A Review of the Best News of the Week on Cybersecurity Management & Strategy
Another SolarWinds Orion Hack (Schneier on Security, Feb 04 2021)
“At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:
Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government…”
More SolarWinds News (Schneier on Security, Feb 03 2021)
“Microsoft analyzed details of the SolarWinds attack:
Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.
Details are in the Microsoft blog:
We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as…”
Trucking Giant Says Ransomware Attack Had $7.5M Impact (SecurityWeek, Feb 04 2021)
In a filing with the Securities and Exchange Commission (SEC) this week, North American trucking and freight transportation logistics giant Forward Air Corporation said a December 2020 ransomware attack had an impact on its fourth quarter financial results.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
FBI Encounters: Reporting an Insider Security Incident to the Feds (Dark Reading:, Jan 29 2021)
Most insider incidents don’t get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality?
How Recruiting Women Can Help Solve Security’s Biggest Problems (Dark Reading:, Feb 02 2021)
We can solve cybersecurity’s longstanding talent gap by bringing more women into the field.
US Needs Comprehensive Policy to Combat China on IP Theft (Dark Reading:, Feb 01 2021)
The United States cannot lose sight of Chinese cyber operations that target intellectual property, a panel of experts says.
US Payroll Agency Targeted in Separate SolarWinds Attack – Report (, Feb 03 2021)
Suspected Chinese attackers exploited since-patched Orion bug
Words of advice for President Biden’s new CISO (SC Media, Feb 03 2021)
Today’s columnist, Steve Durbin of the Information Security Forum, offers advice to Chris DeRusha, the new federal CISO. Durbin says the Biden administration has a great opportunity to work with the broader security community towards fostering security awareness and the need to protect data privacy.
The Drovorub Mystery: Malware NSA Warned About Can’t Be Found (SecurityWeek, Feb 03 2021)
NSA and FBI Released Detailed Information on Drovorub Linux Malware, But Major Cybersecurity Firms Found No Samples
Major trends that are changing the CISO role (Help Net Security, Feb 04 2021)
In a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities, a BT Security survey of over 7000 business leaders, employees and consumers from across the world reveals. With the research also identifying security as the top priority for businesses after coronavirus, CISOs have never been more integral to business operations.
Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts (Krebs on Security, Feb 04 2021)
Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015 (SecurityWeek, Feb 01 2021)
Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.
30% of “SolarWinds hack” victims didn’t actually use SolarWinds (Ars Technica, Jan 29 2021)
“This campaign should not be thought of as the SolarWinds campaign” says DOHS.
Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs (SC Media, Feb 01 2021)
Despite increased perceptions about the value of cyber threat intelligence, many businesses and industries still struggle to define what it actually means to them: which capabilities to incorporate, and how to do the ground level planning necessary to support the telemetry and technological tools they put in place.
Including Hackers in NATO Wargames (Schneier on Security, Jan 29 2021)
“This essay makes the point that actual computer hackers would be a useful addition to NATO wargames:
The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks. Hackers and cyberwar experts would demonstrate how industrial control…”
Security spending will top 40% in most 2021 IT budgets (SC Media, Feb 02 2021)
Some 56% of IT leaders will allocate more than 40% of their IT budgets to cybersecurity in 2021. On top of that, 37% listed “improving cybersecurity protections” as their top IT investment priority for this year, according to a recent Syntax survey of 500 IT decision-makers. Survey respondents said the investment spike was due to…
SOC teams spend nearly a quarter of their day handling suspicious emails (SC Media, Feb 03 2021)
Email investigations take nearly double the amount of time as prevention and response. Time well spent?
Data loss prevention strategies for long-term remote teams (Help Net Security, Feb 05 2021)
Before the recent pandemic, many executives began appreciating the risks and opportunities associated with cybersecurity. A 2019 survey on cybersecurity priorities from Optiv Security found that 96% of CISOs are taking “a more strategic approach to cybersecurity,” and many were even willing to slow business development to account for cybersecurity-related risks. This was great news as the costs and consequences of a data breach continued to grow.
Government Security Supplier Suffers Double Breach (, Feb 05 2021)
French security company warns of customer data and source code theft
Years overdue, the profile of the CISO begins to rise as cyber grabs attention in boardrooms (SC Media, Feb 04 2021)
Recognition of CISOs as critical protectors of company assets and customer trust is expanding. And yet, security executives say true influence often remains elusive.