Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Cybersecurity (Page 1 of 13)

Microsoft Vulnerabilities Report Shows Largest Uptick

Windows-Vulnerabilities-Featured.jpg Is it any wonder Microsoft is rumored to be launching Windows 11, with the Microsoft Vulnerabilities Report showing the largest uptick since the inception of the report? Who could blame Microsoft for wanting to dump Windows 10 and start all over with Windows 11? Microsoft Vulnerabilities Report News of vulnerabilities never seems to make users feel at ease. And while we’ve heard much about the Windows vulnerabilities, we tend to think all operating systems have vulnerabilities – and they do! But some have more – many more – than others. The 2021 Microsoft Vulnerabilities Report… Read more14561097.gif

Source: https://tracking.feedpress.com/link/12555/14561097/microsoft-vulnerabilities-report
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Laura Tucker

How to Reduce the Financial Impact of a Data Breach

bcfa4413.png
Whether there is a ransom or not, data breaches always have financial implications. Organizations may face regulatory penalties, operational losses, and reputational damage. Careful planning can save you time and money.

Read This Article on CloudSavvy IT ›

Source: https://www.cloudsavvyit.com/11952/how-to-reduce-the-financial-impact-of-a-data-breach/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dave McKay

Ransomware attacks ‘are here to stay,’ Commerce secretary says

210606-raimondo-ap-773.jpg

Commerce Secretary Gina Raimondo said Sunday that ransomware attacks “are here to stay,” and that businesses should plan accordingly.

“The first thing we have to recognize,” she said, “is this is the reality, and we should assume and businesses should assume, that these attacks are here to stay and, if anything, will intensify. And so just last week the White House sent out a letter broadly to the business community urging the business community to do more.”

Speaking on ABC’s “This Week With George Stephanopoulos,” the former governor of Rhode Island declined to blame Vladimir Putin’s Russia outright in answering a question on whether the Biden administration should look to punish Russia, which is believed to be the source of some or all of these attacks.

“We are evaluating all the options and we won’t stand for a nation supporting or turning a blind eye to a criminal enterprise,” she said. “And as the president has said, we’re considering all of our options.”

She added: “This week when the president meets with Putin and other world leaders, this will be at the top of the agenda.”

In a ransomware attack, hackers seize control of a business or organization’s computer system by exploiting weaknesses in the security system, then lock up the entire system until a “ransom” is paid. Raimondo said one way to stymie international hackers is to approve Biden’s proposed infrastructure plan.

“Certain components of the American Jobs Plan provide for investments to shore up the nation’s cyber infrastructure,” she told Stephanopoulos.

Raimondo argued that the good news in all this was that businesses can make relatively simple changes to protect themselves against such attacks.

“Some very simple steps like two-factor authentication, having proper backups and backup technology, can be enormously helpful against a wide variety of these attacks. So it is clear that the private sector needs to be more vigilant, by the way, including small- and medium-sized companies,” she said.

Source: https://www.politico.com/news/2021/06/06/ransomware-attacks-commerce-secretary-492005
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: David Cohen

Cyberattack on food supply followed years of warnings

210317-colorado-meat-grocery-store-ap-77

Security analysts from the University of Minnesota warned the U.S. Agriculture Department in late May about a growing danger — a cyber crime known as ransomware that could wreak more havoc on Americans’ food sources than Covid-19 did.

A week and a half later, the prediction became reality as a ransomware attack forced the shutdown of meat plants that process more than a fifth of the nation’s beef supply in the latest demonstration of hackers’ ability to interrupt a critical piece of the U.S. economy.

The hack of the global meatpacking giant JBS last weekend is also the starkest example yet of the food system’s vulnerability to digital threats, especially as internet technology and automation gain an increasing role across farmlands and slaughterhouses. But federal oversight of the industry’s cybersecurity practices remains light, despite years of warnings that an attack could bring consequences ranging from higher grocery prices to contaminated food.

Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy — just voluntary guidelines exist. The two federal agencies overseeing the sector include the USDA, which has faced criticism from Congress for how it secures its own data. And unlike other industries that have formed information-sharing collectives to coordinate their responses to potential cyber threats, the food industry disbanded its group in 2008.

