Articles

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

The warning likely comes in response to an increase in attacks on managed service providers, through which threat actors can access their clients.

In an unexpected development, the cybersecurity authorities of the “Five Eyes” countries issued an alert warning of an increase in malicious cyber activity targeting managed service providers (MSPs), with these agencies saying they expect this trend to continue. The alert is the result of a collaborative effort among the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA, NSA, FBI).

The agencies said they are “aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue” and point to a report by a significant MSP IT solutions provider, N-Able. That report notes that “almost all MSPs have suffered a successful cyberattack in the past 18 months, and 90% have seen an increase in attacks since the pandemic started.”

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” CISA Director Jen Easterly said in the alert. “Securing MSPs is critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay

 

Articles

A year later, Biden’s cybersecurity executive order driving positive…

Notable experts say the cybersecurity executive order has improved the nation’s security posture, but more work is to be done.

In late February, the National Institute of Standards and Technology (NIST) issued a request for information (RFI) to evaluate and enhance its Cybersecurity Framework, or CSF, first produced in 2014 and last updated in 2018. Many developments in the swiftly changing cybersecurity field prompted NIST to revisit its complex and well-received template designed to help organizations best manage cybersecurity risk.

In its RFI, NIST asked a series of questions about how to improve the use of the framework. Among those questions are whether the framework allows for better risk assessments and management of risks, what relevant metrics might be used to measure the framework’s impact, and what challenges organizations face in using the framework. NIST also asked how to better align or integrate the CSF with other NIST resources, such as the NIST Risk Management and Privacy Frameworks. Finally, NIST asked how it could help identify supply chain-related cybersecurity needs and harmonize the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) with the CSF.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay

 

Articles

NIST Cybersecurity Framework update comments highlight a gamut of…

Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.

In late February, the National Institute of Standards and Technology (NIST) issued a request for information (RFI) to evaluate and enhance its Cybersecurity Framework, or CSF, first produced in 2014 and last updated in 2018. Many developments in the swiftly changing cybersecurity field prompted NIST to revisit its complex and well-received template designed to help organizations best manage cybersecurity risk.

In its RFI, NIST asked a series of questions about how to improve the use of the framework. Among those questions are whether the framework allows for better risk assessments and management of risks, what relevant metrics might be used to measure the framework’s impact, and what challenges organizations face in using the framework. NIST also asked how to better align or integrate the CSF with other NIST resources, such as the NIST Risk Management and Privacy Frameworks. Finally, NIST asked how it could help identify supply chain-related cybersecurity needs and harmonize the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) with the CSF.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay

 

Articles

U.S. White House releases ambitious agenda to mitigate the…

The Biden administration issued an executive order to ensure U.S. leadership in quantum computing and a memorandum to mitigate its security risks.

Since at least the early 1990s, computer scientists have warned that quantum computing, despite its potential to provide exponentially more powerful computing capabilities, can break traditional encryption methods and expose digital assets to prying eyes and malicious actors. As the era of quantum computing comes into view, the Biden administration announced it is taking steps to advance the field of quantum computing while mitigating the risks quantum computers pose to national and economic security.

Last week the White House issued two directives on quantum information science (QIS). The first is an executive order (EO) to “ensure continued American leadership in quantum information science and its technology applications.”

The second is a national security memorandum that spells out “key steps needed to maintain the nation’s competitive advantage in quantum information science (QIS) while mitigating the risks of quantum computers to the nation’s cyber, economic, and national security.” The EO and the memo represent a “third line” of effort beyond the administration’s already existing efforts to modernize cybersecurity efforts and improve American competitiveness, an administration official said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay

 

Articles

Spyware was used against Catalan targets and UK prime…

Researchers at the Citizen Lab says dozens of officials’ phones were compromised by spyware sold by NSO Group or Candiru.

Researchers at The Citizen Lab at the University of Toronto revealed two significant findings that further highlight the widespread use of Israeli mercenary spyware apps. First, the group released fresh rounds of forensic results that uncovered Catalans’ phones targeted in Spain. Secondly, they discovered that spyware infiltrated the Prime Minister and Foreign and Commonwealth offices in the UK.

These revelations also appeared in conjunction with a lengthy investigation by journalist Ronan Farrow appearing in the New Yorker. Farrow’s research offers new details into the rise of the spyware industry, the troubles facing the spyware purveyors, the efforts by tech companies to circumscribe the highly sophisticated malware, and the Biden administration’s planned actions regarding this trend.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Tumisu, please consider ☕ Thank you! 🤗 from Pixabay

Articles

Rare and dangerous Incontroller malware targets ICS operations

A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.

