Pivoting on this week’s reading which highlighted Cyberwar and Cyber Terrorism, this recent article from Dark Reading reports on the recent takedown of notorious ransomware group REvil by the Russian government. The takedown was a joint effort between the Russian Federal Security Service and the United States, which terminated REvil ransomware-as-a-service infrastructure. Some analysts believe the move was purely political on Russia’s end to leverage bargaining with the U.S amid Ukraine tensions.
Ukraine was hit by a rather large cyberattack that took down about 12 government websites. This attack impacted UK, US, and Swedish embassies in Ukraine. The Ukrainian ministry of foreign affairs and the education ministry websites were two of the mentioned sites taken down. Ukraine’s SBU security service stated that no personal data was leaked, which is rather pleasing news as a message by the attacker/attackers was displayed stating information about Ukrainians has become public.
In addition to the previous post regarding the major cyberattack in Ukraine, there are new updates surrounding the matter. As the cyber attack that took down and defaced Ukrainian government websites was likely believed to be performed by Russia, Ukraine is now claiming that evidence suggests that it was carried out by Moscow, according to a statement by the Ministry of Digital Development today. Furthermore, Microsoft also has revealed that a number of the company’s systems in Ukrainian government agencies have been infected with “destructive malware disguised as ransomware.”
The Colonial Pipeline attack that happened in last May 2021 was a result of a compromised password. The attackers were able to gain an access to the network through a Virtual Private Network (VPN) account. That allowed the attackers remote access to the Colonial Pipeline network. The account that was being used was not being used by anyone at the time of the attack. That account password was also being discovered on the dark web. The VPN account that was being used to access the Colonial Pipeline network was being deactivate and they didn’t also had multi-factor authentication set up for any of their VPN accounts. The attacker has stolen nearly 100 GB of Colonial Pipelines data. Colonial Pipeline has paid a ransomware of $4.4 million shortly after a hack.
Kronos, a human resource company responsible for helping companies manage payrolls and track employee time data, recently experienced a ransomware attack that affected multiple employers such as New York’s Metropolitan Transportation Authority, the city of Cleveland, the Oregon Department of Transportation and a number of universities, including the University of Utah and George Washington University. This attack targeted the Kronos Private Cloud and caused many employers to turn to issuing paper paychecks and manual records for a few weeks while the company worked with cybersecurity professionals and legal authorities to resolve the issue. Ransomware attacks continue to be a leading risk in today’s threat environment.
Tying into this week’s concepts of federal information system security, I found this article to be especially relevant. Stephen Kovac, the Chief Compliance Officer of Zscaler, an American cloud-based security company specializing in secure internet accessibility, discussed the importance in codifying the Federal Risk and Authorization Management Program (FedRAMP). Kovac referred to FedRAMP as “ ‘force multiplier’ for securing federal IT networks and systems, but challenges with a lacking in federal funding for the program would halt efforts. Especially given recent federal economic stresses, it is uncertain that the federal government would be willing to sign a legislation and allocate funds for the initiative. Information security at the government level is still at the “reactive” mindset approach, versus the proactive mindset–not many legislators want to spend funding on issues that are not “true issues” yet. Thinking from a business standpoint, there are thousands of contractors working with government entities. By prioritizing FedRAMP mandates, not only government entities, but also private corporations dependent on vendors will be forced to improve information security management programs; and thus foster an environment where information security “best practices” become regular practices.
Clinical Review Vendor Reports Data Breach. A cyberattack on the Institute for Medical Review in the United States (MRIoA) may have exposed the personal data of 134,571 individuals. The Medical Review Institute of America, based in Salt Lake City. Attackers breached their computer systems by exploiting alleged vulnerabilities in products made by SonicWall. The list of 31 MRIoA customers affected by the cyberattack is included in the breach report. “This has been resolved and the environment for MRIoA has been secured,” said a SonicWall spokesperson.
“How Buy Now, Pay Later is being targeted by fraudsters”
Consumers increasingly utilise Buy It Now (BNPL) payment options to purchase online purchases. PayPal reports that using its new BNPL payment option increased U.S. sales by nearly 400% for consumers and 141% for U.S. sales during 2020. As a result, BNPL is currently the fastest growing payment solution for e-commerce in recent years and now accounts for 2.6% of global e-commerce sales. So while companies offering BNPL are seeing an increase in purchases and revenue, the payment options are also attracting fraudsters who are always looking for loopholes in payment systems and often target new techniques to make a profit at the retailer’s expense.
BNPL products currently have no regulatory system to perform credit checks on customers’ finances. As a result, fraudsters disguise themselves as real customers and set up fake accounts for the first purchase, pay a portion of it, and then close the account upon receipt of the goods.
