Today’s Microsoft Teams outage caused frustrations for many people and organizations across the globe. Perhaps, for some it made for an easy Friday. Or, it delayed the start of the weekend. The reality is, when these incidents occur, we are reminded—sometimes quite unfortunately—that we are at the mercy of technology. Confronting that reality also begs the question of whether private companies and state, local, tribal, territorial, and even national government agencies are prepared for a cyberattack.
A new report published by the UK’s National Cyber Security Centre predicts that the global ransomware threat will increase over the next two years as a result of AI enabled technologies that lower the barrier to entry for cybercriminals.
As we have seen with recent attacks on water systems, critical infrastructure is increasingly becoming a target of cyberattacks. This week CISA released guidance for the water sector to help, “limit the impact of destructive attacks.” All of this is to say, it might be time to dust off your incident response plans.
To learn more about threat management and incident response, explore the content available in our Library. Now let’s take a look at what else made industry headlines this week.
Jan. 26: Bloomberg Law News reported, “SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded investors and violated rules on controls.”
Jan. 25: A Microsoft blog post revealed, “The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.”
Jan. 25: Developers can now access the AI model repository, Hugging Face, without a paid subscription thanks to a partnership with Google Cloud.
Jan. 24: The Amazon-owned home surveillance company, Ring, issued a press release announcing that it will be sunsetting a tool that has historically been used by law enforcement to request footage without a warrant.
Jan. 24: AP News reported, “Hewlett Packard Enterprise disclosed Wednesday that suspected state-backed Russian hackers broke into its cloud-based email system and stole data from cybersecurity and other employees.
Jan. 24: A Wall Street securities lending platform, EquiLend, suffered a cyberattack that disrupted operations that could stymie a return to normal for several days.
Jan. 24: Bleeping Computer reported, “Synacktiv Team (@Synacktiv) took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.”
Jan. 23: In response to the Medibank cyberattack Australia has leveraged the power of cyber sanctions against the Russian man alleged to have stolen nearly 10 million records.
Jan. 22: An AI-generated robocall using the voice of President Biden was telling New Hampshire voters not to participate in the primary voting process.
Jan. 22: Infosecurity Magazine reported, “LoanDepot, one of the largest US-based retail mortgage lenders, has confirmed that around 16.6 million of its customers have had their personal information stolen.”