The Biden administration is to step up cybersecurity measures after a ransomware attack crippled the biggest oil pipeline on the American east coast.
n executive order is expected within weeks, instructing federal agencies and contractors to plug security gaps that have left them vulnerable to a wave of cyber attacks in recent months.
The latest assault, on the 5,500-mile Colonial Pipeline which provides nearly half the fuel used on the east coast, is thought to have been carried out by DarkSide, a cybercriminal group believed to operate between Russia and Eastern Europe.
It wrought havoc on the company’s computer network, forcing the shutdown of the pipeline, which runs from Texas to New Jersey.
It is feared the attack, one of the most damaging ever reported, could cause a further spike in fuel prices in the US, which have already been increasing in recent months.
Colonial, which normally carries 2.5 million barrels a day, serves consumers…
https://spinsafe.com/wp-content/uploads/2021/05/Joe-Biden...President-Joe-Biden-speaks-about-the-COVID-19-vaccination-program-in-the-State-Dining-Room-of-the-White-House-Tuesday-May-4-2021-in-Washington.-AP-PhotoEva.jpeg7001240SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-05-09 23:00:052021-05-09 23:00:05Biden to step up cybersecurity after hackers hit vital oil pipeline
A Microsoft R&D campus building in Hyderabad, India. (prashanth dara, CC BY-SA 3.0 https://creativecommons.org/licenses/by-sa/3.0, via Wikimedia Commons)
Microsoft is reportedly investigating whether hackers who have been abusing a series of Microsoft Exchange bugs managed to obtain sensitive information about the vulnerabilities after Microsoft privately shared certain details, including proof-of-concept exploit code, with various security partners.
It’s possible that one of these partners accidentally or intentionally leaked details to additional entities, until key details somehow fell into the hands of attackers, according to a report by Wall Street Journal report on Monday. Whether this scenario bears out as true or not, the story leads to a number of interesting questions regarding how companies determine which partners to share sensitive bug info with and which ones to exclude from that intel because the risks outweigh the benefits. Also, if a business partner did leak the critical information, what should be the consequences?
According to experts, mistakes can happen during the information-sharing process.
“Usually, if something goes wrong, it’s either due to human error or because there is a mismatch in expectations over how to handle the information,” said Michael Daniel, president and CEO of the Cyber Threat Alliance (CTA). “For example, one side thinks the information can be shared more broadly within their organization; the other thought it would be restricted to specific individuals.
Sometimes a leak doesn’t even have to result from a direct communication. Curtis Dukes, executive vice president, security best practices, at the Center for Internet Security (CIS), wondered if was possible that a security partner could have responded to the intel too quickly and too overtly, indirectly tipping off observant malicious actors through the “early release of protection measures within their product.”
The four Exchange bugs were first exploited last January, with a second wave of attacks beginning on Feb. 28 and exploding in volume by March. According to sources, adversaries during the second wave leveraged automated…
https://spinsafe.com/wp-content/uploads/2021/03/GettyImages-1207074418-e1615932053194.jpg7681280SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-03-18 00:00:062021-03-18 00:00:06Sharing bug intel is vital, but not without risk
Unless you are living under a rock or inside an Internet-disconnected cave, you’ve undoubtedly heard about the recent cyber-attack encompassing an estimated 18,000 or more U.S. companies and governmental agencies, including notables such as a preponderance of Fortune 500 businesses, most of the top accounting firms, many of the top telecommunications entities, and a wide swath of federal departments such as Homeland Security, Treasury, Commerce, and the military branches.
Some have referred to this sly cybersecurity breach as the most insidious and widespread in history (for my prior coverage about cyber-attacks, see the link here).
It is breathtaking in its scope and devilishly clever in its approach, and as a result, has caught many by utter surprise. On the one hand, it is not particularly a surprise that a massive scaled cyberattack has occurred since cyber protection experts have been warning about these possibilities for years on end. The surprise is that we didn’t know it was underway and that by size alone it presumably should have earlier been somehow detected. An itsy-bitsy cyber-attack might squeak through under the radar, while one that cuts across hundreds or thousands of organizations ought to have been sniffed out by either happenstance or by watchful oversight.
The real twist, some exhort, might be that this is only the tip of the iceberg. Perhaps there are other similar cyber-attacks already underway and we just haven’t ferreted those out as yet. Or new cyber breaches are being devised and for which when they are unleashed will be beyond breathtaking and veer into the full borne calamity and cyber catastrophic sphere.
In brief, here’s how the recent cyber trickery worked.
A tech company called SolarWinds provides networking-related software that is immensely popular and used by thousands upon thousands of companies and governmental agencies. The networking software in this case is known as Orion. To update the Orion software from time-to-time, SolarWinds pushes out various patches that are sent electronically, which then automatically get…
The hackers took measures to hide their tracks, and the cyber-sleuths did not name which state might be behind the campaign.
The IBM team said it was not known why the hackers were trying to penetrate the systems. It suggested the intruders might either want to steal information, glean details about technology or contracts, create confusion and distrust, or to disrupt the vaccine supply chains themselves.
The hackers likely sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the IBM team said.
As there was “no clear path to a cash-out,” as there is a ransomware attack, it increased the likelihood of a state actor, though the IBM sleuths cautioned it was still possible that criminals could be looking for ways to illegally obtain “a hot black-market commodity,” such as an initially scarce vaccine.
The new generation of RNA vaccines, such as the Pfizer product approved for emergency use by Britain on Wednesday, require sub-Antarctic temperatures for storage and transport. But even more traditional vaccines, such as the candidate being tested by Oxford University and its partner AstraZeneca, must be kept refrigerated.
The hackers targeted organizations linked to Gavi, a public-private vaccine alliance that seeks to supply vaccines to poor countries. The alliance works closely with the World Health Organization, donor countries, the global pharmaceutical industry and the Bill and Melinda Gates Foundation.
The cybersecurity agency encouraged all organizations in involved in the Trump administration’s Operation Warp Speed to be especially alert to challenges to their cold chain systems.
In a blog post, which was distributed to cybersecurity agencies, IBM said an intruder impersonated a business executive at Haier Biomedical, a legitimate Chinese company active in vaccine supply chain, which specializes in refrigeration of medical products. The impersonator sent emails to “executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.”
It’s unclear if any of the phishing attempts were successful.
https://spinsafe.com/wp-content/uploads/2020/12/ES4Q2NRVOYI6XDJYNLVBVWZYHE.jpgw1440.webp00SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2020-12-03 11:00:132020-12-03 11:00:13Hackers try to penetrate the vital ‘cold chain’ for coronavirus vaccines, security team reports
