Cyber Security/Protection

Phishing on the rise

The number of “phishing” attacks against the public and private sectors evidently has increased since the COVID-19 outbreak began. Many are targeting employees working from home on virtual private networks as the coronavirus offers online thieves a “huge opportunity.” [node:read-more:link]

Cybercrime takes a hit

An international team led by Microsoft mounted a successful counterattack 11 March against one of the world’s hacker networks which had been stealing data, sending spam and gaining access to countless computers. Believed to be Russia-based, the organization also rented or sold access to the hacked computers to other cyber criminals. [node:read-more:link]

Quest for the “Holy Grail”

The head of the Canadian Centre for Cyber Security, Scott Jones, says it's working on a level of data encryption to enhance government information in the fact of reported increases in privacy breaches and software attacks. “We want encryption when it's being processed so you don't have to decrypt it to do it, and that's something called homomorphic encryption,” he says. “That’s the Holy Grail.” [node:read-more:link]

RCMP short of cyber resources?

Significant resourcing challenges” could compromise RCMP efforts to tackle terrorism and cybercrime, the force says in its latest annual planning report to Parliament. It also says the focus will be on high-priority investigations related to terrorism, foreign interference, organized crime, money laundering, and cybercrime. [node:read-more:link]

White House 5G national strategy

A formal framework for safeguarding 5G telecommunications in the U.S. has been released by the administration. Its seven-page policy document sets out President Donald Trump’s “vision for America to lead the development, deployment, and management of secure and reliable 5G communications infrastructure worldwide, arm-in-arm with closest partners and allies.” [node:read-more:link]

A perfect cyber storm

The huge numbers of employees working from home due to COVID-19 concerns, away from their employers’ IT resources, evidently are being targeted anew by fraudsters. False messages about employment insurance claims or from bogus health-related companies and government agencies are being used to steal personal data or to spread malware. [node:read-more:link]

The disinformation war

The Communications Security Establishment says it has taken down a number of fraudulent COVID-19 sites spoofing the Public Health Agency of Canada, Canada Revenue, and most recently, Canada Border Services Agency. The RCMP says fraudsters posing as the PHAC have told targets that they have tested positive for the virus and should provide credit card information to obtain prescription medicine. [node:read-more:link]

New orders for U.S. intel community

Last year’s SolarWinds cyberattack and its impact on U.S. agencies and IT companies is being assessed within a “full assessment” of alleged Russian involvement. The new White House Press Secretary Jen Psaki, a former State Department spokesperson, says the review ordered by President Joe Biden also will look into “Russian interference in the 2020 election, its use of chemical weapons against opposition leader Alexei Nevalny and the alleged bounties on U.S. soldiers in Afghanistan.” [node:read-more:link]

Major U.S. pipeline security breach

Four days into a shutdown of nearly half of the U.S. east coast petroleum supply due to a ransomware cyberattack, the federal government and Colonial Pipeline were still working today to secure the network. The has disrupted fuel supply, triggering retail sales restrictions and pushing benchmark gasoline prices to a three-year high. [node:read-more:link]

Pipeline company resumes operations

The company that operates the largest U.S. pipeline network, Georgia-based Colonial Pipeline, begun to restart operations May 12, nearly a week after a ransomware attack prompted a shutdown. The loss of 2.5 million barrels of daily capacity caused fuel shortages and panic buying in the southeastern U.S. [node:read-more:link]

New U.S. focus on cybersecurity

Shortly after ransomware prompted a precautionary shutdown of Colonial Pipeline operations in the eastern U.S., the White House issued an executive order designed to change how companies manage and report cybersecurity incidents. A senior official said May 12 that the status quo was “unacceptable.” The order also invalidates contractual obligations that can make IT providers hesitant to share information about network breaches with the government. [node:read-more:link]

Cyber hygiene and security cavities

The U.S. Government Accountability Office believes the Department of Defense needs to improve its cyber hygiene if it is to manage the most common and pervasive cybersecurity risks. While the DOD has three initiatives in progress, they are considered “incomplete” and even unmeasurable because there is no one in charge of reporting on progress. [node:read-more:link]

High-level security reminder

U.S. federal agencies that heeded President Donald Trump’s push to move operations to the cloud are being reminded that security is paramount. “We want to ensure that in these quick migrations that we’ve done, that we fully understand both the positives as well as some of the assumptions we’ve made,” says Matthew Scholl, chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology. He and other officials warn that security could be compromised if vendors aren’t appropriately managed. [node:read-more:link]

Self-certification option ending?

The U.S. Department of Defense is looking for additional insight into how to keep better track of contractors’ cybersecurity practices through its Cybersecurity Maturity Model Certification process. It has issued a request for proposals designed to end self-certification, a proposal which would require third-party audits. [node:read-more:link]

Cybersecurity broadened in U.S.

The U.S. Department of Defense is broadening its Comply-to-Connect (C2C) program to encompass the entire U.S. military in a bid to ensure that any device touching its network complies with DoD cybersecurity standards. Set up by the National Security Agency, the Marine Corps and the Air Force in 2013, C2C continuously analyzes all connected devices such as smartphones and computers to ensure compliance. [node:read-more:link]


Subscribe to RSS - Cyber Security/Protection