a ransomware cyber-attack took the pipeline offline.
Darkside Ransomware (Chuong Dong) Malware Analysis Report - Darkside Ransomware
Press Briefing by Press Secretary Jen Psaki, Homeland Security Advisor and Deputy National Security Advisor Dr. Elizabeth Sherwood-Randall, and Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger, May 10, 2021 | The White House (The White House) James S. Brady Press Briefing Room 12:38 P.M. EDT MS. PSAKI: Hi everyone. Happy Monday. Today, we are joined by Homeland Security
Ransomware Attack That Halted US Fuel Pipeline a 'Criminal Act,' Biden Says (Voice of America) A Russia-linked cyberattack targeting the largest U.S. fuel pipeline system is a “criminal act, obviously,” President Joe Biden said Monday.
“The agencies across the government have acted quickly to mitigate any impact on our fuel supply,” the president said at the White House at the start of remarks about his economic agenda.
Biden, responding to a reporter’s question after he concluded his prepared statement about whether there is any evidence of involvement of Russia’s government, replied: “I’m going to be meeting with President (Vladimir) Putin.
Colonial Pipeline ‘ransomware’ attack shows cyber vulnerabilities of U.S. energy grid Operators say service to East Coast could be ‘substantially’ restored by week’s end (Washington Post) Operators say service to East Coast could be ‘substantially’ restored by week’s end
The Cybersecurity 202: An attack on a critical pipeline highlights the need for stronger ransomware policies (Washington Post) Government officials say they have been working around-the-clock to help mitigate the ramifications of a cyber attack on a major U.S. pipeline, which has sparked concerns about a potential fuel shortage.
FBI links cyberattack on a major US fuel pipeline to Russian criminal gang: ‘Security can’t be an afterthought’ (Chicago Tribune) The operator of a major U.S. pipeline hit by a cyberattack said Monday it hopes to have service mostly restored by the end of the week.
North Carolina declares state of emergency over Colonial Pipeline outage (Fox Business) North Carolina Governor Roy Cooper on Monday declared a state of emergency over the temporary outage of the Colonial Pipeline caused by a cybersecurity attack.
Colonial Pipeline Cyberattack Follows Years of Warnings (Breaking Defense) "We are disappointed, though unsurprised, to learn of the cyberattack," Sen. King and Rep. Gallagher said. "We can and must be better... in navigating the threats of the Age of Cyber Aggression."
The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable - why national cyber defense is a 'wicked' problem (The Edwardsville Intelligencer) There are no easy solutions to shoring up U.S. national cyber defenses. Software supply chains and private sector infrastructure companies are vulnerable to hackers.
Biden Says Russia Has ‘Some Responsibility’ in Colonial Attack (Bloomberg) Top cybersecurity official says no advice on paying ransom. Colonial pipeline attack attributed to ‘criminal actor’.
Biden: No evidence Russian government is involved in Colonial ransomware attack (The Record by Recorded Future) At a press conference today, President Joe Biden said the US intelligence community has no evidence that the Russian government had any kind of involvement in the ransomware attack that crippled one of the US' largest fuel supply pipelines last week.
White House, CISA react to pipeline ransomware attack (FCW) Senior administration officials say multiple government agencies are working to distribute information to industry about the ransomware attack that led to the shutdown of a key natural gas pipeline for the East Coast.
White House, Feds Spring to Action Following Colonial Pipeline Ransomware Attack (Meritalk) Numerous Federal agencies are springing into action in response to the ransomware attack on Colonial Pipeline Company, a major supplier of fuel to the northeastern U.S. that temporarily shut down pipeline operations after disclosing the attack on May 7.
Colonial Hack Sets Stage For Pipeline Cybersecurity Push (Law360) A major ransomware attack that has shuttered the largest refined petroleum products pipeline system in the country has the industry on alert over potential liability from future hacks and bracing for new requirements from federal regulators and lawmakers.
