A Review of the Best News of the Week on Cybersecurity Management & Strategy
How REvil Ransomware Took Out Thousands of Business at Once (Wired, Jul 04 2021)
More details have come to light as to how the notorious hacking group pulled off its unprecedented attack.
Cyber attack against U.S. IT provider forces Swedish chain to close 800 stores (Reuters, Jul 04 2021)
The Swedish Coop grocery store chain closed all its 800 stores on Saturday after a ransomware attack on an American IT provider left it unable to operate its cash registers.
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software (Krebs on Security, Jul 08 2021)
Last week cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Feds file new charges against Amazon employee that leveraged server access to hack Capital One (SC Media, Jul 01 2021)
The Amazon employee used knowledge she gained working at the company, along with scripts, to scan Amazon Web Service servers for misconfigured web application firewalls.
Director of Cybersecurity at NSA Gets Dedicated Twitter Account (SecurityWeek, Jul 02 2021)
Rob Joyce, the director of cybersecurity at the National Security Agency (NSA), on Thursday announced that his role now has an official Twitter account.
REvil Group Demands $70 Million for ‘Universal Decryptor’ (Infosecurity Magazine, Jul 06 2021)
Researchers have detected 5000 attack attempts since July 2
Combating China’s Insider Threat: Can New Laws Curb IP Theft by Foreign Spies? (SecurityWeek, Jul 06 2021)
Theft of U.S. IP is a fundamental part of China’s stated intention to be the world leader in science and technology by 2050
Kremlin Hackers Reportedly Breached Republican National Committee (Infosecurity Magazine, Jul 07 2021)
Attempted holiday weekend raid came via third-party provider
‘A uniquely bad idea’? Senators propose hack back study, but most experts’ minds are made up (SC Media, Jul 06 2021)
While lawmakers behind a new bipartisan bill argue that the use of offensive hacking could be a powerful deterrent, security experts worry that such reactionary legislation might do even more harm.
Details of the REvil Ransomware Attack (Schneier on Security, Jul 08 2021)
ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details:
This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network. After writing a base-64-encoded payload to a file named agent.crt the dropper executed it.
Morgan Stanley Discloses Data Breach (Dark Reading, Jul 08 2021)
Attackers were able to compromise customers’ personal data by targeting the Accellion FTA server of a third-party vendor.
Cyber insurance failing to live up to expectations (Help Net Security, Jul 05 2021)
A RUSI paper finds that the contribution of the insurance sector to improving cyber security practice is ‘more limited than policymakers and businesses might hope’, and recommends government and industry action. Key findings To date, cyber insurance has failed to live up to expectations that it may act as a tool for improving organizations’ cyber security practices. However, insurers are increasingly providing cyber security services that could address this.
Japan Looks to Boost Military Cyber Experts Amid Security Threat (Infosecurity Magazine, Jul 06 2021)
China and Russia blamed for increasingly hostile activity
US Spy Agencies Investigate Kaseya Supply Chain Attack (Infosecurity Magazine, Jul 05 2021)
Zero-day bug thought to have compromised MSP software provider
British Airways Settles Class Action Over 2018 Data Breach (SecurityWeek, Jul 06 2021)
British Airways has settled a class action brought by individuals impacted by the data breach suffered by the company in 2018, but terms of the settlement have been kept private.
Stop betting on detection-based security technology (SC Media, Jul 07 2021)
Today’s columnist, Aviv Grafi of Votiro, says companies need stronger, more proactive tools, and must give CISOs a seat at the table –or else we’ll have more major attacks like the ones on SolarWinds, Microsoft Exchange, Colonial Pipeline, and now Kaseya.
Rural Alabama Electric Cooperative Hit by Ransomware Attack (SecurityWeek, Jul 07 2021)
A utility that provides power in rural southeastern Alabama was hit by a ransomware attack that meant customers temporarily can’t access their account information, but an executive said Tuesday that systems were beginning to be brought back online.
Most disaster recovery solutions are not tested on a regular basis (Help Net Security, Jul 08 2021)
As organizations work diligently to support evolving business needs, while at the same time battling cybercrime and other threats to critical data, the majority of disaster recovery solutions are not tested on a regular basis, according to iland. More importantly, as the IT estate changes over time, the survey indicated most disaster recovery solutions would not meet recovery objectives.
CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game (Infosecurity Magazine, Jul 08 2021)
Report finds 92% of UK organizations suffered a successful attack last year
In video address, exhausted Kaseya CEO announces relaunch dates (SC Media, Jul 08 2021)
Kaseya CEO Fred Voccola said the company was confident in the July 11 date to relaunch VSA SaaS and on-premises services.