Security Week reported yesterday that
The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack.
SecurityWeek has confirmed a Reuters report that the Tor servers associated with the REvil ransomware gang were seized in what was described as a “multi-country” hack-back operation that remains active.
Bleeping Computer discusses this ransomware development and others in its weekly update.
The Wall Street Journal adds that
A criminal organization believed to have built the software that shut down a U.S. fuel pipeline has set up a fake company to recruit potential employees, according to researchers at the intelligence firm Recorded Future and Microsoft Corp. MSFT -0.51%
The fake company is using the name Bastion Secure, according to the researchers. On a professional-looking website, the company says it sells cybersecurity services. But the site’s operator is a well-known hacking group called Fin7, Recorded Future and Microsoft say.
Fin7 is believed to have hacked hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S., federal prosecutors and researchers say.
From the prevention front:
The American Hospital Association has summarized the recent HC3 vulnerability news of interest to the health sector.
CISA has released a presentation on blockchain for the healthcare sector.
Security Week discusses efforts underway to fill encryption gaps.
The Society for Human Resources Management offers an article on reducing cybersecurity risks in hybrid (remote and office) work:
A Tessian survey found that 88 percent of data breaches involved human error.
And in a hybrid work environment, employees may pay less heed to the rules or simply be more likely to make mistakes since they’re not in a formal office, especially if they’re juggling family and other demands. In the Tessian survey, 43 percent of employees said they have made mistakes at work that compromised cybersecurity; 58 percent admitted having sent a company e-mail to the wrong person, often because they were distracted or tired.
“Every CISO [chief information security officer] I’ve spoken to is wondering what work-from-home means in terms of security, when there is zero distance between the office, the living room and the kitchen,” says Robert Holmes, Proofpoint’s vice president and general manager of email fraud defense.
To that end, executives would do well to encourage more cooperation between the technology side of the house and the people side. “This is an area where there’s a huge opportunity for the CHRO [chief human resource officer] and the CISO to have a strong relationship,” [Deloitte cyber leader Emily] Mossberg says. First, they can team up on training programs to increase security awareness. Second, the CISO can help HR strengthen practices, processes and systems to ensure the security of employee data in distributed work environments.