Security News

The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said Sunday. Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are "What businesses now have to worry about," and that she will work "Very vigorously" with the Department of Homeland Security to address the problem, calling it a top priority for the administration.

One of the USA's largest oil pipelines has been shut by ransomware, leading the nation's Federal Motor Carrier Safety Administration to issue a regional emergency declaration permitting the transport of fuel by road. The Colonial Pipeline says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or 45 percent of all fuel needed on the USA's East Coast. The pipeline carries fuel for cars and trucks, jet fuel, and heating oil.

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise. A couple of weeks ago, Britain and the US joined forces to out the SVR's Tactics, Techniques and Procedures, giving the world's infosec defenders a chance to look out for the state-backed hackers' fingerprints on their networked infrastructure.

Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The FBI, NSA, CISA and the UK's NCSC say the Russian threat actor tracked as APT29 was behind the SolarWinds attack, which resulted in hundreds of organizations having their systems breached through malicious updates served from compromised SolarWinds systems.

Russian Foreign Intelligence Service operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks. In a third advisory issued on April 26, the FBI, DHS, and CIA warned of continued attacks coordinated by the Russian SVR against the US and foreign organizations.

A task force attached to the Institute for Security and Technology has released set of recommendations to combat the ransomware scourge currently hitting organizations around the world. A total of 48 recommendations are included in the document, focused on four major goals: to deter ransomware attacks and disrupt this business model, and to help organizations better prepare for attacks and efficiently respond to them.

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed "Judiciously" in the future as the Justice Department, aware of privacy concerns, develops a framework for its use, a top national security official said Wednesday. Many victims took steps on their own to safeguard their systems, but for those that who did not, the Justice Department stepped in to do it for them with a judge's approval.

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics - including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR. As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.

As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used. Now the U.S. Air Force has adopted zero trust to improve and protect its flightline.

The FBI, the US Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency warned today of continued attacks coordinated by the Russian Foreign Intelligence Service against US and foreign organizations. With access to the administrative account, the actors modified permissions of specific e-mail accounts on the network, allowing any authenticated network user to read those accounts.