Pipeline attack will be 'turning point' for countries including NZ, expert believes (Stuff) Cyber-security expert believes ransomware attack on US will prompt global action.
Energy companies are the firms most likely to pay cyberattack ransoms (Quartz) Companies in the energy sector are more likely than their peers to pay ransoms after a cyberattack.
Will Colonial Pipeline shutdown mean higher gas prices? Here’s what experts say (Mahoning Matters) Colonial Pipeline says it was the “victim of a cybersecurity attack” involving ransomware.
AAA: Pipeline Cyber Attack Will Increase Gas Prices For Massachusetts (Framingham SOURCE) Massachusetts’s average gas price is up six cents from last week ($2.80), averaging $2.86 per gallon. Today’s price is 12 cents higher
Gas prices jump amid cyber-attack on energy giant (WSTM) Gas prices across the country and in Syracuse jump. The average price for a gallon of gas in Syracuse is $2. 94, up from 5 cents last week, according to AAA. As of Monday morning, a cyber-attack has led to the Colonial Pipeline shutting down, according to AAA. The pipeline runs from Texas to New Jersey and supplies about half of the fuel that is used on the East Coast. According to NBC News, cyber intruders inserted ransom-ware inside systems of the energy giant, demanding payment.
FireEye shares jump after pipeline cyberattack (Reuters) Shares in cybersecurity technology provider FireEye Inc were up 4.6% on Monday after top U.S. fuel pipeline operator Colonial Pipeline had to shut its entire network due to a cyber attack on Friday that involved ransomware.
Attacks, Threats, and Vulnerabilities
US and Australia warn of escalating Avaddon ransomware attacks (BleepingComputer) The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide.
Wave of Avaddon ransomware attacks triggers ACSC, FBI warning (The Record by Recorded Future) Cyber-security agencies from Australia and the United States are warning about a wave of attacks carried out with the Avaddon ransomware strain.
2020-003: Ongoing campaign using Avaddon Ransomware (Australian Signals Directorate) The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware.
National security agencies warn of 5G network vulnerabilities, adversary influence (C4ISRNET) The NSA cautions that nation-states could exert
NSA, ODNI and CISA Release 5G Analysis Paper (National Security Agency | Central Security Service) The National Security Agency (NSA), in partnership with the Office of the Director of National Intelligence (ODNI), and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure
Potential Threat Vectors to 5G Infrastructure (National Security Agency | Central Security Service) The fifth-generation (5G) of wireless technology represents a complete transformation of telecommunication networks, introducing a vast array of new connections, capabilities, and services.
Hackers accessed SolarWinds' Office 365 since early 2019 (CRN Australia) Hackers persistently accessed internal systems months before cyberattack.
Lemon Duck Botnet Shifts Tactics in Microsoft Exchange Server Attacks (Decipher) The Lemon Duck cryptocurrency-mining botnet was seen behind a spike of April attacks exploiting the Microsoft Exchange server ProxyLogon flaw.
Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks (ZDNet) Fake TLDs are now also being created to maximize the potential success of attacks.
Malicious Covid Vaccine Message Attacking Android Phones: Cyber Agency (NDTV.com) A fake COVID-19 vaccine registration SMS that "maliciously" gains entry into a users' Android phone leading to compromise of individual contact list is in circulation, the central cyber security agency has alerted.
Cybercriminals luring people with fake vaccine registrations (Hindu Businessline) Dubious apps may steal data from your phone through malicious links
Beware of this smishing trojan impersonating the Chrome app (Pradeo) Pradeo has discovered a mobile attack campaign that uses phishing and infects with malware impersonating the Google Chrome application.
Japanese Power Tool Maker ‘Yamabiko’ Claimed as Victim by Babuk (TechNadu) The Babuk ransomware gang has added ‘Yamabiko Corporation’ in its data leak portal, claiming to have stolen 0.5 TB of sensitive data.
