A Review of the Best News of the Week on Cybersecurity Management & Strategy

FBI removes web shells from hacked Microsoft Exchange servers (Help Net Security, Apr 14 2021)
Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access email accounts and place web shells for continued access. Web shells are pieces of code or scripts that enable remote administration.

CISA Details Malware Found on Hacked Exchange Servers (SecurityWeek, Apr 13 2021)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.

More Biden Cybersecurity Nominations (Schneier on Security, Apr 13 2021)
“President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD).

I know them both, and think they’re both good choices.”

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Iran Nuclear Facility Suffers Cyber-Attack (Infosecurity Magazine, Apr 12 2021)
Israeli public media claims Israel was behind a cyber-attack on Iran’s Natanz nuclear complex

Introducing Cloud CISO perspectives (Google Cloud Blog, Apr 12 2021)
“Since I joined Google Cloud as Chief Information Security Officer three short months ago, I’ve seen firsthand the unique point of view we have to improve security for our customers and society at large through the cloud. I started in this new role as the security industry was rattled by a major breach impacting the software supply chain, and I was reminded of one of the reasons I joined Google – the opportunity to push the industry forward in addressing challenging security issues and…”

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security, Apr 16 2021)
“On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.”

To avoid penalties for ransomware payouts, incident response pros press for due diligence (SC Media, Apr 09 2021)
The onus is also on the threat intelligence community, said one IR expert, to practice responsible ransomware attribution, as it can affect companies’ decisions on whether or not to pay.

The CISO Life is Half as Good (Dark Reading, Apr 14 2021)
Lora Vaughn was at a crossroads — and that was before mandated pandemic lockdowns came into play. Here’s her story of how life got sweeter after she stepped away from the CISO job.

330 million people across 10 countries were victims of cybercrime in 2020 (Help Net Security, Apr 14 2021)
Over the past year, 65% of people around the world report spending more time online than ever before, likely a result of the COVID-19 pandemic. As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams.

Remember GDPR? Expect another set of cyber regulations around vulnerabilities (SC Media, Apr 14 2021)
For the first time in its 60-year history, the OECD offered policy guidelines for risk reduction through vulnerability management. Today’s columnists, Rayna Stamboliyska and Tarah Wheeler offer some insights on how the industry will respond.

Nation-State Attacks Force a New Paradigm: Patching as Incident Response (Dark Reading, Apr 15 2021)
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.

Global Attacker Dwell Time Drops to Just 24 Days (Infosecurity Magazine, Apr 15 2021)
Ransomware spike and better threat detection play a part

US takes sweeping action against Russia for years of hacking and election interference (SC Media, Apr 15 2021)
For months, the Biden administration has been hinting that they were preparing a broad response to the Solar Winds breach, years of Russian hacking and election interference schemes. Today, they unveiled a sweeping set of sanctions and other actions against the Russian government, as well as private individuals and a number of Russian tech and defense companies.

DNI’s Annual Threat Assessment (Schneier on Security, Apr 15 2021)
“The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising:

Cyber threats from nation states and their surrogates will remain acute.

How to Create an Incident Response Plan From the Ground Up (Dark Reading, Apr 15 2021)
Security 101: In the wake of an incident, it’s important to cover all your bases — and treat your IR plan as a constantly evolving work in progress.

Mass Monitoring of Remote Workers Drives Shadow IT Risk (Infosecurity Magazine, Apr 16 2021)
Kaspersky study finds employees switching to less secure personal devices

What to do when a bug bounty request sounds more like extortion (SC Media, Apr 15 2021)
Experts advise? Take pack the power by forcing the gray hat researcher into a prisoner’s dilemma.

More Countries Officially Blame Russia for SolarWinds Attack (SecurityWeek, Apr 16 2021)
The United Kingdom, Canada, the European Union and NATO have expressed support for the United States in blaming Russia for the cyberattack on IT management company SolarWinds, which impacted organizations worldwide.

Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy (SecurityWeek, Apr 16 2021)
Google’s Project Zero cybersecurity research unit on Thursday announced that it’s making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw.