Dateline Houston, Texas, to Linden, New Jersey: Colonial Pipeline's ransomware incident.
Colonial Pipeline Shutdown: Is There a Gas Shortage and When Will the Pipeline Be Fixed? (Wall Street Journal) The operator of the Colonial Pipeline said it expected to fully resume operations Thursday following a cyberattack that sparked a rise in gas prices.
Colonial Pipeline Said to Pay Ransom to Hackers Who Caused Shutdown (Wall Street Journal) The operators of the fuel pipeline made the payment to regain control over their computer systems, say people familiar with the matter. The company is now resuming service.
Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers (New York Times) The payment clears the way for gas to begin flowing again, but it risks emboldening other criminal groups to take American companies hostage by seizing control of their computers.
Colonial Pipeline paid nearly $5 million in ransom to hackers (PropertyCasualty360) The news contradicts earlier reports that said the company had no intention of paying an extortion fee to restore operations.
Pipelines’ Silence on Cyber Risk: 3 Mentions in 5 Years of Calls (Bloomberg) Topic flagged three times in five years of company calls. Pipeline investor sees cyber issues gaining greater attention.
Colonial Pipeline attack tip of the infrastructure risk iceberg: DHS cyber chief (Fox Business) DHS cyber chief testified before lawmakers on the Senate Homeland Security Committee Tuesday and warned of possible similar attacks in the future.
Disruptionware VI: Cyber-Attack against Colonial Pipeline Illustrates Continued Vulnerability of American Energy and Infrastructure Targets (JD Supra) Disruptionware attacks have become increasingly more common over the last few months. Just last month, I wrote about a dangerous disruptionware attack...
American Businesses Must Learn to Prevent Cyber-Attacks Now! (Sharewise) Cyber-attacks are a growing threat to America as companies and government entities find themselves vulnerable, even if they think they have systems in place to prevent such occurrences. According
Responding to the Colonial Pipeline Breach & CISA Ransomware Alert (Nozomi Networks) Another development in the ransomware attack on Colonial Pipeline is the release of an alert from the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA). The alert provides some best practices for “preventing business disruption from ransomware attacks.”
OT and IoT Security: Adopt a Post-Breach Mindset Today (Nozomi Networks) It seems like every day we’re reading about cybersecurity breaches and cyberattacks on critical infrastructure around the world. What used to be a once or twice a year occurrence 10 years ago now seems to be the new everyday normal. And, that’s just what we see in terms of what’s being reported. It does not include the attacks that happen and are handled under the radar.
Biden to Bring Up Russian Hackers Issue With Putin (SecurityWeek) President Joe Biden said Thursday that Vladimir Putin was not connected to a Russia-based criminal cyber attack on a huge US fuel pipeline but that he will raise the issue at an expected summit.
Former NSA hacker argues Russian government connected to Colonial Pipeline attack (CNBC) A former NSA hacker argues why he thinks Russian President Vladimir Putin is connected to the cyberattack on Colonial Pipeline.
Biden says Colonial Pipeline hackers based in Russia, but not government-backed (TheHill) President Biden on Thursday confirmed that the cyber criminals involved in launching a ransomware attack that disrupted operations at Colonial Pipeline last week are likely based in Russia, though he said officials do not believe that the Russian
The Cybersecurity 202: Biden says the Russian government was not involved with Colonial Pipeline hack (Washington Post) The issue of whether the U.S. government is doing enough to tackle international cybercriminals moved to center stage this week after the high-profile attack on a major East Coast energy supplier.
US government plans to disrupt hackers behind Colonial Pipeline ransomware, Biden says (CyberScoop) President Joe Biden has plans to disrupt the hackers behind the Colonial Pipeline ransomware incident, just as it resumes service.
Homeland Security Chief Vows Government-wide Response to Colonial Pipeline Cyberattack (Voice of America) The U.S. Department of Homeland Security (DHS) is leading a governmentwide response to the cyberattack that shuttered the largest fuel pipeline in the United States last week, sparking concerns about gasoline shortages.
Cyber soldiers may get more love after hacked Colonial Pipeline (Army Times) The ransomware attack that sparked gasoline shortages along the Eastern Seaboard has senators wondering how the Army secretary can help.
Attacks, Threats, and Vulnerabilities
Palestinians receive threatening texts from Israeli intelligence (TRT World) Many believe the messages are intended to intimidate those near Al Aqsa from engaging in further political action.