Now, food producers need to face the fact that disruptive cyberattacks are part of what Agriculture Secretary Tom Vilsack calls their “new reality.”

210223-tom-vilsack-getty-773.jpg

National security threats to the agricultural supply chain haven’t received enough attention across the entire federal government, argued Rep. Rick Crawford (R-Ark.), who serves on both the House Intelligence and Agriculture committees.

“Too often agriculture is dismissed as: ‘It’s important but it’s not that big a deal,’” Crawford said in an interview. “If you eat, you’re involved in agriculture. We all need to recognize that it’s a vital industry and this [incident] illustrates that.”

The North American Meat Institute, which represents meatpackers, declined to comment on the state of the industry’s cybersecurity measures or potential changes following the hack.

The downside of ‘enormous technology’

The cry of alarm from the University of Minnesota’s Food Protection and Defense Institute arrived in the most unassuming of packages: as one of more than 180 official comments filed to the USDA related to a presidential order about securing the nation’s supply chains.

“Fast-spreading ransomware attacks could simultaneously block operations at many more plants than were affected by the pandemic,” the institute warned in its May 18 filing, noting that Covid-19 last year forced a shutdown of slaughterhouses that prompted fears of meat shortages and price spikes.

It was just the latest in a series of warnings from national security and law enforcement agencies, private cybersecurity companies and academic researchers.

In November, the cybersecurity firm CrowdStrike said in a report that its threat-hunting service had witnessed a tenfold increase in interactive — or “hands-on-keyboard” — intrusions affecting the agriculture industry over the previous 10 months. Adam Meyers, the company’s senior vice president of intelligence, said that of the 160 hacking groups or gangs the company tracks, 13 have been identified in targeting agriculture.

A 2018 report from the Department of Homeland Security examined a range of cyber threats facing the industry as it adopts digitized “precision agriculture,” while the FBI said in April 2016 that agriculture is “increasingly vulnerable to cyberattacks as farmers become more reliant on digitized data.”

The industry also offers plentiful targets: As the Department of Homeland Security’s cyber agency notes, the ag and food sector includes “an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities,” almost all under private ownership.

For decades, however, most farmers and foodmakers have prized productivity over all else, including security — trying to eke out profits in an industry with chronically narrow margins and meet the growing global demand for food. In the quest for efficiency, meat plants are ratcheting up their processing line speeds and investing in robotics to more quickly carve up carcasses. Farmers are adopting high-tech innovations like drones, GPS mapping, soil sensors and autonomous tractors, with vast data behind it all.

All that connectivity and automation comes at a cost.

“This is part of the downside of having an enormous technology, enormous capacity to turn a lot of data and become more efficient,” Vilsack said. “There are risks associated with that.”

‘No industry is off limits’

The disruption to JBS, which controls nearly a quarter of America’s cattle processing, has raised concerns mainly about the impact on meat markets. USDA data shows wholesale beef prices have steadily ticked higher each day since the hack, with choice cuts climbing above $341 per hundred pounds as of Thursday morning.

Higher prices are just one of many potential consequences. Cyberattacks could also lead to the sale of tainted food to the public, financial ruin for producers, or even the injury and death of plant workers, according to the Food Protection and Defense Institute, a DHS-recognized group.

In its public comments to USDA, the institute highlighted gaping holes in the industry’s preparedness, including a general “lack of awareness throughout the sector” and scant guidance from government regulators. It also noted that large parts of the industry rely on decades-old, custom-written software that is essentially impossible to update, along with outdated operating systems like Windows 98.

“The agriculture industry probably lags behind some of the other industries that have been hit harder by cyber crime” like the financial sector, which has long been a prime target for criminals, said Michael Daniel, president and chief executive of the Cyber Threat Alliance, a nonprofit organization.

However, the JBS hack, just like the ransomware attack on Colonial Pipeline in May and the ensuing gasoline-buying panic, shows that “no industry is off limits,” he added. Ransomware operators “are going to go wherever they think they can extract money.”

