This week’s Cyber Security Headlines – Week in Review, May 10-14, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Al Ghous, CISO, Envision Digital
Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.
Colonial hackers stole data ahead of pipeline shutdown
The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to Bloomberg. A cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, as part of a double extortion scheme. Colonial made the decision late Friday to shut down the pipeline that is the main source of gasoline, diesel and jet fuel for the East Coast, without saying when it would reopen.
China’s PLA Unit 61419 purchasing foreign antivirus products
Recorded Future’s Insikt Group has discovered six procurement documents from the websites of the official People’s Liberation Army (PLA) military unit 61419 that show its intent to purchase English language versions of antivirus software from companies like Kaspersky, Norton, Symantec and others. Insikt points out that Chinese-language versions of the software would be the more logical choice if it was intended for legitimate use. Insikt suggests that given unit 61419’s extensive history in software supply chain exploitation, the antivirus brands listed in its report should be closely monitored. The report can be found at Recorded Future, dated May 5.
Insurance provider ends ransomware reimbursement
The insurance company AXA said, at the request of the French government, it will end cyber insurance policies in France that reimburse victims for ransomware payments, although policies will still cover the cost of recovery. Speaking at a recent Paris roundtable, French cybercrime prosecutor Johanna Brousse said in 2020, only the US experienced more ransomware attacks than France. A September report by another cyber insurance provider, Coalition, found that 41% of claims were ransomware related in the first half of 2020, with a 260% increase in ransomware attacks on the year.
(ZDNet)
Research firm finds disappointing stats in internal risk mitigation
Elevate Security, a leader in human attack surface management, released new findings yesterday on the state of human cybersecurity risk in the workforce, revealing that traditional employee risk mitigation efforts such as security awareness training and phishing simulations have a limited impact on improving employees’ real-world cybersecurity practices. The three year study involving 114,000 users found that security training has no significant effect at the organizational level or in real-world attacks, and in fact users with five or more training sessions are actually more likely to click on a phishing link than those with little or no training. The full report is available at ElevateSecurity.com.
Thanks to our episode sponsor, Altitude Networks
Missed patches a major cause of government security incidents
A new report from BAE Systems Applied Intelligence found that 63% of managers in UK central governmental organizations experienced a security incident in the past six-months, with 52% of those coming from missed patches. Interestingly, security considerations were virtually tied with integration issues as the most common barrier to upgrades with 68% and 69%, respectively. Overall 60% of departments had digital transformation plans in place, with 75% of those motivated by a desire to mitigate the risk of security vulnerabilities.
Britain’s NHS app ready to become vaccine passport next week
As of next Monday, people who have received both doses of the COVID vaccine will be able to use the app for foreign travel, which is expected to be opened up as of May 17. This National Health Service (NHS) app is separate from the NHS Covid-19 app, which is used for contact tracing, and which ran into privacy conflicts with Google and Apple, as we reported last month. The UK Government advised people to register to use the app at least two weeks before travelling, and reminds travelers that few countries currently accept proof of vaccination, so people will still need to follow other rules when travelling abroad – like getting a negative pre-departure test.(BBC News)
Japanese manufacturer Yamabiko targeted by Babuk ransomware
The ransomware group that claimed to be retiring after its attack on Washington DC’s police department last month has reportedly targeted Yamabiko, a Tokyo-headquartered manufacturer of power tools and agricultural and industrial machinery. Although official confirmation is still pending from the victim company, it appears the Russian-speaking threat actors have already released some of the data on their data leak site. This includes personally identifiable information (PII) on employees, product schematics, financial data and more, according to TechNadu.