APT Group Using Backdoor for Espionage (GovInfo Security) An ongoing advanced persistent threat campaign dubbed "Operation TunnelSnake" has been using a Windows rootkit named Moriya to deploy a passive backdoor
Ransomware groups use Tor-based backdoor for persistent access - Blog (Secure Works) In various incidents, including Darkside and Snatch ransomware operations, threat actors leveraged Tor and Onion Services to create backdoors that gave them ongoing access to compromised networks.
Threat Thursday: SombRAT — Always Leave Yourself a Backdoor (BlackBerry) The BlackBerry Research and Intelligence Team have been monitoring the threat group CostaRicto for the last two years. The latest campaigns are financially motivated ransomware attacks, and feature improvements to the backdoor, better obfuscation, and the ability to exfiltrate data prior to deploying ransomware.
U.S. pipeline hackers claim responsibility for Toshiba data breach (Nippon.com) A group of Russian hackers blamed for the shutdown of a major U.S. fuel pipeline posted a statement online Fri…
Chemical distributor pays $4.4 million to DarkSide ransomware (BleepingComputer) Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.
Ransomware functions as a well-organised ecosystem: Kaspersky claim (iTWire) The process of staging a ransomware attack is much more complex than portrayed, with a number of actors involved, the global security company Kaspersky claims in a detailed blog post about how a typical attack chain is organised. The post was written on Anti-Ransomware Day aiming to demolish some my...
Popular hacking forum bans ransomware ads (The Record by Recorded Future) One of the most popular hacking forums on the internet today announced that it would ban ransomware ads.
The Business of Fraud: Drops and Mules (Recorded Future) Mules, individuals who transfer money or goods on the behalf of others, are a crucial component to the success of financial crimes.
Rapid7’s Response to Codecov Incident (Rapid7) On April 15, 2021, Codecov, a provider of code coverage solutions, announced a supply chain incident in which a malicious party gained access to Codecov’s Bash Uploader script and modified it, enabling the attacker to export data stored in environment variables on Codecov customers’ continuous integration (CI) systems to an attacker-controlled server.
Rapid7 Source Code Exposed in Codecov Supply Chain Attack (SecurityWeek) Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach.
Rapid7 Source Code Breached in Codecov Supply-Chain Attack (The Hacker News) Cybersecurity company Rapid7 Source Code Breached in Codecov Supply-Chain Attack
Security firm Rapid7 says Codecov hackers accessed some of its source code (The Record by Recorded Future) Boston-based security firm Rapid7 disclosed today that a threat actor accessed some of its source code after a hack at software supplier Codecov earlier this year.
Beware fake online trading apps, on iOS as well as Android (Naked Security) All that glisters is not gold/Often have you heard that told/Gilded tombs do worms enfold
Irish health system hit by 'significant' ransomware attack (The Record by Recorded Future) Ireland's national health service, the Health Service Executive (HSE), temporarily shut down its IT systems today after suffering a ransomware attack overnight.
Irish health service hit by ‘very sophisticated’ ransomware attack (Reuters) Ireland's health service operator shut down all its IT systems on Friday to protect it from a "significant" ransomware attack, crippling diagnostic services and forcing hospitals to cancel many appointments.
Amazon Imposter Robocalls Reaching 150 Million Per Month (PR Newswire) YouMail issued a new robocall threat advisory today warning that Americans are consistently receiving between 100 million and 150 million...
Gamers beware! Crooks take advantage of MSI download outage… (Naked Security) Vendor’s site offline? Can’t wait for your download? Tempted to go trawling through the underweb to find an “unofficial” version?
Security Patches, Mitigations, and Software Updates
Publishing Exploits Does More Harm Than Good, Kenna Security Research Finds (GlobeNewswire) Disclosure of Exploit Code Before Patch Availability Gives Threat Actors A Massive Head Start
OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Unified Automation GmbH
Equipment: .NET applications
Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker to read any file on the file system.
OPC Foundation UA Products Built with .NET Framework (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: OPC Foundation
Equipment: OPC UA Servers
Vulnerability: Uncontrolled Recursion
2. RISK EVALUATION
Successful exploitation of this vulnerability could trigger a stack overflow.
Johnson Controls Sensormatic Tyco AI (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.0
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls
Equipment: Tyco AI
Vulnerability: Off-by-one Error
2. RISK EVALUATION
Under specific circumstances, a local attacker could use this vulnerability to obtain super-user access to the underlying openSUSE Linux operating system.
