Security News

NATO said Saturday it was checking its computer systems after a massive cyberattack on US government agencies and others that Washington blamed on Moscow. "At this time, no evidence of compromise has been found on any NATO networks. Our experts continue to assess the situation, with a view to identifying and mitigating any potential risks to our networks," a NATO official told AFP. Microsoft said Thursday its anti-virus software detected intrusions in dozens of networked systems, most of them in the United States, via software supplied by US tech company SolarWinds.

Russia was "Pretty clearly" behind a devastating cyberattack on several US government agencies that also hit targets worldwide, Secretary of State Mike Pompeo said. "There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems," Pompeo told The Mark Levin Show on Friday.

Since the SolarWinds supply chain attack was disclosed in December, there has been a whirlwind of news, technical details, and analysis released about the hack. The information is distilled into a format that will hopefully explain the attack, who its victims are, and what we know to this point.

State-sponsored hackers who exploited a security hole in a SolarWinds monitoring tool to infiltrate government and business networks have apparently left a long line of victims in their wake. Asserting that this threat "Poses a grave risk" to the federal, state, and local governments as well as to critical infrastructure providers and the private sector, CISA sees the removal of the attackers from compromised networks as a highly complex and challenging endeavor.

Cyberattack recovery frameworks are a necessary part of cybersecurity. Rolfe developed the model to help the medical field, but it can work equally well as a way to recover from a cybersecurity incident.

The Energy Department and its National Nuclear Security Administration, which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack. An exclusive report by Politico cited DoE official sources who said that their department was infiltrated by the cyberattackers, including hits on the NNSA; the Federal Energy Regulatory Commission which has oversight for the entire department; the Sandia and Los Alamos national laboratories in Washington and New Mexico; and the Richland Field Office of the DoE. The DoE confirmed its compromise on Friday.

INDEPENDENCE, Mo. - A ransomware attack on the city of Independence's computer systems has left some residents unable to pay their utility bills. The cyberattack occurred last week, officials in the Kansas City suburb told KSHB. City Manager Zach Walker said that 90% of the billing issues plaguing the city trace back to the cyberattack, which has left customers unable to pay their utility bills online and has caused a delay in bills being delivered by mail.

In some cases, countries are not even aware of major cyberattacks against them; Iran only belatedly realized it had been attacked by the Stuxnet worm over a period of years, damaging centrifuges being used in the country's nuclear weapons program. In the paper, the scholars largely examined scenarios where countries are aware of cyberattacks against them but have imperfect information about the attacks and attackers.

The U.S. Department of Homeland Security, plus the Treasury and Commerce departments, have been hacked in an attack related to the FireEye compromise last week, according to reports. SolarWinds acknowledged the bug in an advisory over the weekend, saying that exploitation of the issue must be done in a "Narrow, extremely targeted, and manually executed attack," and was likely the work of a nation-state.

Norwegian cruise company Hurtigruten announced Monday that it had been hit by a major cyberattack involving what appeared to be "Ransomware", designed to seize control of data to ransom it. The company said it had alerted the relevant authorities when the attack was detected overnight Sunday to Monday.