Security News
Supply chain attacks target the weakest spot in most every enterprise's security program: third-party access. The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim's extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems.
The question is, when does a cyberattack cross the line between a criminal action or mere prank, to an act of war? Is it the nature of the victim? The nature of the attacker? The nature of the damage? Or a combination of them all? Oxford's Reference Dictionary defines an act of war as: "An act by one nation intended to initiate or provoke a war with another nation; an act considered sufficient cause for war." That's a good definition, but it leaves some ambiguity when applied to the realm of cybersecurity.
Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. "With more than 400,000 organizations using SAP, 77 percent of the world's transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more."
Brown University, a private US research university, had to disable systems and cut connections to the data center after suffering a cyberattack on Tuesday. The university's Computing & Information Services staff took "a number of aggressive steps to protect the University's digital resources, including shutting down connections to our central data center and systems within it."
An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a $40,000,000 payment. According to the Broward County Public Schools website, the school system is the sixth-largest in the USA, with nearly 261,000 students and approximately 110,000 adult students in 241 schools, centers, and technical colleges, and 92 charter schools.
Of course, government servers are only one of the places tax data resides - our employers, third-party services and we ourselves have copies of it, and can be the source of potential data exposure. In February, the IRS warned of subtle phishing attacks targeting tax preparers, efforts designed to steal Electronic Filing Identification Numbers useful for mass-filing of fraudulent tax returns to pocket illegal refunds at-scale.
A top Biden administration official says the government is undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks. The public-private partnership reflects the administration's concerns about the vulnerability of vital systems, including the electric grid and water treatment plants, to hacks that could cause catastrophic consequences to American life.
Attacks against firmware are snowballing, outstripping many organizations' cyber-defenses, according to a survey from Microsoft. The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years - but only 29 percent of security budgets goes to firmware security.
Brewing giant Molson Coors said that a disruptive cyberattack, combined with winter storms in Texas, could cost the company upwards of $140 million in short-term EBITDA. The maker of popular beer brands in the U.S., including Coors Light, Miller Lite, Molson Canadian, Blue Moon, Carling, Coors Banquet, and others, revealed on March 11 that a cyberattack severely disrupted several parts of its business, including brewery operations, production, and shipments. "Despite this progress led by the significant efforts of the Molson Coors team, along with the support of leading forensic information technology firms and other advisors, the Company has experienced and continues to experience some delays and disruptions in its business, including brewery operations, production and shipments in the U.K., Canada and the U.S.," a March 26 statement said.
The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. Despite any evidence of access to any databases with user info, Ubiquiti could not guarantee that user details had not been exposed.