A Review of the Best News of the Week on Cybersecurity Management & Strategy

Kaseya gets master decryptor to help customers still suffering from REvil attack (Ars Technica, Jul 22 2021)
REvil ransomware struck as many as 1,500 networks, but a master key is now available.

NSO Group Hacked (Schneier on Security, Jul 20 2021)
“NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists.

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverage. More coverage.”

Saudi Aramco confirms data leak after $50 million cyber ransom demand (Ars Technica, Jul 22 2021)
World’s largest oil producer says some company files were compromised.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Law Firm Campbell Conroy & O’Neil Discloses Ransomware Attack (SecurityWeek, Jul 19 2021)
Prominent law firm Campbell Conroy & O’Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised.

Biden’s Cybersecurity Team Gets Crowded at the Top (Wired, Jul 17 2021)
It’s a lot of talent, but the US now has five overlapping roles jockeying for limited budgets, authorities, and bureaucratic victories.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack (Dark Reading, Jul 19 2021)
Campbell Conroy & O’Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.

Breaking Down the Threat of Going All-In With Microsoft Security (Dark Reading, Jul 19 2021)
Limit risk by dividing responsibility for infrastructure, tools, and security.

Details Emerge on Iranian Railroad Cyberattack (SecurityWeek, Jul 19 2021)
While the attack may have been to embarrass the incoming president, it could simply have been a reprisal attack in response to continuing Iranian cyberattacks against other countries. In April, Israel accused Iran of using fake social media accounts to lure citizens of the Jewish state abroad “to harm or abduct them”.

The Automation Gap in Biden’s Cybersecurity Order (DefenseOne, Jul 20 2021)
The Biden administration’s cybersecurity executive order contains 37 pages of important new guidelines and requirements that will help protect our networks—but it remains silent on the critical issue of how automated testing must become a key part of that defense.

Second cybersecurity bill may be needed in Ohio to protect against other breaches (Hamilton Journal News, Jul 20 2021)
Second cybersecurity bill may be needed in Ohio to protect against other breaches  Hamilton Journal News

US Accuses China of Using Criminal Hackers in Cyber Espionage Operations (Dark Reading, Jul 19 2021)
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.

U.S. Government Attributes ICS Attacks to Russia, China, Iran (SecurityWeek, Jul 20 2021)
Hacking Operation Sought to Help China Develop Cyberattack Capabilities for Damaging and Disrupting U.S. Pipelines

How China’s Hacking Entered a Reckless New Phase (Wired, Jul 19 2021)
The country’s hackers have gotten far more aggressive since 2015, when the Ministry of State Security largely took over the country’s cyberespionage.

Don’t Wanna Pay Ransom Gangs? Test Your Backups. (Krebs on Security, Jul 19 2021)
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. 

New Cybersecurity Order Issued for US Pipeline Operators (SecurityWeek, Jul 20 2021)
The Department of Homeland Security on Tuesday announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast.

CISA Details Malware Used in Attacks Targeting Pulse Secure Devices (SecurityWeek, Jul 22 2021)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.

Biden to Meet Next Month With Private Sector on Cyber Issues (SecurityWeek, Jul 21 2021)
President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday.

House Passes Several Critical Infrastructure Cybersecurity Bills (SecurityWeek, Jul 23 2021)
The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

Estonian Botnet Operator Pleads Guilty in U.S. Court (SecurityWeek, Jul 23 2021)
An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet.

Akamai Software Update Triggers Internet Outages (SecurityWeek, Jul 22 2021)
Websites were briefly knocked offline Thursday after a software update triggered a glitch at network specialty firm Akamai.

Reports of internet outages from locations around the world spiked at website Downdetector, with US-based Akamai saying some websites were offline for as long as an hour.