- If Russian hackers suspected of a vast cybersecurity breach slipped into the Pentagon or military’s computer systems, the strength of protective network blockades is key to keeping them from burrowing in to try to access increasing amounts of information.
- Overall, the Pentagon has been largely silent about the breach publicly as it works through the long process to assess fallout from the intrusion, saying early on that no breach had been detected yet, despite media reports that said the agency was among government offices compromised through widely used software from SolarWinds, a network management company.
- Authorities believe that hackers had extensive access to some government or business networks for as long as nine months. With that time, could the hackers have figured out how to jump the air gap meant to block computer system users from accessing classified systems?
- Andrew Eversden, Joe Gould, and Mark Pomerleau | December 27, 2020
- Data is eating the world and there are many indicators of its ubiquitous presence in our lives. From fueling the recent success of “artificial intelligence” (AI) and the rise of “digital transformation” to its accelerated growth due to Covid-19 to new approaches to its “monetization” (finding money in mining data, a growing practice since at least the 1970s) to how it makes businesses and consumers both anxious and animated, data dominates our deeds, debates, and dreams.
- 51% of CIOs and CTOs that report accelerating the adoption of machine learning and AI due to covid-19.
- 55% of American adults that are worried about government agencies tracking them through location data generated from their cellphones and other digital devices.
- 71% of small and medium-size businesses that do not have a formal plan/protocols in place to deal with any potential cyber-attacks.
- Gil Press | December 27, 2020
- Sangoma is a particular voice over IP software and hardware provider that is more popularly known for its open-source Free PBX phone system that reportedly allows the organization to create a cheaper corporate phone system on their own network.
- The Conti ransomware gang had published a significant 26 GB or more of the data on their own ransomware data leak site. This was the data that had been stolen from Sangoma during its more recent cyberattacks.
- The whole ransomware operation said to be behind this recent attack is more popularly known as Conti. They were first spotted in certain isolated attacks that took place during the end of December last 2019 with even more attacks that started to pick up in June of 2020.
- This particular ransomware shares its code with the known Ryuk Ransomware and is also known to be distributed by the cunning TrickBot trojan.
- Urian B. | December 27, 2020
- EVOTEK (www.evotek.com), the nation's premier enabler of secure digital business, announced that it has hired former FBI Supervisory Special Agent (SSA) John Caruthers as Business Information Security Officer (BISO) and Executive Advisor.
- Caruthers's hire exhibits EVOTEK's longtime commitment to further expand and strengthen their cybersecurity capabilities, protecting US businesses from cyberthreats of all kinds.
- "John is an outstanding addition to our cybersecurity team," said Jeff Klenner, President of EVOTEK. "His vast experience in federal law enforcement, including everything from drug cartels, crimes against children, and cyber-terrorism, give him unique insights and perspectives that we are excited to see impact and improve EVOTEK's ability to protect our clients' assets."
| December 21, 2020
- Since at least March, hackers likely working for Russian intelligence have embedded themselves without detection inside the unclassified networks of several U.S. government agencies and hundreds of companies.
- Jake Williams, a former NSA hacker and founder of Rendition Infosec, said hackers would have gone for the targets that got their “biggest bang for their buck,” referring to FireEye and government targets.
- “I have no doubt in my mind that had the Russians not targeted FireEye we would not know about this,” Williams said, praising the security giant’s response to the attacks. “We’re going to find more government agencies that were breached. They’re not detecting it independently. This only got discovered because FireEye got hit,” he said.
- Zack Whittaker | December 17, 2020
- In a statement on Thursday, the Cybersecurity and Infrastructure Security Agency (Cisa) also warned that it will be difficult to remove the malware inserted through network software.
- “Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency said.
- The true scale of the breach is still unknown, but looks to have extended beyond the US government. On Thursday, Reuters reported that Microsoft was also hacked as part of the suspected Russian campaign, according to people familiar with the matter.
- SolarWinds, the company behind the software targeted by hackers, said earlier this week that up to 18,000 of its more than 300,000 customers had downloaded the compromised software.
- Kari Paul | December 17, 2020
- Co-founder Karin Sode told BBC News an entire database had been stolen by hackers and included information on previous customers.
- Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said.
- People's Energy has contacted the Information Commissioner's Office, the National Centre for Cyber-Security, the energy regulator Ofgem and the police.
BBC News - Zoe Kleinman | December 17, 2020
- On the night of December 9, cyber-criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania's public sector. The attackers then published articles containing misinformation on the sites.
- In a statement published on Wednesday, Lithuania's defense minister, Arvydas Anušauskas, described the digital assault as one of the "biggest and most complex" cyber-attacks to hit the republic in recent years.
- Anušauskas added that the attack, which took place “on the eve of the government’s transition [...] was prepared in advance and with a goal in mind.”
- Following the attack, the NKSC has submitted a number of cybersecurity recommendations to municipalities. These include actively searching for vulnerabilities, limiting access to content management systems, installing a firewall, and avoiding the use of passwords that are easy to guess.
- Sarah Coble | December 16, 2020
San Diego Cyber Incident Response Guide
Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.