Cybersecurity Saturday

It turns out that this has been that National Supply Chain Integrity month’s theme for this week has been understanding supply chain threats. “Recent software compromises and other security incidents have revealed how new and inherent vulnerabilities in global supply chains can have cascading impacts that affect all users of ICT within and across organizations, sectors, and the National Critical Functions. To help organizations understand these threats and how to mitigate them, CISA’s ICT Supply Chain Risk Management (SCRM) Task Force developed the Threat Scenarios Report that provides acquisition and procurement personnel and others with practical, example-based guidance on supplier SCRM threat analysis and evaluation.”

Cyberscoops reports that

At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency.

Multiple agencies have been breached, but just how many is unclear. “We’re aware of 24 agencies running Pulse Connect Secure devices, but it’s too early to determine conclusively how many have actually had the vulnerability exploited,” Scott McConnell, a spokesman for DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop on Wednesday.

FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon.

A security fix for the previously unknown software vulnerability exploited by the hackers won’t be available until next month, according to Ivanti, the Utah-based firm that owns Pulse Connect Secure.

FireEye also discovered the SolarWinds hack. Here is a link to the CISA emergency directive on this latest hack.

The Wall Street Journal informs us that

The Justice Department has formed a task force to curtail the proliferation of ransomware cyberattacks, in a bid to make the popular extortion schemes less lucrative by targeting the entire digital ecosystem that supports them. In an internal memorandum issued this week, Acting Deputy Attorney General John Carlin said ransomware poses not just an economic threat to businesses but “jeopardizes the safety and health of Americans.” * * *

The memo calls for developing a strategy that targets the entire criminal ecosystem around ransomware, including prosecutions, disruptions of ongoing attacks and curbs on services that support the attacks, such as online forums that advertise the sale of ransomware or hosting services that facilitate ransomware campaigns.

The task force will consist of the Justice Department’s criminal, national security and civil divisions, the Federal Bureau of Investigation and the Executive Office of U.S. Attorneys, which supports the 93 top federal prosecutors across the country. It will also work to boost collaboration with the private sector, international partners and other federal agencies such as the Treasury and Homeland Security departments.

CSOonline reports that

Faced with increasing payouts and a likely storm of litigation around the recent SolarWinds and Microsoft Exchange server compromises, cyber insurers are facing an “existential battle” for their future, a leading cybersecurity researcher and privacy consultant has warned. Likewise, businesses are grappling with whether to get cyber insurance, over doubts about payouts if attacked from the conflicted cyber insurance industry.

Nevertheless, purchasing cyber liability insurance remains a no-brainer decision in the FEHBlog’s opinion.