The headline news of the week is brought to us by the Wall Street Journal
The Russian government on Friday [January 14] said it had arrested members of the prolific criminal ransomware group known as REvil that has been blamed for major attacks against U.S. business and critical infrastructure, disrupting its operations at the request of U.S. authorities.
Russia’s security service, the FSB, said in an online press release that it had halted REvil’s “illegal activities” and seized funds belonging to the group from more than two dozen residences in Moscow, St. Petersburg and elsewhere. REvil members were arrested in relation to money-laundering charges, the FSB said. It didn’t provide names of any of the suspects.
The arrests included “the individual responsible for the attack on Colonial Pipeline last spring,” a particularly devastating ransomware offensive that led to the main conduit of fuel on the U.S. East Coast being shut down for days, a senior Biden administration official said. A different Russian ransomware gang had previously been linked to the Colonial hack, but security experts and officials have said they are not neatly defined and that individual hackers often overlap.
“We welcome reports the Kremlin is taking law enforcement steps to address ransomware within its borders,” the official said.
Needless to say this development also is the focus of Bleeping Computer’s The Week in Ransomware.
From the log4j front, Healthcare Dive tells us that
— Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said the agency has not yet seen the Log4j vulnerability used for significant intrusions but cautioned that sophisticated threat actors may be lying in wait for cybersecurity defenders to be caught off guard during a lower level of awareness.
— Threat actors have used the vulnerability to install and sell cryptomining software on victims’ computers and to potentially launch future botnet attacks. CISA cannot independently confirm research showing nation-state threat actors developing attacks based on Log4Shell, Easterly said during a presser Monday.
— Microsoft security researchers identified a China-based threat actor, tracked as DEV-0401, exploiting the Log4j vulnerability in systems using VMware Horizon to deploy NightSky ransomware, researchers said in an updated blog.
Federal News Network interviewed about this infamous yulnerability. Gordon Bitko, former FBI chief information officer, now the senior vice president of policy at the Information Technology Industry Council.
Gordon Bitko: Tom, where there’s a difference from SolarWinds. Log4j wasn’t a coordinated — as far as we know — attack by an adversary. It was a vulnerability that was identified, and so the people who are exploiting it now seem more like cybercriminals who were using it as a way to implant ransomware, things of that nature.
Tom Temin: Alright, so you can never rest on your laurels.
Gordon Bitko: That is 100% the case. It is important for everybody doing cybersecurity and their management to understand it’s a race on a treadmill. You can never stop.
Last Wednesday Cyberscoop reported that
Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders.
Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites.
“Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting.
Here’s the White House readout from that meeting. According to that document, the discussion focused on three topics:
Preventing security defects and vulnerabilities in code and open source packages, improving the process for finding defects and fixing them, and shortening the response time for distributing and implementing fixes. In the first category, participants discussed ideas to make it easier for developers to write secure code by integrating security features into development tools and securing the infrastructure used to build, warehouse and distribute code, like using techniques such as code signing and stronger digital identities.
In the second category, participants discussed how to prioritize the most important open source projects and put in place sustainable mechanisms to maintain them.
In the final category, participants discussed ways to accelerate and improve the use of Software Bills of Material, as required in the President’s Executive Order, to make it easier to know what is in the software we purchase and use.
For a government meeting open to you, dear readers:
The Cybersecurity and Infrastructure Security Agency (CISA) is holding virtual mini-Industry Day events throughout this year. These events will allow CISA and industry to have meaningful discussions about cybersecurity capabilities, challenges, top priorities, requirements, and technologies as well as future business opportunities.
The first Virtual Mini-Industry Day will be Wednesday, January 26, at 10 a.m. (EST). This event will provide insight into current and future challenges as well as provide presentations regarding IT FY22 information technology focus areas, FY23-25 foundational work, engineering, information assurance, information technology operations, and records management/governance. To attend, please register by Tuesday, January 18, at 5 pm ET
Finally ZDnet offers its recommendations on
- Password Managers, and