Security News

The incidents of the past month have confirmed the lack of cyber resilience in many industrial companies and is another reminder of the benefits of zero trust in mitigating the effects of ransomware. The industrial community must improve resilience in operational networks using zero trust strategies.

Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. SimuLand test labs "Provide use cases from a variety of data sources including telemetry from Microsoft 365 Defender security products, Azure Defender, and other integrated data sources through Azure Sentinel data connectors," MSTIC Threat Researcher Roberto Rodriguez said.

Glass and metal packaging giant Ardagh Group this week disclosed a cyberattack that forced it to shut down certain systems and applications. The Luxembourg-based company, one of the largest producers of glass and metal packaging products, says it was able to safely continue operations at its facilities despite the incident.

Neal Dennis: There's a lot of good things out there that are kind of one-offs, or staging one-offs, when the campaigns in the cyberwar kick off. You're kind of out in front of the threats as a community.

The European Council this week announced its decision to extend for one year the framework for sanctions against cyberattacks that threaten the European Union and its member states. Established in 2017, the framework allows member states to take restrictive measures against cyberattacks, including to prevent, discourage, deter and respond to malicious activities.

Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S. The government's invitation to provide feedback that will be open for almost two months comes at a time of prominent cyberattacks such as, the Colonial Pipeline incident, the Codecov supply-chain attack, and ransomware attacks on mission-critical organizations [1, 2] that continue to grow.

There's going to have to be a lot more new procedures developed, a lot better procedures developed to bridge the gap between operational technology and information technology to get those control systems where they need to be. There's going to be a really good focus on what it means to be at that national, and even the regional levels within the control systems there, to start having more robust sharing of that information that's going on within these networks.

A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials.

The University of California this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance service. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion's service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.

The DarkSide ransomware gang posted a new "Press release" today stating that they are apolitical and will vet all targets before they are attacked. Today, the DarkSide ransomware gang issued a press statement stating that their organization is 'apolitical' and is not associated with any government.