Companies' 5 Million Personal identifiable information records detected on an AWS service due to misconception of users (Check Point Software) Highlights Check Point Research (CPR) identified a trend of user's misconception of service on AWS system manager, resulting in personal records detection
Report: Popular Indian Parenting Brand Exposes 100,000s of Families to Cybercrime (vpnMentor) Led by Noam Rotem, vpnMentor’s research team discovered a data breach belonging to popular Indian parenting and e-commerce brand BabyChakra.
Lightfoot refuses to answer questions on exposed emails, says hackers demanded ransom (Chicago Sun-Times) The mayor on Monday questioned the legitimacy of the leaked emails that are now getting widespread attention and urged the public to be "very, very cautious" before drawing any conclusions.
UC Notice of Data Breach (My TechDecisions) As the University of California (UC) previously disclosed in communications to students, staff and faculty, and retirees in early April, UC experienced a security event with its Accellion file transfer appliance (FTA). This release provides up-to-date information on what happened and what we are doing. What Happened? On December 24, 2020, UC’s Accellion […]
University of Delaware students' bank info compromised after cyberattack (WDEL 101.7FM) Graduating students at the University of Delaware should be celebrating their upcoming commencement, but instead, some have had their credit card information stolen after a cyberattack hit Herff Jones, the
Amazon fake reviews scam revealed in data breach with massive potential (SlashGear) By now, most of us probably suspect that fake reviews on internet shopping sites are a real thing. Whether being offering so-called “free product trials” after buying something or encou…
Security Patches, Mitigations, and Software Updates
UK/US: Patch These 11 Bugs Now to Thwart Russian Spies (Infosecurity Magazine) UK/US: Patch These 11 Bugs Now to Thwart Russian Spies. New report reveals latest SVR tactics
Vulnerability Summary for the Week of May 3, 2021 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Apple’s stronger stance for user privacy works to the advantage of their consumers (Highlander) Apple’s latest iOS 14.5 update aims to give its users full control over allowing which apps can collect and use their personal data. The update promises to force social media platforms and other apps to allow users to choose whether or not they want their information and searches tracked and recorded. This is the latest …
Trends
Why Real Estate Companies Need Better Data Protection (Commercial Observer) Recent legal changes mean it no longer makes good business sense for real estate companies to delay addressing cybersecurity issues.
Survey shows that businesses still unprepared for phishing attacks (Legal Futures) A recent government survey has found that despite phishing attacks remaining the top threat to cybersecurity, most businesses remain ill prepared to tackle the risk.
Cloudflare seeing uptick in cyber incidents as hackers try 'unleashing everything,' CEO says (CNBC) "In the last six months, we've seen a dramatic uptick in attacks against our customers," Cloudflare CEO Matthew Prince told CNBC.
2021 Webroot BrightCloud Threat Report (Redmond Channel Partner) In this report, we’ll break down a broad range of threat activity, offer insights into the trends we’ve observed, discuss wide-reaching impacts across industries, geographies, companies and people, and reveal what our threat experts expect to see in the coming year.
The next frontier of warfare is online (Salon) In “This Is How They Tell Me the World Ends,” Nicole Perlroth explores the global black market for cyberweapons
85% of cyberattacks in the US originate internally (Atlas VPN) Cyberattacks are weapons for criminals to disrupt countries’ cybersecurity and get sensitive or even secret information. As the United States is one of the most influential countries globally, it is a massive target for hackers.
Marketplace
Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent (CyberScoop) When French insurer AXA signaled last week that it would no longer write new cyber-insurance policies covering extortion payouts to criminals, ransomware and cyber insurance experts had two reactions.
