A Review of the Best News of the Week on Cybersecurity Management & Strategy
Accellion FTA attacks, extortion attempts might be the work of FIN11 (Help Net Security, Feb 23 2021)
Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations. Accellion has also confirmed on Monday that “out of approximately 300 total FTA clients, fewer than 100 were victims of the attack.”
On Chinese-Owned Technology Platforms (Schneier on Security, Feb 25 2021)
“I am a co-author on a report published by the Hoover Institution: “Chinese Technology Platforms Operating in the United States.” From a blog post:
The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is growing, that a large part of…”
Sequoia Capital Suffers Data Breach (Dark Reading, Feb 22 2021)
The attack began with a successful phishing email.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
84% of CNI Orgs Experienced Cyber-Attacks in the Last Year (Infosecurity Magazine, Feb 23 2021)
93% of orgs that experienced attacks admitted at least one was successful
The Problem with Treating Data as a Commodity (Schneier on Security, Feb 26 2021)
“Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.”
From the introduction:
Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not a commodity. It is information. Any system of information rights — whether patents, copyrights, and other intellectual property, or privacy…”
CrowdStrike $400M buy addresses ‘drastically different attack surface’ (SC Media, Feb 19 2021)
The purchase and integration of log management startup Humio is designed to account for the changes that have taken place in IT management over the last decade, particularly the reliance on multiple vendors and cloud services.
South Carolina County Rebuilds Network After Hacking (SecurityWeek, Feb 22 2021)
A South Carolina county continues to rebuild its computer network after what it called a sophisticated hacking attempt.
CVSS as a Framework, Not a Score (Dark Reading, Feb 23 2021)
The venerable system has served us well but is now outdated. Not that it’s time to throw the system away — use it as a framework to measure risk using modern, context-based methods.
Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations (Help Net Security, Feb 23 2021)
After earning his master’s degree in computer science and working on the IT side of the business at a number of large financial services organizations, Bobby Balanchdran observed one interesting thing: the legal department in these organizations had been left out of all the business process re-engineering projects that the rest of the business had undergone.
‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push (SC Media, Feb 22 2021)
Professionals with autism, ADHD and other conditions can bring a different way of thinking to infosec roles, "able to connect dots that we may not be able to connect," said Bank of America’s Craig Froelich in an indepth interview.
Dependency Confusion: Another Supply-Chain Vulnerability (Schneier on Security, Feb 23 2021)
“Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article:
Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.
This app can be offered to the company’s customers or can be used internally at the company as an employee tool.”
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel (Dark Reading, Feb 23 2021)
Also on Krebs’ radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.
Aircraft-Maker Bombardier Breached by Accellion FTA Hackers (Infosecurity Magazine, Feb 24 2021)
Data on customers, employees and suppliers compromised
Ukraine says Russia hacked its document portal and planted malicious files (Ars Technica, Feb 24 2021)
Ukraine says Russia also backed massive DDoS attack using never-before-seen methods.
CrowdStrike Slams Microsoft Over SolarWinds Hack (Infosecurity Magazine, Feb 24 2021)
Tech companies point fingers at customers and one another in SolarWinds Senate hearing
Securing Today’s Networks Requires Consolidation and Collaboration (SecurityWeek, Feb 25 2021)
Security Teams Need the Ability to Launch a Coordinated and Consistent Response to Threats Using a Variety of Tools
North Korea’s Lazarus Group Expands to Stealing Defense Secrets (Dark Reading, Feb 25 2021)
Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
FBI Investigating Michigan School District Hack (Infosecurity Magazine, Feb 26 2021)
Saginaw Township Community Schools targeted in ransomware attack
So far, ransomware attacks way down at schools, hospitals in 2021 (SC Media, Feb 25 2021)
Ramsonware incidents against healthcare and government organizations have been few and far between in 2021, but experts say that could change as the year goes on.
The Race to Find Profits in Securing Email (SecurityWeek, Feb 25 2021)
More than 17 years after Bill Gates’s famous declaration that the spam problem was close to being solved for good, the corporate inbox continues to be a lucrative target for malicious hackers. Now, a wave of well-funded email security startups are emerging to take another stab at securing the entry point for almost all major cyber attacks.