As tensions rise in the Ukraine v Russia conflict, Russia warns that if the US gets involved, they will launch a comprehensive cyber attack that could range from simple denial of service to a severe attack on critical infrastructure. DHS says Russia’s capability for launching such an attack is high. Recently, we saw Russian-based hackers launch an attack on the Colonial Pipeline and meat supplier JBS causing significant delays. They were also responsible for the SolarWinds attack. In the past, they had launched attacks on the Ukraine power grid. Russia continues to target gaining access to critical US infrastructure.
The US cyber defense is on high alert due to the current geopolitical landscape.
Much of this week’s reading focused on risk management through planning and policy objectives which includes meeting compliance. For information security compliance and regulatory requirement often have a reporting component for example GDPR has a 72-hour reporting requirement. In this article from Dark Reading, starting April 2022 US banks will now be required to notify federal regulators of within 36 hours when discovering any cybersecurity incident defined as anything impacting the CIA triad. Banks must notify a FDIC-designated officer however, a full root cause analysis is not necessary within the 36 hours and can be provided at a later point.
The article talks about planning for information security includes preparation to provide information security policies that will be the guidance for the whole information security program. Hence, to create the policy, management should first plan to determine a risk analysis on the information assets that ought to be protected. The risk analysis will establish the assets, determine risks to them, and assign a value to their potential loss. Doing this, management can make decisions on the policies that best protect those assets by minimizing or mitigating the risks. The final aspect of information security management is education and training of all employees to keep abreast with up-to-date security issues within an organization. In that regard, Management is primarily responsible for supporting the policy not only with its backing, but also by including policies and the backing for educating users on those policies. With security awareness training, users should know and understand their roles under the policies properly within organization regarding day-to-day running of an organization. https://www.pearsonitcertification.com/articles/article.aspx?p=30287&seqNum=3
Pivoting on this week’s reading which highlighted Cyberwar and Cyber Terrorism, this recent article from Dark Reading reports on the recent takedown of notorious ransomware group REvil by the Russian government. The takedown was a joint effort between the Russian Federal Security Service and the United States, which terminated REvil ransomware-as-a-service infrastructure. Some analysts believe the move was purely political on Russia’s end to leverage bargaining with the U.S amid Ukraine tensions.
https://www.darkreading.com/threat-intelligence/russia-takes-down-revil-ransomware-operation-arrests-key-members
Ukraine was hit by a rather large cyberattack that took down about 12 government websites. This attack impacted UK, US, and Swedish embassies in Ukraine. The Ukrainian ministry of foreign affairs and the education ministry websites were two of the mentioned sites taken down. Ukraine’s SBU security service stated that no personal data was leaked, which is rather pleasing news as a message by the attacker/attackers was displayed stating information about Ukrainians has become public.
https://www.infosecurity-magazine.com/news/ukrainian-government-offline-cyber/
In addition to the previous post regarding the major cyberattack in Ukraine, there are new updates surrounding the matter. As the cyber attack that took down and defaced Ukrainian government websites was likely believed to be performed by Russia, Ukraine is now claiming that evidence suggests that it was carried out by Moscow, according to a statement by the Ministry of Digital Development today. Furthermore, Microsoft also has revealed that a number of the company’s systems in Ukrainian government agencies have been infected with “destructive malware disguised as ransomware.”
https://www.aljazeera.com/news/2022/1/16/ukraine-claims-russia-behind-cyberattack-in-hybrid-war
The Colonial Pipeline attack that happened in last May 2021 was a result of a compromised password. The attackers were able to gain an access to the network through a Virtual Private Network (VPN) account. That allowed the attackers remote access to the Colonial Pipeline network. The account that was being used was not being used by anyone at the time of the attack. That account password was also being discovered on the dark web. The VPN account that was being used to access the Colonial Pipeline network was being deactivate and they didn’t also had multi-factor authentication set up for any of their VPN accounts. The attacker has stolen nearly 100 GB of Colonial Pipelines data. Colonial Pipeline has paid a ransomware of $4.4 million shortly after a hack.