Accenture, Forcepoint, Others Make Acquisitions (GovInfo Security) Merger and acquisition activity involving cybersecurity companies continued at a rapid pace in the last two weeks, with Accenture, Forcepoint, OneTrust and the
Arkose Labs Raises $70 Million Led by SoftBank Vision Fund 2 to Bankrupt the Business of Fraud (GlobeNewswire) Wells Fargo Strategic Capital, M12, and PayPal Ventures Also Invest to Support Massive Demand for Arkose Labs’ Fraud Prevention Platfor
secunet acquires stashcat and focuses on secure messaging and video conferencing (Yahoo) Last Friday, secunet Security Networks AG signed an agreement to acquire Hannover-based stashcat GmbH. sashcat(R). More than 1,000,000 users rely on the secure messenger. The solution combines the essential functionalities of communication and collaboration in one tool.
Calgary-based cybersecurity firm iON boosts reach with acquisition of Wirefire (Calgary Herald) Calgary-based iON United has forged ahead in accelerating the evolution of Canada’s cybersecurity industry with the acquisition of Vancouver, B.C.-based…
Huawei CEO tells staff to keep fewer records, write shorter memos (Washington Post) Huawei's founder and CEO, Ren Zhengfei, has ordered staff members to keep records only as long as necessary and write shorter memos, following several crises involving internal documents, including the detention of his daughter.
Semperis Announces Jim Doggett as Chief Information Security Officer, Adding to the Company’s Star-Studded Executive Team (Yahoo) Semperis today announced the appointment of James (Jim) W. Doggett Jr. as chief information security officer (CISO).
Bugcrowd Welcomes New CI&SO & CMO to Amplify Customer Engagement (MarTech Cube) Bugcrowd, the industry-leading crowdsourced cybersecurity platform, today announced the expansion of its executive team with Nick McKenzie joining as Chief
Freshfields Hires Brock Dahl from US National Security Agency (BusinessWire) Freshfields announced today that it has hired technology, data and cyber attorney Brock Dahl as a counsel in Washington, D.C. and Silicon Valley.
Bishop Fox Appoints Veteran Human Resources Executive as New Vice President of Team People (GlobeNewswire) MJ Porcello to Bring Expertise in Building and Retaining High Growth Security Teams from Companies Including BitSight and Arbor Network
Products, Services, and Solutions
Trend Micro Launches First and Only SecOps Solution to Slay Open Source Code Bugs (LinkedIn) A Platform Security Giant Many of you will have seen Trend Micro’s latest announcement with Snyk. We’re delivering a new Open Source Security offering on our Trend Micro Cloud One platform, set to drive tremendous value for customers looking to mitigate DevOps risk and enhance security-developer col
XM Cyber Partners with UAE-based Value-Added Distributor Spire Solutions (PR Newswire) XM Cyber, the multi-award-winning leader in cyberattack path management, today announced that it has signed an agreement with United Arab...
BIO-key introduces palm biometrics with new mobile app (Biometric Update |) PalmPositive also introduces Identity-Bound Biometrics (IBB), a form of identification designed for remote workforces as part of the PortalGuard IDaaS platform.
Fortinet Introduces New Solutions to Protect 5G Environments (Explica) Fortinet has announced the launch of the new FortiGate 7121F Y FortiExtender 511F-5G to secure and accelerate the adoption of 5G.
Palo Alto Networks adds new innovations to Prisma Cloud (iTWire) Palo Alto Networks introduces new capabilities to Prisma Cloud to further protect organisations. Palo Alto Networks says these new capabilities are a testament to its commitment of delivering comprehensive cloud workload protection across hybrid and multi-cloud environments. The new capabilities hel...
Zscaler advances zero trust security for the digital business (IT Brief) Thanks to cloud and mobility, our infrastructure, applications and data are everywhere, and as a result of the growing work-from-home (WFH) phenomenon, users are now more scattered than ever.
Infosim® and MTN Group formalize partnership to ensure network quality and availability with StableNet® (unn | UNITED NEWS NETWORK GmbH) Infosim® GmbH & Co. KG and MTN Group, together with its Operating Company (OpCos) MTN-Nigeria Communications PLC, have announced a...
