The Wall Street Journal reported on Monday that
The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. SWI -3.19% , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.
In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems [a/k/a “password spraying”], Microsoft said.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain,” said Tom Burt, Microsoft’s corporate vice president for customer security and trust, according to a blog post provided ahead of the announcement by Microsoft on Monday.
Security Week adds that
Microsoft has also made available technical guidance that can help organizations detect attacks launched by Nobelium.
Last month, Microsoft published a blog post detailing a piece of malware used by the threat group to exfiltrate data from compromised servers.
ZDNet delves into the password spraying approach to hacking.
Microsoft’s Detection and Response Team (DART) has outlined two main password spray techniques, the first of which it calls ‘low and slow’. Here, a determined attacker deploys a sophisticated password spray using “several individual IP address to attack multiple accounts at the same time with a limited number of curated password guesses.”
The other technique, ‘availability and reuse’, exploits previously compromised credentials that are posted and sold on the dark web. “Attackers can utilize this tactic, also called ‘credential stuffing,’ to easily gain entry because it relies on people reusing passwords and usernames across sites,” Microsoft explains.
From our Nation’s capital, Cyberscoop informs us that
The Cybersecurity and Infrastructure Security Agency [(CISA)] has begun working to map out the U.S. critical infrastructure that, if hacked, could result in serious consequences for national security and economic interests, CISA Director Jen Easterly said Friday.
Labeling such infrastructure is the subject of a proposal of the Cyberspace Solarium Commission, a congressional committee, which recommended identifying “systemically important critical infrastructure,” or SICI. Lawmakers have introduced SICI legislation in recent months, but Easterly said her Department of Homeland Security agency is proceeding ahead with or without a bill.
Moreover, per Cyberscoop
Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity.
National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday. * * *
DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in the federal government, and as Deputy National Security Adviser Anne Neuberger probes ways for the U.S. to combat ransomware.
In an interview with The Washington Post that published Thursday, Inglis said the coordination with DeRusha should benefit federal agency cyber officials. “Particularly if you’re a chief information security officer, you’ll see us speaking complementary ways and using our resources in a collaborative manner,” he said.
Also HHS’s Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules, issued its Fall 2021 Cybersecurity Newsletter. This newsletter’s topic is securing legacy systems.
Health IT Security explores the value of applying the zero trust model to health data.
Under the watchful eye of a zero trust security model, no device or user is automatically trusted before being vetted by strict authentication processes. Zero trust is not a single technology or tactic, but a set of cyber defenses that collectively look for threats outside and within a network perimeter.
Implementing a zero trust architecture could make a life-or-death difference in how healthcare organizations operate and respond to cybersecurity incidents. * * *
HC3 recommended that organizations begin zero trust implementation by employing a software-defined perimeter (SDP). SDP is a computer security approach that effectively hides internet-connected infrastructure, such as servers and routers, so that unauthorized third parties cannot see it. With this approach, the network perimeter is based in software rather than hardware and is less vulnerable to hackers.
Organizations should also consider Mesh VPNs, which use a peer-to-peer (P2P) architecture so that every device in the network can connect directly to a peer without going through a central gateway. Mesh VPNs are typically less expensive and easier to scale, HC3 noted.
Healthcare organizations may also benefit from a modern network access control (NAC) platform that can enforce access control and identify every device and user on the network before granting access. This approach provides continuous monitoring and ensures that every device and user is authenticated and trusted.
And as alway here’s a link to Bleeping Computers weekly report on ransomware.