Hi everyone. Thanks for stopping by our blog! As always, there is plenty of news to report.
Lots of interesting activity in Washington, D.C., this week where it appears that December’s SolarWinds attack was the straw that (finally) broke the camel’s back.
First, the Department of Justice has created a new task force to tackle the escalation in ransomware attacks in the U.S. According to the Wall Street Journal, an internal memorandum issued by Acting Deputy Attorney General John Carlin calls for a completely new approach to undermine ransomware extortion schemes. The plan outlined in the memo “calls for developing a strategy that targets the entire criminal ecosystem around ransomware, including prosecutions, disruptions of ongoing attacks and curbs on services that support the attacks, such as online forums that advertise the sale of ransomware or hosting services that facilitate ransomware campaigns.”
The new task force is a union of sorts. It will include the Justice Department’s criminal, national security and civil divisions, the FBI and the Executive Office of U.S. Attorneys. The latter supports nearly 100 top federal prosecutors across the country. The task force also intends to increase collaboration with the private sector, international partners and other federal agencies such as the Treasury and Homeland Security departments.
Also, this week the Biden administration announced a 100-day plan aimed at protecting the electric grid against cyberattacks. The effort will be led by the Department of Energy in partnership with CISA and the electricity sector. According to The Hill the plan includes “aggressive but achievable milestones and will assist owners and operators as they modernize cybersecurity defenses, including enhancing detection, mitigation, and forensic capabilities.”
The rollout of the plan comes weeks after the administration was criticized for not including cybersecurity initiatives to protect critical infrastructure.
The other major story of the week, and very much in line with the new DOJ task force, Apple supplier Quanta is the victim of an attack. Ransomware group REvil demanded the incredible sum of $50M. Quanta refused, so now the attackers want Apple to pay the ransom.
REvil announced on Tuesday it had accessed Quanta’s internal computers. In doing so, the group managed to obtain 15 images/schematics of unreleased MacBooks which include "specific component serial numbers, sizes and capacities detailing the many working parts inside" of a MacBook.
That’s it for this week. Thanks again for checking out our blog. Have a terrific weekend!
Top Global Security News
CNET (April 21, 2021) New DOJ task force to take on ransomware, says report
"The Department of Justice has formed a new task force aimed at tackling the growing threat of ransomware in the US, according to a Wednesday report from The Wall Street Journal. The multiagency effort involves a collaboration with private sector and international partners in a bid to undermine the ransomware distribution chain, the Journal said.
Citing an internal memorandum issued this week, the Journal reports that Acting Deputy Attorney General John Carlin is looking to use a multipronged approach to undermine ransomware extortion schemes. Prosecutions are part of the plan, as is a DOJ effort to bring down the digital shops that support the attacks: the hosting services behind ransomware campaigns, and the online forums where hackers can find ransomware for sale."
MacRumors (April 21, 2021) Unreleased MacBook Schematics Stolen in $50 Million Ransomware Attack on Apple Supplier
"As Apple held its 'Spring Loaded' event where it unveiled brand new iPad Pros, a redesigned iMac, and the long-awaited release of AirTags, one of its main MacBook suppliers was undergoing a ransomware attack worth $50 million.
As reported by Bloomberg, the ransomware group called REvil, publicly declared early on Tuesday that it had accessed the internal computers of Apple supplier Quanta Computer Inc, based in Taiwan. Through the attack, REvil managed to obtain 15 images/schematics of unreleased MacBooks which include "specific component serial numbers, sizes and capacities detailing the many working parts inside" of a MacBook, per documents and blog posts seen by Bloomberg.
While Quanta Computer, the supplier at the center of attacks, works with HP, Facebook, and other tech companies, the ransomware group is specifically targeting Apple. In its blog, the group is demanding that Apple pay an undisclosed ransom for the images/schematics they obtained via the supplier by May 1."
The Hill (April 20, 2021) Biden administration kicks off 100-day plan to shore up cybersecurity of electric grid
"The Biden administration on Tuesday announced it was kicking off a 100-day plan aimed at protecting the electric grid against cyberattacks.
National Security Council spokesperson Emily Horne said Tuesday that the effort will be led by the Department of Energy in partnership with the Cybersecurity and Infrastructure Security (CISA) and the electricity sector.
Horne noted in a statement that the plan was 'a pilot of the Administration’s broader cybersecurity initiative planned for multiple critical infrastructure sectors.'"
InfoSecurity (April 21, 2021) Codecov Supply Chain Attack May Hit Thousands: Report
"Experts have urged organizations to reassess cyber-risk in their supply chains as it emerged that hundreds of customers of a software auditing company had their networks accessed illegally.
Originally thought only to have affected the supplier, San Francisco-based Codecov, the incident is now believed to have been a deliberate supply chain attack likened in sophistication to the SolarWinds operation.
Investigators told Reuters that the attack had already led to hundreds of customers’ networks being accessed. Codecov’s customer-base of around 29,000 includes many big tech brands such as IBM, Google, GoDaddy and HP, as well as publishers (The Washington Post), consumer goods firms (Procter & Gamble) and many more."
InfoSecurity (April 20, 2021) Campus Still Closed as Portsmouth University Reels from Suspected Ransomware
:Key IT systems at the University of Portsmouth continue to remain offline this week after a supposed ransomware attack, delaying the start of the new term.
A notice on the university’s homepage doesn’t explicitly name ransomware as the cause of the 'cyber incident,' but the 'ongoing technical disruption' it describes is a tell-tale sign of such attacks. However, The News has reported that it has seen an email from the university claiming it suffered a ransomware attack.
Although it was due to open on Monday for the start of the summer term, the university campus will continue to remain closed to students until Wednesday, according to a BBC report."
PropertyCasualty360 (April 20, 2021) Insurance carriers are attracting hackers at a hastened pace
"Instant-quoting tools and other digital advancements developed to enhance consumers’ experiences are also drawing the attention of hackers, which have been increasingly targeting the industry, according to security company Sontiq.
Carriers’ automated quoting websites are the primary entry point for cybercriminals to access non-public information (NPI) on customers, the identity security firm reported. As the industry has accelerated adoption of faster-quoting processes and tools, new vulnerabilities have opened. Sensitive data that have been compromised includes addresses, VINs, drivers’ license details and household member information.
'Cybercriminals have exploited legitimate web de-bugging tools to access the data in transit from third-party data providers that populate the carriers’ sites,' Sontiq stated in a release. The stolen data are often leveraged in fraud events or losses for these individuals as hackers use the details to build more complete consumer profiles."
Other Top Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.