The MSP Hub - Keeping ahead of today’s security challenges Blog

With the increasing adoption of digital and cloud-based business solutions across the world, security challenges have similarly grown and changed.

The solution, of course, is to make sure you keep firmly up-to-date with both the emerging threats and the innovative solutions being developed to curtail them.

We’ve put together here a list of some of the latest and most insightful articles dealing with the issue.

Forewarned is forearmed!

 

3 Key Cybersecurity Trends To Know For 2021 (and On …)

Most business ventures rely on lessons learned to improve outcomes.

They analyse what they did right or wrong to fill gaps and adapt strategies is often a barometer of future success.

The cybersecurity industry needs to follow this heuristic model. In 2021 we are already facing a variety of cyber-attacks and look to lessons learned to close cyber vulnerabilities.

Three trends to focus on include 1) the expanding cyber-attack surface (remote work, IoT supply chain), 2) Ransomware as a cyber weapon of choice, 3) threats to critical infrastructure via ICS, OT/IT cyber-threat convergence.

 

Colonial hack: How did cyber-attackers shut off pipeline?

Investigators at the largest fuel pipeline in the US are working to recover from a devastating cyber-attack that cut the flow of oil.

The hack on Colonial Pipeline is being seen as one of the most significant attacks on critical national infrastructure in history.

The pipeline transports nearly half of the east coast’s fuel supplies and prices at pumps are expected to rise if the outage is long lasting.

How can a pipeline be hacked?

For many people, the image of the oil industry is one of pipes, pumps and greasy black liquid.

In truth, the type of modern operation Colonial Pipeline runs is extremely digital.

 

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

The hackers, which the FBI said are linked to a group called DarkSide, specialise in digital extortion and are believed to be located in Russia or Eastern Europe.

 

Hospitals cancel outpatient appointments as Irish health service struck by ransomware

Ireland’s nationalised health service has shut down its IT systems following a “human-operated” Conti ransomware attack, causing a Dublin hospital to cancel outpatient appointments.

The country’s Health Service Executive closed its systems down as a precaution, local reports from the Irish public service broadcaster RTÉ said, reporting that Dublin’s Rotunda Hospital had cancelled appointments for outpatients – including many for pregnant women.

“The maternity hospital said all outpatient visits are cancelled – unless expectant mothers are 36 weeks pregnant or later,” reported RTÉ, adding: “All gynaecology clinics are also cancelled today.”

Ireland’s National Maternity Hospital, also in Dublin, was similarly affected.

 

Hacking group tied to cyber attack on US pipeline said to have shut down

The criminal cyber cartel blamed for the ransomware attack on a US pipeline that caused petrol shortages for motorists this week has said it is ceasing operations, according to cyber security researchers.

DarkSide, the suspected Russian-based group that the FBI has said was responsible for the attack, has told its affiliates it is shuttering its services, said FireEye, a cyber security group appointed to investigate the incident.

Until now, DarkSide has maintained the ransomware but also rented it out to others via an affiliate programme, taking a cut of any proceeds from attacks that seize control of an organisation’s data or software systems and lock out the owners using encryption until payments are made.

In a post on the dark web, found by researchers at Recorded Future and seen by the Financial Times, it also said it had lost control of much of its public infrastructure — including its dark web blog and the server it uses to accept ransom payments — and that its crypto funds had been seized.

 

West Midlands Railway sent staff fake bonus email in cyber-security test

A train company has been criticised for a “cynical and shocking stunt” after it promised staff a bonus in what was actually a cyber-security test.

West Midlands Trains (WMT) emailed staff to tell them they would get a financial reward for their “hard work” during the Covid pandemic.

But if staff clicked the link for more information they received a second email explaining “this was a test”.

A union described it as “crass and reprehensible behaviour”.

 

Trailer maker Utility targeted in ransomware attack

Utility Trailer Manufacturing, one of the largest U.S. producers of trailers for the trucking industry, was targeted in an apparent ransomware attack that exposed personal information of numerous employees.

The California-based company told FreightWaves that it had “suffered a cyber event” that disrupted some systems temporarily. The company disclosed the incident after the Clop ransomware gang leaked over 5 gigabytes of data to the dark web this week.

Ransomware gangs like Clop typically begin leaking data after victims refuse to pay them. The group blamed for the Colonial Pipeline attack, DarkSide, uses the same tactic.