Daniel, a cyber coordinator during the Obama administration, said he would recommend that industry executives take basic steps like assessing their companies’ digital preparedness and reviewing federal security guidelines.

“What I would be telling them is: You really need to be thinking about how you manage your cybersecurity risk, just like you manage commodity price risk, just like you manage natural disaster risk, just like you manage legal risk,” Daniel said.

The White House similarly advised all companies on Thursday to harden their defenses, including by installing the latest software updates and requiring extra authentication for anyone logging onto their systems.

Meyers, from CrowdStrike, said seriousness with which cybersecurity is regarded varies “depending on who you’re talking to in the ag industry.” He said multinational conglomerates that have intellectual property worth protecting make it a priority, but “as you get down the food chain, so to speak, they probably think about it less seriously.”

The JBS hack “is the big wake-up call for all these small, medium and large businesses. You can’t stick your head in the sand, and hope it’s not going to happen to you because it is,” Meyers said. “You need to be prepared, and you need to get yourself ready to fight. Because if you don’t, you’re going to be paying a ransom and somebody’s going to be eating your lunch.”

A call for Congress to act

Congress may need to step in to help fix the situation, said Crawford, the House member from Arkansas, who reintroduced legislation earlier this year that would establish an intelligence office within USDA. The office would serve as a conduit for the department to keep farmers informed of threats to their livelihood, including espionage and cyber operations by malign actors.

A key reason the industry isn’t prepared against dangers like ransomware is that the U.S. intelligence community hasn’t considered the national security threats to agriculture as much as it should, Crawford argued.

He added that communication must go both ways: Companies need to have their cyber experts share what they see with their government counterparts. No such requirements exist for the food and ag industry.

“What I would advise the private sector to do is be proactive on these things as possible,” according to Crawford, who is organizing a “business intelligence and supply chain integrity” forum this summer that will feature cybersecurity experts, government officials and representatives from the clandestine community to educate local businesses about digital threats.

USDA has not proposed any significant policy changes following the JBS attack, instead asking food and agriculture companies to take voluntary steps to safeguard their IT and infrastructure from cyber threats. Vilsack on Thursday pointed to guidelines from DHS’ Cybersecurity and Infrastructure Security Agency that companies can adopt for their own protection.

There’s no shortage of policy recommendations from experts in the field. Most proposals involve educating industry leaders and employees, setting minimum standards for cyber safety or improving coordination between companies and agencies.

Another step recommended by the Food Protection and Defense Institute: USDA and DHS should work with the industry to create a cyber threats clearinghouse — known as an “information sharing and analysis center” — to collaborate on studying and addressing digital risks.

Other critical industries, including the electricity and financial sectors, already have their own ISACs, but the food industry does not. Instead, some food and ag companies have joined a broader information-sharing group that covers the information technology industry, said Scott Algeier, executive director of the IT-ISAC.

“They wanted to engage with other companies but did not have an ISAC. So they applied to us,” said Algeier, whose organization also provides a threat-sharing forum for the elections industry.

The nonprofit Internet Security Alliance has called for federal grants and other incentives for food companies to step up their cyber defenses.

“Increasing cybersecurity will cost money, and finding the additional funding will not be simple for the sector since it is governed by tight margins and faces a highly competitive world market,” the group wrote on its website.

Helena Bottemiller Evich contributed to this report.

Source: https://www.politico.com/news/2021/06/05/how-ransomware-hackers-came-for-americans-beef-491936
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Ryan McCrimmon and Martin Matishak

DOJ to Treat Ransomware Hacks Like Terrorism Now: Here’s the Full Memo

29bcb6a15648c3c33add6a618ad07a96.jpg

The U.S. Department of Justice plans to take a much harsher tack when pursuing cybercriminals involved in ransomware attacks—and will investigate them using similar strategies to the ones currently employed against foreign and domestic terrorists.

