White House gets tough with new National Cyber Strategy
The White House brought forth its National Cybersecurity Strategy yesterday, laying out a broad-scale design for improving national digital security. The plan is built on five key points pillars:
- Minimum cybersecurity requirements for critical infrastructure
- Offensive cyber actions against hackers and nation states
- Shifting liability onto software manufacturers
- Diversifying and expanding the cyber workforce
- Continuing to build international partnerships.
As we reported on Monday, the strategy places greater responsibility on larger organizations, and stresses robust collaboration, particularly between the public and private sectors.
CISA releases ‘Decider’ tool to help with MITRE ATT&CK mapping
Decider is an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports. CISA recently published a guide on MITRE ATT&CK mapping, highlighting the importance of using the common standard, and the Decider was developed in partnership with the Homeland Security Systems Engineering and Development Institute and MITRE. It has been made available for free via CISA’s GitHub repository.
British retail chain WH Smith says data stolen in cyberattack
The data breach exposed information belonging to current and former employees of the company which operates 1,700 locations across the United Kingdom and employs over 12,500 people. The company states that the attack did not impact its trading business and customer data was not affected since it is stored on separate systems that remained safe from unauthorized access. There are no further details about the date of the attack, but experts surmise that it happened January 18.
Canadian book retailer says employee data was stolen during ransomware attack
In a parallel story, Canadian bookstore chain Indigo, which had stated that no customer data was stolen last month during a ransomware attack that also took down its website, now says that employee data was involved in the attack. “The Toronto-based company did not respond to requests for comment about how many people were affected.” The LockBit cybercrime gang has claimed responsibility for the attack on Tuesday.
Thanks to this week’s episode sponsor, Conveyor
Washington state public bus system confirms ransomware attack
Pierce Transit provides bus, van, and carpool services to the city of Tacoma and the surrounding Pierce County area. Representative have stated that the ransomware attack started on February 14 and forced temporary workarounds to be put in place. The transit system serves about 18,000 people each day. According to The Record, “the LockBit ransomware group took credit for the attack and had demanded a ransom by February 28. The Pierce Transit spokesperson said the agency was aware that the deadline had passed.”
SysUpdate malware strikes again with Linux version and new evasion tactics
A threat actor named Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, which is enabling it to target devices running the operating system. This artifact dates back to July 2022, with the malware “incorporating new features designed to evade security software and resist reverse engineering.” Trend Micro said it observed the equivalent Windows variant in June 2022, nearly a month after the command-and-control (C2) infrastructure was set up. “Lucky Mouse is also tracked under the monikers APT27, Bronze Union, Emissary Panda, and Iron Tiger, and is known to utilize a variety of malware such as SysUpdate, HyperBro, PlugX, and a Linux backdoor dubbed rshell.”
Power grid program receives $48 million in funding from Department of Energy
The program is intended to help modernize grid infrastructure across the country for improved efficiency. The goals are greater resistance against extreme weather events, such as the winter storm that hit Texas in 2021. Also enabling utilities to “more effectively control grid power flow to avoid disturbances, and quickly isolate and route around disruptions.” With possibly the most ambitiously awkward acronym of all time, the Unlocking Lasting Transformative Resiliency Advances by Faster Actuation of power Semiconductor Technologies” (ULTRAFAST) program will support the infrastructure development.
Australian woman arrested for email bombing a government office
The Australian Federal Police (AFP) have arrested a woman in a suburb of Sydney, for “allegedly email bombing the office of a Federal Member of Parliament.” She is accused of sending more than 32,000 emails to the MP’s office over 24 hours, “preventing employees from using the IT systems and the public from contacting the office.” The AFP does not elaborate on the method used, although they do say state that the attack used multiple domains when sending the emails. This likely means that she used an “email bombing” service accessed through the dark web to essentially DDoS the MP’s email servers.