Cloud Asset Management Software | Certero for Cloud (Certero) Cloud Asset Management Software from Certero covers SaaS, PaaS and IaaS applications such as Salesforce.com, Office 365, G-Suite, AWS, Azure and more.
Technologies, Techniques, and Standards
Why zero trust is having a moment (FCW) Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.
Union fury at 'shocking Covid bonus' phishing test (iTnews) Simulated security exercise backfires.
How To Ensure Your Home Learning Environment Is Cyber Safe (PCMag Australia) As remote learning becomes more common among schools and universities, here’s how you can keep your tech safe.
Design and Innovation
Why Are CAPTCHAs Getting Harder To Crack? (Analytics India Magazine) CAPTCHAs set up barriers only humans should get past and are commonly used on most online platforms.
Academia
Community College Cyber Summit seeks session proposals (University Business Magazine) The three-day 3CS event will feature top speakers, workshops, hackathons, panels and developing technologies.
DePaul ranks second in annual National Collegiate Cyber Defense Competition (The DePaulia) DePaul’s student Cybersecurity team placed second in the 16th annual National Collegiate Cyber Defense Competition (NCCDC), the largest cybersecurity competition in the nation.
Legislation, Policy, and Regulation
Virtual terror: Ransomware attack in the US foregrounds the need to better protect key infrastructure (Times of India Blog) An unauthorised software code has crippled a key channel of oil supply in the east coast of the US. Colonial Pipeline, an energy company, was forced to shut down a 5,500-mile pipeline after the discovery...
Biden Looks for Defense Hotline With China (Foreign Policy) The United States says it’s ready to call China in a crisis. Will Beijing pick up?
Feds Say a Lack of Reporting Poses Barrier to Cyber Defense (GovTech) Federal ransomware-fighting efforts are held back when corporate victims don’t report or accept their help. A U.S. Chamber of Commerce-convened panel examined the concerns that keep SMBs from reaching out.
Though the worst is over, CISA wants agencies on guard after SolarWinds breach (Federal News Network) The Cybersecurity and Infrastructure Security Agency wants to make sure agencies don’t let down their guard on Russian cyber threats.
Biden’s Supply Chain Intentions Depend on Cybersecurity (Supply Chain) President Biden’s supply chain executive order is heavily dependent on the lessons learned by cyber security leaders in recent years but will he take note?
The New EU Approach to the Regulation of Artificial Intelligence (JD Supra) The European Commission (the "Commission") recently published its highly-anticipated communication and proposal for a "Regulation laying down...
Senior cyber official leaves Biden's NSC (POLITICO) Michael Sulmeyer, a senior White House cybersecurity official, has left his position, two people familiar with the matter told POLITICO.
Litigation, Investigation, and Law Enforcement
DHS is gathering intelligence on security threats from social media (NBC News) The goal is to detect the sort of posts that seemed to predict the Jan. 6 Capitol attack but were missed by law enforcement.
Prosecutors recommend 17-year sentence for former Green Beret convicted of spying for Russia (Stars and Stripes) Federal prosecutors are seeking a 17-year prison sentence for a former Green Beret who pleaded guilty last year to providing classified information to Russian military intelligence for over a decade.
Second Circuit ruling clarifies when data breach plaintiffs have adequately pleaded Article III standing (JD Supra) In a thoughtful opinion that diverges from how other circuit courts have addressed the issue, the Second Circuit recently issued a ruling clarifying...
Second Circuit Thwarts Victims of Data Breach (New York Law Journal) In this edition of his Privacy Matters column, Peter Brown discusses a recent decision by the U.S. Court of Appeals for the Second Circuit, which considered when victims of a data breach have standing to file a federal litigation.
What is considered sensitive personal information? (Lexology) Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include…
Chase Wins $20M In Landry's Data Breach Suit (Law360) Landry's must repay $20 million in penalties that Visa and Mastercard levied against JPMorgan Chase Bank NA following a breach of the hospitality company's data, a Texas federal judge has ruled, saying Landry's broke its merchant agreement.