Wednesday, August 25, 2021

CYBERWARFARE
Tech companies pledge billions in cybersecurity investments


1 of 5
Apple CEO Tim Cook, left, and IBM CEO Arvind Krishna listen as President Joe Biden speaks during a meeting about cybersecurity in the East Room of the White House, Wednesday, Aug. 25, 2021, in Washington. (AP Photo/Evan Vucci)


WASHINGTON (AP) — Some of the country’s leading technology companies have committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers, the White House announced Wednesday following President Joe Biden’s private meeting with top executives.

The Washington gathering was held during a relentless stretch of ransomware attacks that have targeted critical infrastructure and major corporations, as well as other illicit cyber operations that U.S. authorities have linked to foreign hackers.

The Biden administration has been urging the private sector to do its part to protect against those increasingly sophisticated attacks. In public remarks before the meeting, Biden referred to cybersecurity as a “core national security challenge” for the U.S.

“The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. “I’ve invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”

After the meeting, the White House announced that Google had committed to invest $10 billion in cybersecurity over the next five years, money aimed at helping secure the software supply chain and expand zero-trust programs. The Biden administration has looked for ways to safeguard the government’s supply chain following a massive Russian government cyberespionage campaign that exploited vulnerabilities and gave hackers access to the networks of U.S. government agencies and private companies.

Microsoft, meanwhile, said it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses. IBM plans to train 150,000 people in cybersecurity over three years, Apple said it would develop a new program to help strengthen the technology supply chain, and Amazon said it would offer to the public the same security awareness training it gives to employees.

Top executives of each of those companies were invited to Wednesday’s meeting, as were financial industry executives and representatives from the energy, education and insurance sectors. A government initiative that at first supported the cybersecurity defenses of electric utilities has now been expanded to focus on natural gas pipelines, the White House said Wednesday.

Though ransomware was intended as one aspect of Wednesday’s gathering, a senior administration official who briefed reporters in advance said the purpose was much broader, centered on identifying the “root causes of any kind of malicious cyber activity” and also ways in which the private sector can help bolster cybersecurity. The official briefed reporters on the condition of anonymity.

The meeting took place as Biden’s national security team has been consumed by the troop withdrawal in Afghanistan and the chaotic evacuation of Americans and Afghan citizens. That it remained on the calendar indicates the administration regards cybersecurity as a major agenda item, with the administration official describing Wednesday’s meeting as a “call to action.”

The broad cross-section of participants underscores how cyberattacks have cut across virtually all sectors of commerce. In May, for instance, hackers associated with a Russia-based cyber gang launched a ransomware attack on a major fuel pipeline in the U.S., causing the pipeline to temporarily halt operations. Weeks later, the world’s largest meat processor, JBS, was hit with an attack by a different hacking group.

In both instances, the companies made multimillion-dollar ransom payments in an effort to get back online.

Biden on Wednesday pointed to a summit with Russian President Vladimir Putin in June when he said he made clear his expectation that Russia take steps to rein in ransomware gangs because “they know where (the hackers) are and who they are.”


T-Mobile hit with class actions after data breach

25 August 2021


A pair of lawsuits have been filed against US telecom T-Mobile following a cyber-attack affecting more than 53m customers and prospective customers.

One of the actions, Espanoza v T-Mobile USA, accuses the company of putting plaintiffs and class-action members at considerable risk by not adequately protecting them as a result of negligent conduct.

The complaint alleges data thieves can fraudulently apply for unemployment and other benefits, open financial accounts, take out loans, obtain driver’s licenses and commit other crimes in T-Mobile customers’ names, FOXBusiness news reported.

In the other lawsuit, Durwalla v T-Mobile USA, victims are said to have already spent as much as 1,000 hours addressing privacy concerns stemming from the attack earlier this month, including reviewing financial and credit statements for evidence of unauthorised activity.

The lawsuits seek compensatory damages, reimbursement of out-of-pocket costs for the efforts to repair any damage from the fraud and improvements to T-Mobile’s data security systems, among other actions.

In a 20 August update, the company said it has worked around the clock on the forensic analysis and investigation into the cyber-attack against its systems and taken measures to protect customers and others whose information may have been exposed.

“Our investigation is ongoing and will continue for some time, but at this point, we are confident that we have closed off the access and egress points the bad actor used in the attack,” it added.

Among customer support it is providing are two years of free identity protection services and recommending eligible customers sign up for free scam-blocking protection

State Department reportedly hit by serious cyberattack



BY DUNCAN RILEY

The U.S. State Department is said to have been hit by a serious cyberattack that was reported to the Department of Defense Cyber Command, according to Fox Business.

