Cybersecurity Saturday

From inside the Capital Beltway

Cyberscoop reports that cybermeasures are gaining momentum at federal agencies in response to the President’s May 2021 executive order and increased funding from Congress.

Security Week adds that

The White House on Wednesday released its federal zero trust strategy, requiring agencies to meet certain cybersecurity standards and objectives by the end of fiscal year 2024. * * *

When a zero trust model is implemented, no user, system, network or service operating inside or outside the security perimeter is trusted, and every access attempt is verified.

The latest memorandum from the Office of Management and Budget (OMB) requires agencies to achieve certain goals by the end of 2024. These goals focus on identity, devices, networks, applications and workloads, and data — these are the five pillars described by the zero trust model of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA).

From the Log4j vulnerability front, ZDnet warns that the threat is not over yet.

Despite the absence of immediate mass exploitation, Sophos security’s Chester Wisniewski backs the view that it will be a target for exploitation for years to come. 

Microsoft continues to rate the Log4j vulnerabilities as a “high-risk situation” for companies across the globe and reckons there is high potential for their expanded use. But for now, Wisniewski believes an immediate crisis has been swerved.   

“[T]he immediate threat of attackers mass exploiting Log4Shell was averted because the severity of the bug united the digital and security communities and galvanised people into action. This was seen back in 2000 with the Y2K bug and it seems to have made a significant difference here,” says Wisniewski. * * *

As for the duration of Log4Shell, Wisniewski reckons internet-facing applications will be found and patched or taken offline. But that still leaves a ton of internally vulnerable systems that might never be discovered, hence Log4Shell will live on for years as a favorite target for penetration testers and state-backed threat actors. 

From the cyber-agency front —

  • HC3 released an analyst note “with updated information regarding the BlackMatter ransomware-as-a-service (RaaS) program. While HC3 previously identified multiple healthcare and public health (HPH) sector or health sector- affiliated organizations impacted by this malware, the group has not claimed a victim since October 31, 2021 and appears to have shut down operations. HC3 is reducing the threat level posed by BlackMatter to BLUE or GUARDED.”
  • NIST released version 5 of NIST 800-53A.

This publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security and privacy control assessments that support organizational risk management processes and are aligned with the stated risk tolerance of the organization. Information on building effective security and privacy assessment plans is also provided with guidance on analyzing assessment results.

From the ransomware front, Cyberscoop reports that

The REvil (Sodinokibi) ransomware cooperative’s activity has not slowed down following Russia’s recent move to arrest several alleged members of the group, according to threat intelligence company ReversingLabs.

Two weeks have passed since Russia’s law enforcement agency FSB announced the takedown of the REvil group “at the request of US authorities,” but the ransomware-as-a-service (RaaS) enterprise remains as active as before.

After long being accused of allowing cybercriminals to proliferate within its borders – as long as Russian nationals or organizations are not hurt – Russia appeared set to send a different message with the arrest of 14 members of the REvil gang, even if some saw it as a political move – amidst the increasing tensions at the Ukraine border.

However, as ReversingLabs points out, the high-profile arrests of affiliates did not put a dent in REvil operations. In fact, the group is continuing operations at the very same pace as just before the arrests.

What’s more, here’s a link to the latest edition of Bleeping Computer’s the Week in Ransomware.

This week’s biggest news is about a new ransomware operation called DeadBolt encrypted QNAP [storage] devices worldwide, illustrating how threat actors can still earn a lot of money by targeting consumers and small businesses.

The attacks started on January 25th and have since encrypted over 4,300 QNAP NAS devices where they demand 0.03 bitcoins, worth approximately $1,100, for a decryption key.

The attacks started on January 25th and have since encrypted over 4,300 QNAP NAS devices where they demand 0.03 bitcoins, worth approximately $1,100, for a decryption key.

Finally from the cyberprevention front

  • Cybersecurity Dive informs us about cybersecurity tool trends to watch this year — both from the waxing and waning standpoints.
  • ISACA writes about the important role that company culture plays in maintaining reliable cybersecurity.

Leave a Reply

Your email address will not be published.