Hello and welcome to GlobalSign’s weekly cybersecurity news wrap up. There have been some interesting developments over the last several days concerning the SolarWinds hack.
On Thursday, the White House issued a press release accusing the Russian Foreign Intelligence Service, or SVR, of orchestrating it. The statement says that “Cozy Bear” – SVR’s hacking group – is responsible for the “broad-scope cyber espionage campaign.” Further, the US intelligence community has “high confidence” the SVR is the culprit.
The White House announcement comes a day after the Biden administration announced sanctions on Russia, expelled 10 diplomats from the US, and added some restrictions –in response to the hack. It should be noted the actions the US government has taken are also in response to alleged Russian interference in the 2020 election.
This activity comes just days after a senior vice president at the North American Electric Reliability Corp. (NERC) announced at a briefing that 25 percent of US utilities – about 375 -- downloaded the malicious SolarWinds software. That’s a very big figure. Powergrid International content editor Jennifer Runyon explored the deeply concerning matter with GlobalSign’s Lila Kee and energy security consultant Dick Brooks in this article published on Thursday.
In other news, Facebook is facing some hefty GDPR fines now that Ireland’s Data Protection Commission (DPC) is going to investigate the recent data leak of 533 million users. The Commission said that having considered information provided by Facebook, it was of the opinion that one or more provisions the EU’s data regulation (and/or the Data Protection Act 2018) "may have been, and/or are being, infringed in relation to Facebook Users' personal data."
Finally, according to cybersecurity insider Brian Krebs, someone is selling account information for 21 million customers of ParkMobile, including him!
For those unfamiliar with ParkMobile, it’s a mobile parking app that is apparently popular in the U.S. (though I haven’t heard of it until now.) According to Krebs, the stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
Krebs recently discovered through threat intelligence firm Gemini Advisory that his own email address, phone number, license plate numbers for four different vehicles his family has used in the last decade were among the data stolen. Talk about an eye-opening discovery!
There is so much more news to read about, so we hope you’ll stick around to check all of them out.
Thanks as always for taking the time to visit our blog. Have a great weekend!
Top Global Security News
Recorded Future (April 15, 2021) White House formally blames Russian intelligence service SVR for SolarWinds hack
"In a press release today announcing a broad set of sanctions against the Russian government, the Biden administration has formally named the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.
The White House said that SVR’s hacking unit, known as APT 29, Cozy Bear, or The Dukes, “exploited the SolarWinds Orion platform and other information technology infrastructures” as part of a “broad-scope cyber espionage campaign.”
The SVR achieved this by gaining access to the internal network of Texas-based software maker SolarWinds and inserting malware in a version of the Orion IT monitoring application."
TechCrunch (April 14, 2021) Ireland opens GDPR investigation into Facebook leak
"Facebook’s lead data supervisor in the European Union has opened an investigation into whether the tech giant violated data protection rules vis-a-vis the leak of data reported earlier this month.
Here’s the Irish Data Protection Commission’s statement:
'The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet. This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide. The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.'"
ThomasNet (April 14, 2021) 61% of Factories Have Faced a Cybersecurity Incident [Report]
"As factories continue to become 'smarter' through utilizing the Internet of Things, automation, and general interconnectivity, the role of cybersecurity has likewise grown. And according to a new report examining cyber threats to manufacturers, related incidents are actually the norm.
Cybersecurity software firm Trend Micro released a new whitepaper on March 29 based upon the results of a survey of 500 information technology (IT) and operational technology (OT) departments at large manufacturing companies, conducted throughout November 2020.
The resulting sentiment of the survey was that cybersecurity has been an issue for a large majority: 61% of the 500 respondents indicated that their company has experienced a critical incident in its history. Of that, 75% said such an incident resulted in a system outage. Worse yet, of those firms that have had an incident, 43% — or about one-fifth of all respondents — said it resulted in a production shutdown lasting at least four days."
CyberScoop (April 13, 2021) Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says
"About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers, the regulator said on Tuesday.
The electric utilities did not report any significant follow-on activity from the hackers, but the broad exposure of the sector points to the challenges of protecting utilities from supply-chain breaches.
A minority of the electric-sector organizations that downloaded the malicious code used the affected SolarWinds software in their 'operational technology' networks, a broad term for more sensitive software and hardware used to manage industrial operations, according to the North American Electric Reliability Corp. NERC is a not-for-profit regulatory authority backed by the U.S. and Canadian governments."
CyberScoop (April 12, 2021) With court order, FBI removes hundreds of Exchange Server web shells from US organizations
"The FBI has used a court order to remove malicious code from hundreds of U.S. computers running the Microsoft Exchange Server email program, Justice Department officials announced Tuesday.
The court-ordered removal of the web shells, or scripts used by hackers for persistent access, is one of the most aggressive actions taken yet by U.S. government officials or corporate executives to combat the Exchange Server vulnerabilities since Microsoft announced on March 2 that suspected Chinese spies were exploiting them. The alleged Chinese hackers used the flaws to steal emails from targeted organizations, according to private-sector analysts, but an array of scammers have since exploited the bugs for their own purposes."
Bleeping Computer (April 12, 2021) Dutch supermarkets run out of cheese after ransomware attack
"Bakker Logistiek is one of the largest logistics services providers in the Netherlands, offering air-conditioned warehousing and food transportation for Dutch supermarkets.
Last week, Bakker Logistiek suffered a ransomware attack that encrypted devices on their network and disrupted food transportation and fulfillment operations.
'We could no longer receive orders from customers,' Bakker director Toon Verhoeven told NOS. 'And in our warehouses we no longer knew where products were. These are very large warehouses, you don't just go looking for a pallet. We also couldn't plan our transports anymore. We have hundreds of trucks, which was not done by hand either.'
This disruption led to a shortage of certain food products, especially cheese, at the Netherland's largest supermarket chain, Albert Heijn."
Krebs on Security (April 12, 2021) ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users
"Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
KrebsOnSecurity first heard about the breach from Gemini Advisory, a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums. Gemini shared a new sales thread on a Russian-language crime forum that included my ParkMobile account information in the accompanying screenshot of the stolen data.
Included in the data were my email address and phone number, as well as license plate numbers for four different vehicles we have used over the past decade."
Other Industry News
Houston Rockets face cyber attack by ransomware group - Bloomberg
Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack - Bleeping Computer
Cyber Attack Forces Vehicle Emissions Testing Company to Halt Operations in 8 States - The Drive
Global dwell time drops as ransomware attacks accelerate – Dark Reading
High numbers of schools hit by phishing account compromise and ransomware attacks – TechRepublic
Most phishing emails originate from Eastern Europe – Hindustan Times
Detecting the next solar winds attack – The Hacker News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.