Clop has hit multiple major companies, including rail operator CSX and the Canadian fuel distributor Parkland.

 

Ransomware victims urged to go to police

Victims of ransomware gangs are being urged to report it rather than pay the criminals behind the attacks.

The gangs use malicious software to scramble and steal an organisation’s computer data and demand money to restore it.

Megan Stifel, executive director of the Global Cyber Alliance, which seeks to reduce cyber risk, told BBC World News that one problem was organisations paying the hackers rather than reporting them to the law.

 

The ransomware surge ruining lives

A global coalition of technology companies and law enforcement bodies is calling for “aggressive and urgent” action against ransomware.

Microsoft, Amazon, the FBI and the UK’s National Crime Agency have joined the Ransomware Task Force (RTF) in giving governments nearly 50 recommendations.

Ransomware gangs are now routinely targeting schools and hospitals.

Hackers use malicious software to scramble and steal an organisation’s computer data.

The RTF has submitted its report to President Biden’s administration.

It argues that “more than just money is at stake” and says that, in just a few years, “ransomware has become a serious national security threat and public health and safety concern”.

 

Cyber-attack hackers threaten to share US police informant data

Washington DC’s Metropolitan Police Department has said its computer network has been breached in a targeted cyber-attack, US media report.

A ransomware group called Babuk is reportedly threatening to release sensitive data on police informants if it is not contacted within three days.

The FBI is investigating the extent of the breach, US media reported, citing the Washington DC police department.

Ransomware is used to scramble computer networks and steal information.

Attackers target companies or organisations and can lock their systems, then demand large sums of money in return for ending the hack.

 

Hackers Accessed Security Cameras Inside Tesla and Beyond

Now that Microsoft’s patches have been out for a while, an array of nation-state and criminal actors are getting more aggressive about exploiting a set of Microsoft Exchange Server bugs that were already under active attack by the Chinese group Hafnium.

Meanwhile, the White House is mulling a response to Russia’s recent, high-profile SolarWinds espionage campaign that compromised data at numerous United States government agencies and private companies around the world.

For the Biden administration, the risk is that too strong a retaliation could erode norms and be seen as hypocritical given that the US and virtually every government engages in digital espionage.

 

Update iOS Right Now to Fix Some Bad Security Bugs

The cryptocurrency world had a mystery on its hands when someone emptied a billion dollars from a bitcoin wallet that had sat untouched for years. (Yes, billion.)

The sleuthing was short-lived; it turned out that the IRS had tracked down the wallet’s owner after establishing that so-called Individual X had amassed the trove in the first place by hacking the Silk Road seven years ago.

It’s the biggest cryptocurrency seizure in US history, and it’s not even close. Law enforcement also shut down a West Virginia man who was allegedly selling 3D-printed machine gun components—barely disguised as wall hangers—to so-called Boogaloo Boys extremists.

 

The Line Between Digital Trade and Security Is Always Blurry: Internet regulators around the world conflate the two, which strains international relations

Questions of how to write internet regulation, in a time where trade and security are increasingly entangled in the digital sphere, are hardly confined to Washington.

Many governments worldwide are grappling with internet regulation, both trying to understand the relationship between trade and security online and often blurring together digital trade and security issues in the process.

Threading those needles in regulation will be a defining tech policy challenge in the coming decades.

If trade and security issues could ever be cleanly separated, that is an increasingly difficult, if not outright impossible, proposition vis-à-vis the internet.

The same communications infrastructure that supports global commerce and scientific research is the one through which governments electronically communicate with spies and on which malicious actors can peddle disinformation.

 

Balancing cybersecurity and accessibility  

The digital aspirations of enterprises shouldn’t be held back by either the fear of cyberthreats or an overly aggressive deployment of protective procedures that slow down operations.

Naturally, every aspect of a digital operation comes with cybersecurity implications, and protecting the organisation, its employees, and its customers is essential.

However, cybersecurity should be seen as an enabler rather than a barrier to digitisation, a role it can adequately fill as long as the systems implemented remain both convenient and secure.

This is achievable through applying quantitative risk analytics, building cybersecurity directly into business value chains, and supporting the next generation of agile, enterprise-optimised platforms.

You can read more here.

Related content

Blog

Providing security services as an MSP

Blog

Wireless Encryption Protocols: The Complete Guide

Blog

10 Top Tech Trends for 2021

Back to top