Security News

Neal Dennis: There's a lot of good things out there that are kind of one-offs, or staging one-offs, when the campaigns in the cyberwar kick off. You're kind of out in front of the threats as a community.

The European Council this week announced its decision to extend for one year the framework for sanctions against cyberattacks that threaten the European Union and its member states. Established in 2017, the framework allows member states to take restrictive measures against cyberattacks, including to prevent, discourage, deter and respond to malicious activities.

Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S. The government's invitation to provide feedback that will be open for almost two months comes at a time of prominent cyberattacks such as, the Colonial Pipeline incident, the Codecov supply-chain attack, and ransomware attacks on mission-critical organizations [1, 2] that continue to grow.

There's going to have to be a lot more new procedures developed, a lot better procedures developed to bridge the gap between operational technology and information technology to get those control systems where they need to be. There's going to be a really good focus on what it means to be at that national, and even the regional levels within the control systems there, to start having more robust sharing of that information that's going on within these networks.

A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials.

The University of California this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance service. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion's service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.

The DarkSide ransomware gang posted a new "Press release" today stating that they are apolitical and will vet all targets before they are attacked. Today, the DarkSide ransomware gang issued a press statement stating that their organization is 'apolitical' and is not associated with any government.

Texas-based IT management company SolarWinds on Friday shared more information on the impact of the significant breach disclosed late last year, and claimed that less than 100 of its customers were actually hacked. Initial reports said more than 250 organizations were actually breached, but the U.S. government later said that it had identified roughly 100 private sector companies and 9 federal agencies whose systems were targeted by the attackers.

The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said Sunday. Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are "What businesses now have to worry about," and that she will work "Very vigorously" with the Department of Homeland Security to address the problem, calling it a top priority for the administration.

Colonial Pipeline halts all fuel pipeline operations in response to ransomware attack. A cyberattack has forced an operational shutdown of the Colonial Pipeline, the largest refined products pipeline in the United States.