It feels like cybersecurity is in the limelight more than ever. Will this be the beginning of a sea change? We’ve been talking about that around the office. Read on for the news that has really got us thinking this month.
US State Department offering $10 million reward for state-backed hackers
The US State Department is offering a reward in an attempt to harness private citizens’ knowledge about state-backed hackers. The reward encompasses anyone participating in “malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act.” A main focus of the reward is ransomware geared towards critical infrastructure. The notice also makes mention of incidents involving government computers as well as interstates, foreign commerce, and communication.
“This move by the government underscores the critical state we find ourselves in concerning securing our critical infrastructure and businesses/organizations that reside in the U.S. Every day organizations in this country are targeted by adversaries either backed/directed by a nation that’s not an ally or a ransomware gang looking to extort millions.”
“Implementing a reward system is a common practice for law enforcement agencies. The real question is, will this reward system produce the results they desire? Only time will tell. This is an attempt to cover all their bases regarding protecting environments from these sophisticated breaches. At this point, no idea is a bad idea.” — Shunta Sanders, Lead Senior Architect
Source: ZDNet, July 15
Will a New Law Help the Chinese Government Stockpile Zero-Days
A new ruling out of China says that all zero-day vulnerabilities must be disclosed only to the Chinese Government, effective September 1. It prohibits citizens from selling or passing information about zero-days to any party outside of China. This will likely extend to results of private research done in China being controlled by the government.
“This official announcement from China is incredibly important. It shows that they are actively seeking cyberweapons. It appears that escalation of state-backed cyberwarfare is inevitable.” — Fernando, Founder
Source: Security Week, July 14
White House calls on America’s most critical companies to improve cyber defenses
Coming on the back of the numerous attacks in 2021, the White House is calling for all U.S. critical infrastructure companies to improve their cyber defenses. President Joseph Biden signed a national security memorandum on Wednesday, which suggests that additional regulation is on the horizon. This new public-private initiative will create “performance controls” for cybersecurity at America’s most critical companies, including water treatment and electrical power plants.
“Right now this appears to be only a recommendation, but any company that operates a critical infrastructure will now begin to investigate how to improve its cybersecurity. This regulation will promote a greater overall emphasis on security measures, which is always a good thing.” — Member of the Development Team
Source: Reuters, July 28
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
This recent high-severity privilege escalation flaw was discovered in HP printer drivers. Hundreds of millions of Windows machines are affected, and if exploited, cyberattackers would be able to bypass virtually all security products, allowing them to create new accounts or install programs, as well as view, change and delete data. It is ranked 8.8 out of 10 on the CVSS scale, making it high-severity.
“This is really important. This vulnerability makes it clear that you can not rely only on OS vendor antivirus or EDRs to protect your organization. You should set up traps (i.e. deception) within your organization for when (not if) threat actors breach your company.” – Fernando, Founder
Source: ThreatPost, July 20
Microsoft Warns of ‘Evolving’ LemonDuck Mining Malware Targeting Linux and Windows Machines
Microsoft recently warned of users under immediate threat from LemonDuck malware. This malware evolved from a cryptocurrency botnet to a dangerous malware that is capable of stealing credentials, removing security controls, and spreading itself via emails. It is also capable of lateral movement within systems and extremely good at covering its tracks, making it ultimately a very dangerous vulnerability.
“The bottom line is that anything that gains access to machines becomes a gateway for more dangerous threats. Even a malware that is very specific and focused can later evolve into a much more serious threat, which is why it’s so important to detect this type of attack as soon as possible.” – Member of the Development Team
Source: Microsoft, July 22