Rockwell Automation Connected Components Workbench (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: Connected Components Workbench
Vulnerabilities: Deserialization of Untrusted Data, Path Traversal, Improper Input Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution, authentication bypass, or privilege escalation.
Trends
Press Release: 81% of developers admit to releasing vulnerable apps (Immersive Labs) 13 May 2021: Immersive Labs today released a report with Osterman Research outlining the human factors preventing secure application development.
Imperfect People, Vulnerable Applications (Immersive Labs & Osterman) 81% of developers have knowingly released vulnerable applications. In our latest study, we've researched the human elements of cyber risk in the SDLC.
Millennials and Gen Zers are most likely to fall for phishing emails, study finds (Atlas VPN) There is a common misconception that older people, who tend to have less experience with new technologies, are easier to scam online. However, recent data findings suggest that just the opposite is true.
The Average Annual Cost of Cyber Attacks for a US Small Business is $25k Reveals Hiscox Cyber Readiness Report 2021 | Hiscoxicon-facebookicon-youtubeicon-twittericon-linkedin (Hiscox) New York, NY – May 13, 2021 – Hiscox, the international specialist insurer, reveals that in the past 12 months, 23% of small businesses suffered at least one cyber attack, with an average annual financial cost of $25k. Although small businesses quickly adapted to remote working, it has left many feeling more vulnerable to cyber attacks.
How Criminals Abuse Common Security Tools – and Use Them Against You (CSO Online) By utilizing legitimate programs and tools, criminals can hide in plain sight on the network, causing significant damage
The Biggest Cybersecurity Threats for Rental Business Owners (For Construction Pros) There has never been a better time to make sure that your rental business’ data and cybersecurity practices are up-to-date and running efficiently. The first step is learning about the threats like phishing, insider threats, and more.
Preventing Dark Web-Enabled Fraud (PYMNTS) This Deep Dive explores how stolen credentials wind up for sale on dark web marketplaces and why they can be so dangerous in the wrong hands.
Cloud-Based Threats Cost Financial Services Companies an Estimated $4.2 Million (AiThority) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today unveils new research into how the COVID-19 shutdowns challenged
Marketplace
HelpSystems Acquires Agari to Grow Data Security Portfolio (HelpSystems) Leading email phishing defense solution helps companies stop advanced email attacks
Cisco to buy Santa Clara cybersecurity startup Kenna Security (Silicon Valley Business Journal) The Santa Clara-based risk prediction software business was valued at about $320 million when it last raised funds two years ago.
NetSPI raises $90M to fuel innovation, growth, global expansion and product innovation (Help Net Security) NetSPI announced it has raised $90 million in growth funding led by KKR, with participation from Ten Eleven Ventures.
Fidelis Cybersecurity Acquires Cloud Security Pioneer (Fidelis Cybersecurity) Fidelis Cybersecurity Acquires Cloud Security and Compliance Pioneer CloudPassage to Enhance Company’s Active XDR Platform
Cryptosense Raises $4.8M to Accelerate its Cryptography Lifecycle Management Software (PR Newswire) Cryptosense, a cryptography lifecycle management platform, today announced a $4.8 million funding round led by Amadeus Capital Partners with...
Data governance and security startup Cyral raises $26M (VentureBeat) Cyral, a data governance and security platform for enterprise customers, raised $26 million in venture capital.
Jamf acquires Wandera for $400M to bump up security on Apple enterprise management (Geektime) The American software company helps enterprises manage fleets of Apple devices, and now with an upgraded cybersecurity system to back it up
Code-scanning platform BluBracket nabs $12M for enterprise security (VentureBeat) BluBracket, a platform that scans app code for security and integrity issues, has raised $12 million in venture capital.
Cryptosense Raises $4.8 Million to Accelerate Its CLM Software (AiThority) Cryptosense, a CLM platform, announced a $4.8m funding round led by Amadeus Capital Partners with participation from BGV and Elaia Partners.
Telos Corporation Awarded $35 Million U.S. Army Contract for Systems on Korean Peninsula (Telos Corporation) Cybersecurity leader to provide support of Yongsan Relocation Plan and Land Partnership Plan ASHBURN, Va. , May 13, 2021 (GLOBE NEWSWIRE) -- Telos ® Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations,
Biden's big cybersecurity executive order will be a windfall for both massive firms like CrowdStrike and niche startups like Dragos, experts say (Business Insider) The winners in Biden's cybersecurity order will be big cloud-security companies and niche startups, which may become acquisition targets, experts say.
