Hello and welcome to the latest weekly cybersecurity wrap up from GlobalSign.
Lots to talk about the federal level at the moment. This week, the US government is mulling over new laws that require businesses to report cyberattacks. According to the Wall Street Journal, lawmakers are considering how they’d write the legislations. They’re also aware that while companies who’ve been impacted by an attack want to share their stories to help others – and the government – they’re fearful their disclosures could lead to “bad press and investor panic.”
According to the story, “The Cybersecurity Information Sharing Act of 2015 allows companies to voluntarily share details about threats with the Department of Homeland Security under liability and confidentiality shields.” But when the DHS reviewed the reports last year, it found only about five percent of the 252 participants in the program in 2018 actually handed over information.
Given the massive spike in the activity since 2018, supplying these details might not be voluntary for much longer.
Also, late last week Reuters News Service published an exclusive story regarding a planned Biden administration executive order targeted at software vendors. The order would require the vendors to notify their federal government customers if they experience a cybersecurity breach.
All of the recent federal activity is tied to December’s catastrophic SolarWinds breach.
Speaking of cyber catastrophes, there was lots of talk this week about Cloud IoT device provider Ubiquiti, which in January announced a breach that involved a third-party cloud provider. Supposedly Ubiquiti downplayed it in a report but now a source claims the breach was indeed “catastrophic” to minimize a stock sell off and other problems.
According to noted cybersecurity expert Brian Krebs, an anonymous source told him the breach was massive but despite that “…legal silenced and overruled efforts to decisively protect customers.” The source also claims that customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”
Meantime, in the land of Down Under, top Australian broadcaster Channel Nine along with the Australian Parliament both faced major IT disruptions last weekend. The disruptions meant that parliamentary staff couldn’t access emails on their mobile phones and the hack at Channel Nine resulted in some shows not airing.
Well-known IT managed services provider CompuCom is looking at a loss of over $20 million following a nasty attack earlier this month which impacted many of its systems. Earlier this week the company - a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max) - was still working on restoring service delivery to some customers since the ransomware, but was expected to complete all work by March 31.
In the retail world, the UK’s FatFace, has supposedly forked over $2 million in ransom to attackers. The responsible party is thought to be the Conti ransomware gang. The attack at FatFace occurred in January, during which customer information was stolen.
That’s a wrap for the week. Wishing everyone a terrific weekend!
Top Global Security News
Bleeping Computer (April 1, 2021) Ubiquiti cyberattack may be far worse than originally disclosed
"The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks.
In the short communication, the company said that an attacker had accessed some of its IT systems hosted by a third party cloud provider and that it found no indication of unauthorized activity impacting user accounts.
Despite any evidence of access to any databases with user info, Ubiquiti could not guarantee that user details had not been exposed. Because of this, the company encouraged changing the login password and enabling two-factor authentication."
Wall Street Journal Pro (April 1, 2021) After SolarWinds, Lawmakers Want Companies to Come Clean About Cyberattacks
"The hack of companies and federal agencies through compromised software from SolarWinds Corp. has breathed new life into an old idea: The U.S. must require businesses to report cyberattacks.
Lawmakers are examining how to craft such legislation after executives and government officials told Congress in recent weeks that details on how hackers penetrated their defenses could help the government and companies thwart nation-state hacks.
But structuring such requirements is contentious. While companies welcome disclosures from other organizations, some fear detailing their own incidents could fuel bad press and investor panic, yield legal trouble and give hackers information to use in future attacks."
ABC News Australia (March 30, 2021) How did the cyber attack on Nine and Parliament House happen?
"Both federal Parliament and Channel Nine faced major IT disruptions on Sunday, something one expert said could be a coincidence, but could also be linked to previous malicious attacks like those on Microsoft Exchange servers.
The system disruptions left parliamentary staff without mobile access to their emails over the weekend, while the 'cyber attack' on Channel Nine prevented the broadcaster from airing several programs, including Weekend Today.
The Australian Cyber Security Centre (ACSC) is investigating both incidents."
Graham Cluley (March 28, 2021) FatFace pays out $2 million to Conti ransomware gang
"UK fashion retailer FatFace, which made headlines this week by appearing to ask its customers to keep its cyber attack 'strictly private and confidential', has reportedly paid a $2 million ransom to the criminals responsible.
According to Computer Weekly, FatFace entered negotiations with the Conti ransomware gang soon after it became aware its systems had been breached and customer details stolen in January 2021.
Initially, the Conti ransomware gang is thought to have demanded a 213 Bitcoin ransom be paid (approximately $8 million) – a figure seemingly determined by the criminals’ belief that FatFace’s ransomware insurance covered the firm up to £7.5 million."
Bleeping Computer (March 28, 2021) CompuCom MSP expects over $20M in losses after ransomware attack
"American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems.
CompuCom is an IT managed services provider (MSP) and a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max).
The MSP's workforce of over 8,000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe's."
Reuters (March 25, 2021) Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft
"A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.
A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.
The SolarWinds Corp hack, which came to light in December, showed 'the federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about,' the spokeswoman said."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.