In the second major industrial control system (ICS) threat development this week, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory (CSA) warning of a complex and dangerous ICS threat. The CSA says that specific unnamed advanced persistent threat (APT) actors have exhibited the capability to gain complete system access to multiple ICS and supervisory control and data acquisition (SCADA) devices.

These agencies collaborated with a group of top-tier industrial control and security leaders including Dragos, Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric in drafting the alert. The CSA pointed specifically to three categories of devices vulnerable to the malware:

  • Schneider Electric programmable logic controllers (PLCs)
  • OMRON Sysmac NEX PLCs
  • Open Platform Communications Unified Architecture (OPC UA) servers

The malware consists of a package of dangerous custom-made tools targeting ICS and SCADA devices that can scan for, compromise and control affected devices once they have established initial access to the operational technology (OT) network.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Frauke Feind from Pixabay

Articles

Ukraine energy facility hit by two waves of cyberattacks…

Sandworm succeeded in planting a new version of the Industroyer malware to disrupt ICS infrastructure at multiple levels, but was thwarted from doing serious damage.

Ukraine’s Governmental Computer Emergency Response Team (CERT-UA) announced that Russia’s state-backed threat group Sandworm launched two waves of cyberattacks against an unnamed Ukrainian energy facility. The attackers tried to decommission several infrastructural components of the facility that span both IT and operational technology, including high-voltage substations, Windows computers, servers running Linux operating systems, and network equipment.

CERT-UA said that the initial compromise took place no later than February 2022, although it did not specify how the compromise occurred. Disconnection of electrical substations and decommissioning of the company’s infrastructure were scheduled for Friday evening, April 8, 2022, but “the implementation of the malicious plan” was prevented.

The Ukrainian team received help from both Microsoft and ESET in deflecting any significant fallout from the attacks. ESET issued a report presenting its analysis of the attacks, saying its collaboration with CERT-UA resulted in its discovery of a new variant of Industroyer malware, the same malware that the Sandworm group used to take down the power grid in Ukraine in 2016.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

With AI RMF, NIST addresses artificial intelligence risks

The new framework could have wide-ranging implications for the private and public sectors. NIST is seeking comments on the current draft by April 29, 2022.

Business and government organizations are rapidly embracing an expanding variety of artificial intelligence (AI) applications: automating activities to function more efficiently, reshaping shopping recommendations, credit approval, image processing, predictive policing, and much more.

Like any digital technology, AI can suffer from a range of traditional security weaknesses and other emerging concerns such as privacy, bias, inequality, and safety issues. The National Institute of Standards and Technology (NIST) is developing a voluntary framework to better manage risks associated with AI called the Artificial Intelligence Risk Management Framework (AI RMF). The framework’s goal is to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.

The initial draft of the framework builds on a concept paper released by NIST in December 2021. NIST hopes the AI RMF will describe how the risks from AI-based systems differ from other domains and encourage and equip many different stakeholders in AI to address those risks purposefully. NIST said it can be used to map compliance considerations beyond those addressed in the framework, including existing regulations, laws, or other mandatory guidance.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New threat group underscores mounting concerns over Russian cyber…

Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyberattacks might target the West.

As fears mount over the prospects of a “cyberwar” initiated by the Russian government, the number of identified Russian threat actors also continues to climb. Last week CrowdStrike publicly revealed a Russia-nexus state-sponsored actor that it tracks as Ember Bear.

CrowdStrike says that Ember Bear (also known as UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear) is likely an intelligence-gathering adversary group that has operated against government and military organizations in eastern Europe since early 2021. The group seems “motivated to weaponize the access and data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations,” according to CrowdStrike intelligence.

Ember Bear is responsible for using the WhisperGate wiper malware against Ukrainian networks in January before Russia invaded Ukraine. The malware masquerades as ransomware but lacks a payment or data recovery mechanism, masking WhisperGate’s true intent, which is the destruction of data. The WhisperGate campaigns began with website defacements containing threatening messages in Ukrainian, Russian and Polish languages.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Zdeněk Macháček on Unsplash

Articles

U.S. State Department unveils new Bureau of Cyberspace and…

The new Bureau could enhance the United States’ ability to work effectively with other nations on cybersecurity matters.

The U.S. State Department announced that its Bureau of Cyberspace and Digital Policy (CDP) began operations on Monday as part of Secretary Antony Blinken’s modernization agenda. The Department says the CDP will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.

The Bureau, ultimately to be led by a Senate-confirmed ambassador-at-Large, will, in the interim, be guided by Jennifer Bachus, a career member of the Senior Foreign Service, as principal deputy assistant secretary for the Bureau. The CDP will include three policy units led by acting deputy assistant secretaries, including international cyberspace security, international information and communications policy, and digital freedom.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Cristina Glebova on Unsplash