Forbes Names Socure One of America’s Best Startup Employers Two Years in a Row (BusinessWire) Socure, the leading provider of digital identity trust and verification solutions, today announced Forbes has named the company as one of America’s Be
Former CIA Cyber Officer & U.S. Government Security Expert Joins Sontiq® as Chief Technology Officer (BusinessWire) Sontiq welcomes Jeremy Haas as chief technology officer (CTO). Haas will lead the company’s technology strategy and Innovation Office.
Imperva Hires Infor Atty As Data Privacy Officer, Deputy GC (Law360) Imperva Inc. announced Thursday that it has hired Kate Barecchia as its global data privacy officer and deputy general counsel.
Products, Services, and Solutions
New infosec products of the week: May 14, 2021 (Help Net Security) The featured releases this week are from the following vendors: BIO-key, LoginID, Exabeam, CybelAngel, Auth0 and Elevate Security.
Siemens Energy Collaborates with ServiceNow to Enable Precision Defense Against Cyber Threats Targeting the Energy Industry (Siemens Energy) Siemens Energy’s monitoring and detection industrial IOT security platform and ServiceNow’s cross-enterprise digital ...
Swimlane and Elastic Partner to Deliver an Extensible Framework for Security Operations Teams (My TechDecisions) Deepening integrations provide joint customers with the ability to address modern threats and improve overall cybersecurity posture
RangeForce Community SOC Challenge Puts Security Pros’ Skills to the Test - My TechDecisions (My TechDecisions) Free Competition Features Three Hands-On Scenarios in Real-World Cyber Range
Jumio’s Automation Surpasses 1 Mn Verifications Per Day as Company (MarTech Series) Jumio, the leading provider of AI-powered end-to-end identity verification and eKYC solutions, today announced it is now processing more than one million daily identity verifications, the vast majority of which are completely automated. By consistently setting new records, Jumio has already cleared over 100 million
Code42 Incydr Bolsters Insider Risk Indicators with Actionable Prioritization of Data Exfiltration Events (BusinessWire) Code42 has enhanced its Incydr product with a prioritized view of the highest-risk data exposure events happening across organizations.
CMMC Accreditation Body Appoints Melanie Kyle Gingrich as First Vice President for Training and Development (BusinessWire) The CMMC Accreditation Body (CMMC-AB) today announced the selection of Melanie Kyle Gingrich as the CMMC-AB’s first vice president for training and de
Announcing New Integrations to Secure Products Throughout the Software Development Lifecycle (VDOO) Vdoo now offers integrations for Jenkins, GitHub, GitLab, JFrog Pipelines and Azure Pipelines.
XM Cyber Partners with Germany-based Value-Added Distributor ICOS to Address the DACH Region Market (PR Newswire) XM Cyber, the multi-award-winning leader in cyberattack path management, today announced that it has signed an agreement with Germany-based...
IronNet and Dragos join forces to help secure critical infrastructure (Help Net Security) IronNet Cybersecurity and Dragos announced joint initiative to provide integrated cybersecurity protection for critical infrastructure.
ThycoticCentrify Strengthens Security and Compliance in DevOps with Advanced Reporting (PR Newswire) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders...
Thales expands SafeNet Trusted Access solution to offer customers full access management protection - Help Net Security (Help Net Security) Thales expands its SafeNet Trusted Access solution, offering customers full access management protection across all applications or services.
Technologies, Techniques, and Standards
Four key ways to limit cyberattacks on critical infrastructure (Smart Energy International) As the energy sector records an increase in cyberattacks on grid networks, how can the resilience of critical infrastructure be ensured?
Dell draws line between cyber recovery and disaster recovery (SearchDisasterRecovery) In a presentation about Dell Cyber Recovery, an expert laid out the additional tools needed to successfully recover from a cyber attack versus a natural disaster.
5 cybersecurity lessons from the SolarWinds breach (SearchSecurity) Cybersecurity experts offered practical cybersecurity lessons learned from the SolarWinds breach to defend against ongoing supply chain attacks. Something as seemingly simple as being able to access logs can help thwart an attack. Read on to learn about this and more.
