SAN MATEO, CA, May 9, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Cybersecurity firm discovers Chinese espionage attempt
- SEC adds 20 new positions to Crypto Assets and Cyber Unit to address growing threat
- Biden cybersecurity mandate seen as sign of sign of hope by ex-CISA chief
- Amazon shuts down alexa.com in a bid to tighten cybersecurity measures
- Spanish government spyware scandal heats up with news of prime minister’s cell phone hack
- Google makes over $100,000 worth of tech training free to any US business
- US Treasury Department sanctions virtual currency mixer Blender.io for North Korean money laundering hack
- New “Raspberry Robin” malware discovered via external drive risk
- One year anniversary of ransomware attack on Colonial Pipeline and the Ukraine wakeup call
- Bulgarian National Bank to be included in SANS checkup after suspected Russian hack
- NIST updates cybersecurity guidelines to reflect supply chain risks
- Small Business Week promotes renewed focus on cybersecurity
Cybersecurity firm discovers Chinese espionage attempt
US cybersecurity firm Cyberreason says it has uncovered a sophisticated Chinese government-backed hacking attempt that has targeted more than 30 companies around the world, including those in the defense, aerospace, energy, biotech, and pharmaceutical sectors. According to the report, the hack has been ongoing for at least for 3 years, targeting mostly industrial manufacturers and Fortune 500 companies. Among the data that has been stolen includes designs for clean energy, blueprints for next generation HVAC systems, and network architecture of companies throughout Asia, North America, and Europe. The hacking campaign, known as “Winnti”, has also targeted some smaller assets, such as company emails and customer data, which cybersecurity firm Cyberreason worries may be held hostage for ransom attempts and blackmail. The company has briefed the FBI and the Department of Justice about the threat. The breach is estimated to have cost a possible trillion dollar extraction of value from the US economy due to the scale and scope of the hack. This remains a breaking story, with more developments expected. Read more.
SEC adds 20 new positions to Crypto Assets and Cyber Unit to address growing threat
The Securities and Exchange Commission announced on Tuesday that it plans to add 20 new positions to its Crypto Assets and Cyber Unit. “As more investors access the crypto markets, it is increasingly important to dedicate more resources to protecting them,” said SEC Chair Gary Gensler. “By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity.” This expansion will bring the unit to nearly 50 people dedicated to cybersecurity in the growing US market for crypto. Read more.
Biden cybersecurity mandate seen as sign of sign of hope by ex-CISA chief
Former Cybersecurity and Infrastructure Security Agency (CISA) director Chris Krebs broke down Biden’s recent cybersecurity mandate in his talk with the Hack the Capitol conference this past week. The cybersecurity expert said that Biden’s 2021 executive order was a “reason for hope”, as it weaponized the full power of the purse in order to create more leverage for the federal government to address cybersecurity threats. The expert focused on tougher requirements for federal IT contractors as one of the greatest innovations of the order. Read more.
Amazon shuts down alexa.com in a bid to tighten cybersecurity measures
On May 1, 2022 Amazon officially shut down Alexa.com. The site was popular for its ability to share popular web traffic analysis with users, including the free Alexa “Top Sites” listing. This listing, as well as the Alexa Top 1 Million list, were used by experts in the cybersecurity industry to gauge web traffic from Alexa users as well as security practices of major sources. Industry site DomainTools, for one, provided consumers with Alexa rankings of websites in order to help determine their legitimacy. The closure of Alexa.com and the absence of these lists may signal a greater push for privacy among Amazon users, as well as a loss of the commons when it comes to gauging certain cybersecurity measures. Read more.
Spanish government spyware scandal heats up with news of prime minister’s cell phone hack
The Spanish government announces it will cooperate fully amidst mounting unease over use of the Pegasus spyware device to hack cell phones of Spanish politicians. Cabinet spokeswoman Isabel Rodríguez promised “the utmost collaboration with the legal authorities, including declassifying relevant documents if it proves necessary.” The Pegasus spyware, thought to only be available to government agencies, was shown to have infected the cell phones of scores of people connected to the Catalan separatist movement between 2017 and 2020. On Monday, the government also admitted that the cellphones of both Prime Minister Pedro Sánchez and Defense Minister Margarita Robles had been hacked as well. Read more.
Google makes over $100,000 worth of tech training free to any US business
Google’s Career Certificates program announced a major expansion in its program on Monday, offering over $100,000 worth of free classes in data analytics, design, and other tech industry skills to any US business that wishes to provide its courses to their employees. The new grant program will cover costs fully for up to 500 workers per business, for a program that usually takes about 6 months to complete. According to data collected by the company, up to 75% of those who have completed the virtual courses offered by Google report receiving a career benefit such as a new job offer or higher salary within 6 months after completion. Read more.
US Treasury Department sanctions virtual currency mixer Blender.io for North Korean money laundering hack
In a landmark decision, the US Treasury Department has announced the first time it will use economic blockades against a mixing service. The service, Blender.io, will be sanctioned by the Treasury Department for its alleged role in the hack of Ronin Bridge in March of 2022. Blender.io has been associated with the North Korean money laundering attempt spearheaded by the Lazarus Group. “Blender was used in processing over $20.5 million of the illicit proceeds,” the Treasury Department said in a statement. Mixing services like Blender, also called “tumblers”, are popular due to their ability to securely move cryptocurrency from account to account without leaving a paper trail. Read more.
New “Raspberry Robin” malware discovered via external drive risk
A new Windows-based malware has been discovered that is commonly spread via the use of removable USB devices, such as external hard drives. Researchers think the worm dates back as far as September 2021. According to experts, “Raspberry Robin”, as it is known, “leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.” The malware often appears as a corrupted .LNK file that leads to a legitimate folder. Read more.
One year anniversary of ransomware attack on Colonial Pipeline and the Ukraine wakeup call
This week marks the one year anniversary of the nearly catastrophic Colonial Pipeline hack that affected the Eastern Seaboard in 2021. The ransomware attack, which disrupted fuel availability and drove up gas prices across several states, ushered in a renewed national focus on cybersecurity. Today, experts warn that the war in Ukraine has created even more pressure for companies to invest in cybersecurity measures, to avoid similar national consequences for malware attacks. Read more.
Bulgarian National Bank to be included in SANS checkup after suspected Russian hack
The Bulgarian National Bank and Postal Service are suspected to be targeted by Russian-led hacks, leading to an international push for greater cybersecurity. All 2,900 post offices in Bulgaria, as well as their backup servers, were reportedly shut down by a Russian-style virus according to the office of Deputy Prime Minister Kalina Konstantinova. The attack has affected the Bulgarian postal service for more than 3 weeks. Read more.
NIST updates cybersecurity guidelines to reflect supply chain risks
The National Institute of Standards and Technology (NIST) has updated their cybersecurity guidelines this week to reflect the current state of world supply chain risks. The new policies direct attention towards smaller-scale components among the supply chain, cautioning specifically against malicious functionality, third-party software weaknesses, counterfeit hardware, and poor manufacturing and/or research and development practices. Read more.
Small Business Week promotes renewed focus on cybersecurity
Bridget Bean, Assistant Director for Integrated Operations at the Cybersecurity and Infrastructure Security Agency, released small business-oriented cybersecurity tips and directives in honor of Small Business Week May 2 through 8th. The recommendations include signing up for the National Cyber Awareness System in order to remain up to date on growing threats in the cybersecurity arena. Read more.