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
Kronos, a human resource company responsible for helping companies manage payrolls and track employee time data, recently experienced a ransomware attack that affected multiple employers such as New York’s Metropolitan Transportation Authority, the city of Cleveland, the Oregon Department of Transportation and a number of universities, including the University of Utah and George Washington University. This attack targeted the Kronos Private Cloud and caused many employers to turn to issuing paper paychecks and manual records for a few weeks while the company worked with cybersecurity professionals and legal authorities to resolve the issue. Ransomware attacks continue to be a leading risk in today’s threat environment.
https://www.securitysystemsnews.com/article/kronos-ransomware-attack-impacts-major-maine-employers
https://blog.executivebiz.com/2021/12/zscalers-stephen-kovac-fedramp-should-be-codified-and-funded/
Tying into this week’s concepts of federal information system security, I found this article to be especially relevant. Stephen Kovac, the Chief Compliance Officer of Zscaler, an American cloud-based security company specializing in secure internet accessibility, discussed the importance in codifying the Federal Risk and Authorization Management Program (FedRAMP). Kovac referred to FedRAMP as “ ‘force multiplier’ for securing federal IT networks and systems, but challenges with a lacking in federal funding for the program would halt efforts. Especially given recent federal economic stresses, it is uncertain that the federal government would be willing to sign a legislation and allocate funds for the initiative. Information security at the government level is still at the “reactive” mindset approach, versus the proactive mindset–not many legislators want to spend funding on issues that are not “true issues” yet. Thinking from a business standpoint, there are thousands of contractors working with government entities. By prioritizing FedRAMP mandates, not only government entities, but also private corporations dependent on vendors will be forced to improve information security management programs; and thus foster an environment where information security “best practices” become regular practices.
Clinical Review Vendor Reports Data Breach. A cyberattack on the Institute for Medical Review in the United States (MRIoA) may have exposed the personal data of 134,571 individuals. The Medical Review Institute of America, based in Salt Lake City. Attackers breached their computer systems by exploiting alleged vulnerabilities in products made by SonicWall. The list of 31 MRIoA customers affected by the cyberattack is included in the breach report. “This has been resolved and the environment for MRIoA has been secured,” said a SonicWall spokesperson.
https://www.infosecurity-magazine.com/news/clinical-review-vendor-data-breach/
“How Buy Now, Pay Later is being targeted by fraudsters”
Consumers increasingly utilise Buy It Now (BNPL) payment options to purchase online purchases. PayPal reports that using its new BNPL payment option increased U.S. sales by nearly 400% for consumers and 141% for U.S. sales during 2020. As a result, BNPL is currently the fastest growing payment solution for e-commerce in recent years and now accounts for 2.6% of global e-commerce sales. So while companies offering BNPL are seeing an increase in purchases and revenue, the payment options are also attracting fraudsters who are always looking for loopholes in payment systems and often target new techniques to make a profit at the retailer’s expense.
BNPL products currently have no regulatory system to perform credit checks on customers’ finances. As a result, fraudsters disguise themselves as real customers and set up fake accounts for the first purchase, pay a portion of it, and then close the account upon receipt of the goods.
https://www.helpnetsecurity.com/2022/01/18/bnpl-fraudsters/?web_view=true
As tensions rise in the Ukraine v Russia conflict, Russia warns that if the US gets involved, they will launch a comprehensive cyber attack that could range from simple denial of service to a severe attack on critical infrastructure. DHS says Russia’s capability for launching such an attack is high. Recently, we saw Russian-based hackers launch an attack on the Colonial Pipeline and meat supplier JBS causing significant delays. They were also responsible for the SolarWinds attack. In the past, they had launched attacks on the Ukraine power grid. Russia continues to target gaining access to critical US infrastructure.
The US cyber defense is on high alert due to the current geopolitical landscape.
https://abcnews.go.com/Politics/dhs-warns-russian-cyberattack-us-responds-ukraine-invasion/story?id=82441727
Much of this week’s reading focused on risk management through planning and policy objectives which includes meeting compliance. For information security compliance and regulatory requirement often have a reporting component for example GDPR has a 72-hour reporting requirement. In this article from Dark Reading, starting April 2022 US banks will now be required to notify federal regulators of within 36 hours when discovering any cybersecurity incident defined as anything impacting the CIA triad. Banks must notify a FDIC-designated officer however, a full root cause analysis is not necessary within the 36 hours and can be provided at a later point.
https://www.darkreading.com/risk/u-s-banks-will-be-required-to-report-cyberattacks-within-36-hours
The article talks about planning for information security includes preparation to provide information security policies that will be the guidance for the whole information security program. Hence, to create the policy, management should first plan to determine a risk analysis on the information assets that ought to be protected. The risk analysis will establish the assets, determine risks to them, and assign a value to their potential loss. Doing this, management can make decisions on the policies that best protect those assets by minimizing or mitigating the risks. The final aspect of information security management is education and training of all employees to keep abreast with up-to-date security issues within an organization. In that regard, Management is primarily responsible for supporting the policy not only with its backing, but also by including policies and the backing for educating users on those policies. With security awareness training, users should know and understand their roles under the policies properly within organization regarding day-to-day running of an organization.
https://www.pearsonitcertification.com/articles/article.aspx?p=30287&seqNum=3