A Review of the Best News of the Week on Cybersecurity Management & Strategy

A Closer Look at the DarkSide Ransomware Gang (Krebs on Security, May 11 2021)
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.

Colonial Pipeline resumes operations after ransomware prompted closure (Ars Technica, May 12 2021)
Closure prompted panic-buying, price hikes, and other disruptions in East Coast states.

New US Executive Order on Cybersecurity (Schneier on Security, May 13 2021)
“President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government.

For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists…”

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Twilio, HashiCorp Among Codecov Supply Chain Hack Victims (SecurityWeek, May 10 2021)
The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets.

Verizon DBIR 2021: “Winners” No Surprise, But All-round Vigilance Essential (Dark Reading, May 13 2021)
Verizon’s Data Breach Investigations Report (DBIR) covers 2020 — a year like no other. Phishing, ransomware, and innovation caused big problems.

Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate (SecurityWeek, May 13 2021)
Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom (Yahoo, May 13 2021)
(Bloomberg) — Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and j

Software, Incident Response Among Big Focus Areas in Biden’s Cybersecurity Executive Order (Dark Reading, May 13 2021)
Overall objectives are good, but EO may be too prescriptive in parts, industry experts say.

President Biden Reveals New Details About Pipeline Hack (VICE, May 13 2021)
Biden says the Russian government was not involved but ‘the criminals who did the attack are living in Russia.’

Troy Hunt: Organizations Make Security Choices Tough for Users (Dark Reading, May 06 2021)
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.

CISO Stories: Part Two (Infosecurity Magazine, May 07 2021)
This is the story of Boris, CISO at an international charity

Why companies need a Chief Product Security Officer (SC Media, May 10 2021)
RSA plans an all-virtual show starting on May 17. Today’s columnist, Kacy Zurkus of the RSA Conference, writes about why companies need to strongly consider a Chief Product Security Officer — a topic that will be covered in one of more than 200 sessions.

SolarWinds hires CISO from within, enabling a quicker security transformation (SC Media, May 06 2021)
Tim Brown’s familiarity with the internal environment and attack investigation potentially means less time to ramp up company’s Secure by Design initiative. But there could be some drawbacks to hiring from within as well.

Newly Unclassified NSA Document on Cryptography in the 1970s (Schneier on Security, May 10 2021)
This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era,” Cryptographic Quarterly, Spring 1996, author still classified.

Teaching Cybersecurity to Children (Schneier on Security, May 07 2021)
“A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity:

The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents or guardians before entering personal information online.”

Tulsa Deals With Aftermath of Ransomware Attack (Dark Reading, May 10 2021)
Weekend attack shuts down several city sites and service.

Alaska Courts Restore Email, Lack Answers on Cyber Attack (SecurityWeek, May 12 2021)
The Alaska court system said Tuesday it had restored email capabilities nearly two weeks after a cybersecurity attack.

Despite Heightened Breach Fears, Incident Response Capabilities Lag (Dark Reading, May 12 2021)
Many organizations remain unprepared to detect, respond, and contain a breach, a new survey shows.

Organizations using Microsoft 365 experience more breaches, with more severe impacts (Help Net Security, May 13 2021)
85% of organizations using Microsoft 365 have suffered email data breaches in the last 12 months, an Egress report reveals. The increased amount of remote work as a result of the pandemic has exacerbated the risk of an email data breach ‑ and the risk is intensified for Microsoft users

Publishing exploits early doesn’t encourage patching or help defense, data shows (SC Media, May 13 2021)
Despite debate in the threat intel community, a new study finds that publishing exploits before patches are available does more harm than good.