Read more…

Source: https://gizmodo.com/doj-to-treat-ransomware-hacks-like-terrorism-now-heres-1847027610
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Lucas Ropek

World’s Largest Beef and Pork Supplier Hit by Cyber Attack

5c6a16fa0ef6a4fe0905921b215b4438.jpg

JB Foods, the world’s largest beef and pork processor, was hit by a cyber attack on Sunday that’s incapacitated systems in the U.S., Canada, and Australia according to a new report from Bloomberg News.

Read more…

Source: https://gizmodo.com/worlds-largest-beef-and-pork-supplier-hit-by-cyber-atta-1847006297
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Matt Novak

The SolarWinds hackers aren’t back—they never went away

"And people reliably click on these emails? Really?"

Enlarge / “And people reliably click on these emails? Really?” (credit: Kremlin official photo)

The Russian hackers who breached SolarWinds IT management software to compromise a slew of United States government agencies and businesses are back in the limelight. Microsoft said on Thursday that the same “Nobelium” spy group has built out an aggressive phishing campaign since January of this year and ramped it up significantly this week, targeting roughly 3,000 individuals at more than 150 organizations in 24 countries.

The revelation caused a stir, highlighting as it did Russia’s ongoing and inveterate digital espionage campaigns. But it should be no shock at all that Russia in general, and the SolarWinds hackers in particular, have continued to spy even after the US imposed retaliatory sanctions in April. And relative to SolarWinds, a phishing campaign seems downright ordinary.

“I don’t think it’s an escalation, I think it’s business as usual,” says John Hultquist, vice president of intelligence analysis at the security firm FireEye, which first discovered the SolarWinds intrusions. “I don’t think they’re deterred and I don’t think they’re likely to be deterred.”

Read 11 remaining paragraphs | Comments

index?i=Ac9xzDKtXsE:cQu0qwbsw6s:V_sGLiPB index?i=Ac9xzDKtXsE:cQu0qwbsw6s:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/gadgets/2021/05/the-solarwinds-hackers-arent-back-they-never-went-away/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: WIRED

Microsoft: SolarWinds hackers target 150 orgs with phishing

210528-international-development-ap-773.

BOSTON — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem.

Source: https://www.politico.com/news/2021/05/28/microsoft-solarwinds-hackers-phishing-491317
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Associated Press

Third macOS Zero-Day Attack Takes Advantage through Safari

macOS-Zero-Day-Attack-Featured.jpg There was a time when Macs were considered safe from malware and other ills. Attackers preferred to go after Windows users simply because there were more of them – attackers could get more bang for their buck. That’s been changing, however, with more people owning Macs. This has led to a third zero-day attack on macOS in less than a year, allowing attackers to take advantage in several ways through Safari. Discovery of Third macOS Zero-Day Attack Last August, security experts found XCSSET, a zero-day attack that affected Mac developers. It gave them access to browser cookies and… Read more14497104.gif

Source: https://tracking.feedpress.com/link/12555/14497104/macos-zero-day-attack-safari
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Laura Tucker

It’s ransomware, or maybe a disk wiper, and it’s striking targets in Israel

The flag of Iran.

Enlarge (credit: Getty Images)

Researchers say they’ve uncovered never-before-seen disk-wiping malware that’s disguising itself as ransomware as it unleashes destructive attacks on Israeli targets.

Apostle, as researchers at security firm SentinelOne are calling the malware, was initially deployed in an attempt to wipe data but failed to do so, likely because of a logic flaw in its code. The internal name its developers gave it was “wiper-action.” In a later version, the bug was fixed and the malware gained full-fledged ransomware behaviors, including the leaving of notes demanding victims pay a ransom in exchange for a decryption key.

A clear line

In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that, based on the code and the servers Apostle reported to, the malware was being used by a never-before-seen group with ties to the Iranian government. While a ransomware note they recovered suggested that Apostle had been used against a critical facility in the United Arab Emirates, the primary target was Israel.

Read 11 remaining paragraphs | Comments

index?i=rNGmY81NQ3E:NMru6vXPAIQ:V_sGLiPB index?i=rNGmY81NQ3E:NMru6vXPAIQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/gadgets/2021/05/disk-wiping-malware-with-irananian-fingerprints-is-striking-israeli-targets/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dan Goodin

« Older posts