UK government releases free cyber-threat warning tool at annual CyberUK conference (The Daily Swig) Announcement comes as GCHQ boss emphasizes need to confront Russia and China on cybersecurity
Design and Innovation
It’s time for Cyber Quest 2022 | Intelligence Community News (Intelligence Community News) On May 12, the U.S. Army posted submission information for Cyber Quest 2022. White papers are due by June 15.
Beyond MFA: Rethinking the Authentication Key (Threatpost) Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.
Academia
Senator Proposes Cyber 'Academy' to Attract More to National Service (Military.com) Sen. Kirsten Gillibrand, D-N.Y., floated the idea of a "national cyber school" that would educate students for jobs across the federal government.
Legislation, Policy, and Regulation
The 5×5—How retaliation shapes cyber conflict (Atlantic Council) Imposing costs in the physical domain has been studied, but what does retaliation look like in cyberspace?
Software Industry Awaits Details on Biden’s Order to Report Hacks (Wall Street Journal) The obligations represent a shift for the private sector, which has resisted such requirements for fear of financial and reputational damage resulting from the release of sensitive information about breaches.
Agencies on the clock to fix long-standing cyber challenges (Federal News Network) President Joe Biden mandated dozens of new steps to address long-standing cybersecurity challenges in a new executive order signed Wednesday.
Cybersecurity executive order or fire drill? (Federal News Network) At 8,000-plus words, this executive order is as much a term paper as it is a call to action.
Former CISA chief says Biden order on cybersecurity is "dramatic game change" (CBS News) Christopher Krebs spoke with CBS News chief Washington correspondent Major Garrett for this week's episode of "The Takeout" podcast.
CompTIA Supports Executive Order to Strengthen Nation's Cybersecurity (CompTIA) CompTIA, the nonprofit association for the information technology (IT) industry and workforce, released the following statement from MJ Shoer, Senior Vice President and Executive Director of the association’s Information Sharing and Analysis Organization (ISAO), regarding the Cybersecurity Executive Order announced by President Joseph Biden.
Hacks Drive Growing Calls For Mandatory Cyber Data Sharing (Breaking Defense) The cyber executive order "properly emphasizes" information sharing. Sens. Peters and Portman float updating FISMA. FERC calls for mandatory pipeline cyber standards. Report says vulnerable Exchange Server "most likely culprit" at Colonial. FireEye details DarkSide's business, ops.
NIST Cybersecurity and Privacy International Engagement Updates (NIST) A lot has changed for all of us over the last year as the result of the pandemic.
Florida’s Proposed Big Tech Bills Could Level the Social Media Playing Field | Daily Business Review (Daily Business Review) The proposed law will fine tech companies if they de-platform a candidate for elected office during an election.
Army’s Cybersecurity ‘Greatly Concerns’ Wormuth After Pipeline Attack (Defense One) Biden’s SecArmy nominee told the Senate she’d fight deep troop cuts and support long-range fires and new measures against sexual crimes and extremism, if confirmed.
Litigation, Investigation, and Law Enforcement
Facebook Faces Irish Ruling on Suspension of EU-U.S. Data Flows (Wall Street Journal) The social-media company and other tech giants are awaiting an Irish ruling that could help determine whether, and how quickly, they have to suspend the flow of data about European Union residents to the U.S.
Pentagon Surveilling Americans Without a Warrant, Senator Reveals (Vice) A letter obtained by Motherboard discusses internet browsing, location, and other forms of data.
Facebook Loses Bid to Block Ruling on EU-U.S. Data Flows (Wall Street Journal) The social-media company lost a bid to block a European Union privacy decision that could suspend its ability to send data about Europeans to computer servers in the U.S., opening a pathway toward a precedent-setting interruption of its data flows.
Secret Service lending a hand in nabbing COVID relief fraudsters (Federal News Network) In today’s Federal Newscast, the Secret Service is wielding its investigative powers to take on COVID related financial fraud.
Warning for UK businesses after Dutch GDPR fine (Pinsent Masons) A recent penalty imposed by the Dutch data protection authority should spur UK businesses to urgently review whether they need to appoint an EU-based data protection representative to continue servicing EU-based consumers in compliance with the General Data Protection Regulation (GDPR), an expert has said.
Fruit Co. Can't Get Coverage For $1.4M Email Scam Loss (Law360) A Pennsylvania federal judge freed Selective Insurance Co. on Thursday from having to cover a fruit distributor's over $1.4 million loss from fraudulent wire transfers, saying the policy only covers fraud on checks and banknotes but not emails or wire authorization forms.