I haven’t seen it yet, but I am looking forward to some down time this weekend so that I can check out “The Teenager Who Hacked Twitter,” presented by The New York Times on Hulu. Also in headlines this week, FX announced that it will be working with Tommy Schlamme to develop a new project, “a far-reaching drama series that grapples with the full scope of what the internet has become,” based on Nicole Perlroth’s best-selling novel, This Is How They Tell Me the World Ends: The Cyberweapons Arms Race.
But Congress was less than entertained by the impact cyber weapons have had on US government agencies and private companies. This week, the new CEO of SolarWinds found himself testifying before Congress, which resulted in Microsoft and others appealing to Congress for help when it comes to data breach reporting laws. However, the prepared statement read by CrowdStrike’s Chief Executive George Kurtz turned the blame on Microsoft, noting, “The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network and reach the cloud environment while bypassing multifactor authentication.” Notably absent from the hearings, much to the dismay of Senators Marco Rubio and Susan Collins, was Amazon, whose servers were reportedly used to launch the cyberattack.
All the while, Russia has allegedly attacked Ukraine again. Reports of a DDoS attack against Ukraine were followed by news of another cyberattack targeting document management systems of the country’s public authorities.
And there’s more. Let’s take a look at what else made industry headlines this week.
Feb. 26: DHS Secretary Alejandro Mayorkas said the agency plans to tackle the rise in ransomware attacks, which he reportedly called, “an epidemic that is spreading through cyberspace.”
Feb. 25: OceanLotus, also known as APT32, a hacking group believed to be linked to the Vietnamese government, has reportedly been targeting activists and non-governmental organizations with spyware.
Feb. 24: Survey results show that many organizations lack confidence in their overall cybersecurity posture, due, in part, to continued work-from-home challenges.
Feb. 24: Forbes reported, “…it’s possible that as more localities start adopting it and more legislators start accepting bitcoin contributions, there may be a change in how a new generation of regulators look at cryptocurrency.”
Feb. 24: The CISA issued an alert about a vulnerability in Accellion File Transfer Appliance being exploited worldwide with attackers targeting, “multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors.”
Feb. 23: White House press secretary Jen Psaki said about Biden’s plans to take action against Russia, “We have asked the intelligence community to do further work to sharpen the attribution that the previous administration made about precisely how the hack occurred, what the extent of the damage is, and what the scope and scale of the intrusion is…”
Feb. 23: Since the coup in Myanmar began, the military has actively expanded its efforts to deny users access to the Internet, controlling the dissemination of information.
Feb. 23: According to the Washington Post, “Both acting D.C. police chief Robert J. Contee III and former Capitol Police chief Steven Sund said the intelligence community at large failed to detect key information about the intentions of the attackers and adequately communicate what was known in the run-up to the Capitol riot.”
Feb. 22: After two French hospitals fell victim to ransomware attacks, president Emmanuel Macron pledged to invest €1 billion in a national cybersecurity strategy.
Feb. 22: “From Cambodia to India and the Philippines, countries in Asia have introduced a slew of internet and data use legislation in recent months, with human rights group warning the measures raise the risk of mass surveillance and free speech violations,” Reuters reported.
Feb. 22: A new DDoS vector could reportedly abuse up to 1,520 servers from VPN provider Powerhouse Management, all of which have an exposed 20811 UDP port, according to a security researcher who goes by the pseudonym Phenomite.