SolarWinds Orion carrying malware
The company said updates to its IT management platform between March and June may have carried malware as a result of a sophisticated nation-state supply-chain attack. SolarWinds says Microsoft notified it of a compromise to SolarWinds’ Office 365 accounts and is investigating.
SolarWinds called for all Orion customers to update to its latest version immediately and plans an additional patch for today. SolarWinds has 300,000 customers worldwide including most of the Fortune 500 companies in the US, Lockheed Martin, Booz allen Hamilton, PricewaterhouseCoopers, the Federal Reserve, the Defense Department, the state department, the US secret service, the NSA. 33,000 of those customers use the Orion Platform and SolarWinds believes 18,000 of them installed the malware-infected versions
FireEye announced that the intrusion in its network reported last week, was caused by the SolarWinds breach. FireEye calls the malware SUNBURST while Microsoft has dubbed it Solorigate.
(ZDNet)
Multiple US agencies impacted by SolarWinds supply-chain attack
This attack used the same SolarWinds supply-chain attack that impacted FireEye. The US Commerce Department confirmed a breach of its systems, with the White House National Security Council confirming it was investigating another potential breach at the Treasury. This attack was first reported by Reuters, and involved Russian-backed hackers monitoring the department’s email systems. CISA issued an emergency directive for all agencies to stop using impacted versions of SolarWinds Orion platform.
(Reuters)
New EU data use legislation could lead to big tech fines
Bloomberg saw a draft of the EU’s Digital Markets Act, which places new rules on data usage by so-called “gatekeeper” companies. As written, the act bans using any data from business users to compete with them or from treating a company’s own services more favorably in rankings. Companies will be considered in systemic non-compliance if they are fined three times within five years, which would open the door for the European Commission to order behavioral and structural changes. The draft currently allows for fines of up to 10% of annual revenue. The designation of who falls under a gatekeeper company would be updated every two years. These draft rules would need to be formally proposed by the European Commission, then voted on by the European Parliament and the Council of European member states before becoming law.
Google hit with massive service outage
The outage impacted users worldwide, disrupting access to services like Gmail, YouTube, Google Drive, Google Maps, and Google Calendar on December 13th. During the outage, YouTube showed a server (503) error message. The outage was resolved by 9am easter time, lasting a little over two hours. According to Google’s support page, the disruption was caused by an authentication system outage from a internal storage quota issue.
Thanks to our episode sponsor, ReversingLabs
US FTC launches privacy investigation into tech platforms
The agency announced that it ordered Amazon, ByteDance, Discord, Facebook and its subsidiary WhatsApp, Reddit, Snap, Twitter and YouTube to disclose how they each collect and use data from users, how they choose which ads to display, and what personal information is used in ad selection. The platforms have 45 days to respond. The FTC used its authority under Section 6(b) of the FTC Act to compel responses, which give the agency the power to pursue broad studies separate from law enforcement.
(CNBC)
Data leak exposes info on millions of CPC members
Information on over two million members of the Communist Party of China was originally extracted from a Shanghai server in 2016 by Chinese dissidents and reported on by the newspaper ‘The Australian.’ Party data in the leak includes party position, birthdate, national ID number and ethnicity, showing that party members hold prominent positions at large pharmaceutical and financial institutions, as well as serving as senior political and government affairs specialists in at least 10 consulates. There is no evidence in the leak that the party members have committed any acts of espionage in these roles.
Israel’s supply chain targeted in cyberattack
A cyberattack against Amital Data, an Israeli software solutions firm specializing in logistics companies, resulted in large scale cyberattacks against many of its clients. Sources tell Calcalist that at least 40 Amital clients were hacked as a result, which could result in logistical disruptions on commodities and provide intelligence for state-based actors. There were also 15-20 further attacks on logistics companies not related to Amital Data from the same group. It’s unclear who is behind the attack, although Amital said it has resolved its security issues internally. Check Point’s Threat Intelligence Manager Lotem Finkelstein said that from July through September, cyberattacks against Israeli organizations increased 74%.
Dwell time is the new metric to watch in ransomware
David Smith makes the case for this in a new column for Security Magazine. While reports of ransomware attacks often focus on how intruders used phishing or other means to gain access, the amount of time that an attacker has access to a network before acting is often underappreciated, if not unreported. This is becoming increasingly important to understand, as ransomware attacks have shifted from simple extortion to decrypt data into more typical double-extortion schemes which ask for another ransom not to leak stolen files. Smith suggests that security teams adopt an approach that their networks are already compromised, implement a zero-trust framework, and correlate network intelligence to see what information is leaving your network.
(Security Magazine)