The details of the type of attack, exactly when it happened and what data may have been stolen were not revealed. Fox News reporter Jacqui Heinrich said on Twitter Aug. 21 that she believed that the breach happened a “couple of weeks ago” and that the stolen data did not affect operations to evacuate Americans and Afghan allies from Afghanistan.

The State Department has neither denied nor confirmed the report. “The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected,” a spokesperson said. “For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”

Reuters reported separately that a knowledgeable source had told it that the department has not experienced significant disruptions and has not had its operations impeded in any way. That does not rule out that a cyberattack of some sort has taken place.

The news comes weeks after a bipartisan report from the U.S. Senate Homeland Security and Governmental Affairs Committee found that federal agencies continue to suffer shortcomings in their cybersecurity posture. Notably, the State Department could not provide documentation for 60% of sample employees who had access to the agency’s classified network. Further, the department was found to leave thousands of accounts active after employees have left the agency.

“The recent cyberattack against the U.S. State Department is a reminder that anyone can and will be hit,” Sam Curry, chief security officer at cybersecurity firm Cybereason Inc., told SiliconANGLE. “Overall, the State Department’s networks are big and they are presumably getting attacked by nation-states, terrorists, and other adversaries on a daily basis.”

But he added that without more data on the recent attack, it would be premature to make assumptions on the motives or groups involved. “While the State Department isn’t likely to disclose any further details of this attack, public and private sector security teams, as well as U.S. allies, should be on high alert,” he said.

Image: State Department

93% increase in cyberattacks targeting the UK's education sector
by Check Point Research Published: 23 August 2021 


93% increase in cyberattacks targeting the UK's education sector

As back-to-school begins, Check Point Research (@_CPResearch_) found the education sector to have the highest volume of cyber attacks for the month of July. Cyber criminals are seeking to capitalize on the short-notice shift back to remote learning driven by the Delta variant, by targeting people of schools, universities and research centers who log-in from home using their personal devices.

Global education sector saw a 29% increase in cyber attacks, and an average of 1,739 attacks a week, in July, compared to first half of 2021

Top 5 most attacked countries were India, Italy, Israel, Australia and Turkey

UK/Ireland/Isle-of-Man region experienced a 142% increase in weekly cyber attacks targeting the education sector; East Asia region marked a 79% increase

Check Point Research (CPR) sees an increase in cyberattacks against the global education sector, as back-to-school season gets underway. During the month of July, the education sector experienced the highest volume of cyber attacks compared to other industry sectors that CPR tracks, with an average of 1,739 cyber attacks documented per organization each week, marking a 29% increase from the first half of 2021.

Most Targeted Countries: India, Italy, Israel, Australia and Turkey

The table below shows the number of weekly cyber attacks in July on the education sectors for India, Italy, Israel and Australia, as well as the percent increases compared to the first half of 2021.


Ranking

Country

# of Weekly Cyber Attacks in July

% Change from H1


1
India
5,196
+ 22%


2

Italy
5,016
+ 70%


3
Israel
4,011
+ 51%


4
Australia
3,934
+ 17%


Weekly attacks per organizations by country (July 2021 compared to first half of 2021)


Tom Kendrick, EMEA security evangelist at Check Point Software:

“Cyber criminals are looking to capitalise on this year’s back-to-school season. We found that the education sector was attacked significantly more compared to other industries in the month of July. Schools, universities and research centres make for attractive targets to cyber criminals because they are often under resourced from a security perspective. The short-notice, on-and-off shift to remote learning exacerbates the security risk. With so many students logging on from their home networks using their personal devices, the current back-to-school season presents a range of new security threats that many aren’t prepared to address. Organisations in the education sector should be proactive in their protection strategies. It’s important to constantly change and strengthen your passwords and use technologies that prevent cyber attacks, such as ransomware.”

Cyber Safety Tips for Academia, Staff and Students

Strengthen passwords. Passwords matter - it is a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.

Be phishing-aware:be wary of clicking on links that look in any way suspicious and only download content from reliable sources that can be verified. Remember that phishing schemes are a form of social engineering so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not cyber criminals.

Reduce attack surface: A common approach in information security is to reduce the attack surface. For endpoints, you need to take full control of peripherals, applications, network traffic, and your data. You need to encrypt data when it is in motion, at rest, and in use. It is also important to make sure you enforce your corporate policies to achieve endpoint security compliance

Use Anti-ransomware. This technology allows you to detect signs of ransomware and uncover running mutations of known and unknown malware families by using behavioral analysis and generic rules
Contain and remediate. Contain attacks and control damage by detecting and blocking command and control traffic and prevent the lateral movement of malware by isolating infected machines. You can then remediate and sterilize your environment by restoring encrypted files, quarantining files, kill processes, and sterilizing the full attack chain.

No comments: