Welcome back and happy Friday! It’s been another active week for cybersecurity.
As always there are a plethora of security stories to review. But certainly one of the of the most concerning stories of the week is the ransomware attack on a natural gas facility.
Attackers are increasingly targeting critical infrastructure in the energy and oil and gas sectors, according to security analysts. With the stakes extremely high in this sector, hopefully organizations in this industry are going to take the proper steps to avoid a major attack that has broad impact.
The other major story of the week is in the world of business and it’s a big one: Dell is selling one of the industry’s most well-known companies, RSA. The deal includes several pieces, including the RSA security conference held each year in San Francisco (and begins next week.)
Grab a cup of coffee, and read on!
Top Global Security Stories
Data Breach Today (February 19, 2020) - Ransomware Attack Hit US Natural Gas Facility
"A ransomware attack on a U.S. natural gas compression facility led to a two-day shutdown of operations, according to an alert from the Cybersecurity and Infrastructure Security Agency.
Attackers used a spear-phishing technique to gain access to the facility's information technology network and then pivoted to the operational technology network, according to the alert, which did not identify the facility. From there, attackers planted what the agency called 'commodity ransomware' within both networks that encrypted data throughout the facility.
CISA, the division within the U.S. Department of Homeland Security that's responsible for securing critical infrastructure, says the ransomware incident affected the control and communication assets within the facility's OT network. "
Data Breach Today (February 19, 2020) - Canadian Government Breaches Exposed Citizens' Data
"Data breaches at Canadian government agencies exposed the personal information of approximately 144,000 citizens over a two-year period, according to a report from the Canadian Broadcasting Corp.
The breaches, which had been unreported, only came to light in January when Conservative MP Dean Allison demanded that the country's federal government produce a report for the Canadian House of Commons, according to the CBC. The 800-page report contained details about agency breaches in 2018 and 2019.
In the report, the government admitted that agencies responsible for national defense, healthcare, tax revenue, postal service and immigration all sustained data breaches or accidentally exposed citizen data. The CBC, which is owned by Canada's federal government, also sustained a breach."
Tech Crunch (February 18, 2020) - Dell sells RSA to consortium led by Symphony Technology Group for over $2B
"Dell Technologies announced today that it was selling legacy security firm RSA for $2.075 billion to a consortium of investors led by Symphony Technology Group. Other investors include Ontario Teachers’ Pension Plan Board and AlpInvest Partners.
RSA came to Dell when it bought EMC for $67 billion in 2015. EMC bought the company in 2006 for a similar price it was sold for today, $2.1 billion. The deal includes several pieces, including the RSA security conference held each year in San Francisco.
As for products, the consortium gets RSA Archer, RSA NetWitness Platform, RSA SecurID, RSA Fraud and Risk Intelligence — in addition to the conference. At the time of the EMC acquisition, in a letter to customers, Michael Dell actually called out RSA as one of the companies he looked forward to welcoming to the Dell family after the deal was completed."
Press release (February 13, 2020) - Confronting A Data Privacy Crisis, Gillibrand Announces Landmark Legislation To Create A Data Protection Agency
"U.S. Senator Kirsten Gillibrand today announced her landmark legislation, the Data Protection Act, which would create the Data Protection Agency (DPA), an independent federal agency that would protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent. The DPA will have the authority and resources to effectively enforce data protection rules—created either by itself or congress—and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies.
The DPA would promote data protection and privacy innovation across public and private sectors, developing and providing resources such as Privacy Enhancing Technologies (PETs) that minimize or even eliminate the collection of personal data."
Other Industry Headlines
5G in IoT Starts to Crystallize Industrial IoT Market
Energy Grid News: How to Know You Meet NERC CIP Cybersecurity Requirements
Personal Details of 10.6 Million of MGM Hotel Guests Posted on a Hacking Forum
Mobile Phishing Scam Hits Customers of Big North American Banks
9 Recent Phishing Attacks on Hospitals
Behind the Ransomware Attack on Palm Beach County Elections in 2016, from NPR
Mastercard Announces First European Cyber Resilience Centre
Swiss Government Says Ransomware Victims Ignored Warnings
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.